By identifying key players, quantifying relative influence, and assessing the competitive landscape, FP Analytics breaks down complex foreign policy issues by mapping out spheres of influence and the risks and opportunities these topics present. LEARN MORE
Global Data Governance
Part One: Emerging Data Governance Practices
UPDATED: Sept. 15, 2021
PUBLISHED: May 13, 2020
In FP Analytics’ Power Map, 5G Explained, we detailed the complex physical infrastructure necessary to create 5G networks and broke down the issues surrounding the control of that infrastructure, setting of international standards, bandwidth ownership, and security. In Part I of this series, we examine the emerging regulatory challenges surrounding governance of the data and information that flow through not only 5G networks, but digital infrastructure globally. While 5G networks will be vast, they represent only a fraction of the interconnected computer networks that the entirety of the Internet comprises. As the Internet serves as the circulatory system allowing data to flow to connected users globally, data represents the lifeblood of this system. How it is allowed to move throughout this system has immense consequences for governments, companies, and individuals and has catalyzed governments to regulate data flows at micro and macro levels. Emerging global data governance practices are already impacting the competitive landscape for companies around the world and helping determine how individual users and organizations interact with the rapidly digitizing global economy.
Executive Summary
Data governance has long been the domain of corporate and organizational strategy, lending a competitive advantage to those able to optimize their data collection, organization, transfer, and discovery practices. With the increasing digitalization of organizations and economies, data governance—and clear establishment of data collection standards, storage, transfer and use protocols—is becoming an increasingly pressing and global issue.
While intellectual property and proprietary data have long been governed through strict legal frameworks, relatively scant protections have existed for user data and personal information. This lax regulatory environment for consumer data in particular has enabled the rise and dominance of global tech companies from Facebook and Google to Baidu and Tencent and has spurred a wave of privacy-focused regulation around the world.
In FP Analytics’ Global Data Governance Power Map series, we examine the emerging laws, regulations, and technologies that are both enabling greater data collection and impacting cross-border data flows. By cataloging the data localization laws, comprehensive national data regulations, government data collection, monitoring and surveillance technologies, and cybersecurity norms and standards shaping the global data governance landscape, we identify and analyze the wide-ranging impacts for individuals, companies, governments, multilaterals, and non-profits.
Emerging data regulations are fundamentally altering how organizations of all types operate internationally. Major data privacy frameworks developed by first movers are serving as templates for other national frameworks under development, many of which are being tweaked to suit prevailing governments’ domestic agendas. For example, the recent passage of the EU’s General Data Protection Regulation (GDPR) and China’s Cybersecurity Law—two of the most comprehensive packages of data privacy regulations—have already had cascading impacts on businesses and organizations in these markets and on their trading partners. In 2017, U.S. firms cited data localization policies as their number-one impediment to digital trade, and these types of protectionist measures are rapidly proliferating worldwide. And that is just the beginning.
Simultaneously, many national governments are crafting exemptions to their data privacy laws, empowering them to expand monitoring capabilities and build up massive data collection infrastructure. New digital technologies, such as artificial intelligence (AI), biometric monitoring and facial-recognition software, are making data collection increasingly efficient. The onset of the COVID-19 pandemic accelerated the adoption of these technologies as governments began rapidly deploying surveillance technology to enforce quarantines and track the spread of the coronavirus. This mass accumulation of sensitive data can have transformative impacts on societies but pose new cybersecurity and privacy risks as regulation struggles to match the pace of technological advancement.
FP Analytics’ Data Governance Power Map series breaks down key emerging trends in global data governance by:
- Pinpointing emerging global data governance trends;
- Cataloguing specific data localization and data privacy laws by country;
- Mapping encryption policies around the world;
- Charting the global sales of data collection and surveillance technology; and
- Exploring cybersecurity and privacy risks and the implications for businesses and individuals.
FP Analytics provides the most comprehensive assessment and mapping of data localization and privacy laws to date, as well as one of the most complete assessments and mappings of government data collection and regulation trends around the world. It is a powerful tool for businesses and others seeking to understand how evolving global governance regimes are shaping our digital world.
Introduction
Increasingly, government regulation is impacting the global flow of data, with varying, interconnected factors and incentives driving this proliferation of regulation. Specifically, governments are debating what information qualifies as personal data, and how private and public entities can collect, utilize, transfer, and monetize this data. The myriad measures implemented to date reflect a delicate balance of political, economic, and social factors, influenced by government officials, private companies, and citizens. Regulators around the world face the challenge of balancing nuanced and fraught issues of access and privacy, support for economic development, and establishing a functional, cross-border framework for the international transfer and collection of compounding volumes of data. Additionally, multiple parties must ensure data security across governmental, commercial, and personal realms. Varying efforts to craft regulations that optimize for national interests and constituencies are producing an increasingly complex mix of global Internet and data regulations expressing differing visions for how digital infrastructure should ultimately function, how big data is managed, and by whom. In this Power Map series, we break down the most comprehensive and impactful of these regulations and explain what they mean for businesses and citizens in our increasingly digital world.
The Digital Economy and Drivers Behind Increasing Regulation
The massive volume of data flowing through global digital networks fueled the rise of many of the world’s largest companies, including global behemoths such as Alphabet and Tencent. It spawned multinational social media companies, such as Facebook and WeChat, allowing individuals to generate, access, and spread information at unprecedented rates. But new regulations are threatening to break up the party. The data collection practices upon which these companies’ business models are predicated are coming under increasing scrutiny from governments concerned about domestic and foreign companies’ collection and handling of their citizens’ data. This concern, coupled with some governments’ desire to expand their own digital economies and tax bases, is accelerating the global proliferation of data-related laws—from privacy, to data security, to data localization—as these government officials and regulators attempt to assert authority and capture value.
Key Takeaways
-
The Issue
U.S. and Chinese companies dominate the global digital landscape. The digital economy accounts for 15.5 percent of world GDP, with the combined value of Internet platform companies—such as Alphabet (Google) and WeChat—accounting for roughly 9.4 percent of world GDP (roughly $7 trillion, larger than the GDP of any country in the world besides the U.S. or China). The vast majority of revenues accrue to a handful of U.S. and Chinese companies whose power and influence continue to grow as they collect and monetize data from citizens around the world.
-
The Reaction
Governments’ increasing concern over foreign companies’ collection and monetization of user data is a primary driver of digital regulation. The rise of data privacy, security, and localization laws to protect citizens’ data rights and countries’ economic interests, while boosting individuals’ control over their data, is creating an increasingly complex legal and regulatory environment while raising operational and compliance costs for multinational companies operating across borders.
-
What’s at Stake
While offering some protection for domestic companies, onerous and conflicting data governance regimes and regulations risk companies’ market access and further value creation in the digital economy Beyond threatening to create different regulatory regimes, government intervention in the market could push major tech companies to break up, or fundamentally change the rules of the Internet.
Data Localization and Its Commercial Implications
Data localization laws encompass the full range of restrictions a country places on foreign collection, storage, and transfer of its citizens’ data. Government regimes are taking different approaches to data localization; for example, Russia has the most restrictive data localization measures in place, and the U.S. is the strongest advocate for open borders with respect to data transfer. The methods that countries use to enforce and enact data localization regulations substantially impact how international companies can operate within their borders, with consequences for commercial activity both domestically and internationally.
Key Takeaways
-
The Issue
Four distinct approaches to data localization regulation and implementation largely determine how companies’ digital operations can function within a country. They include: no restrictions, conditional restrictions, local copy requirements, and local data storage mandates. Without one uniform method for regulating international data flows, multinational firms will need to adjust practices to comply with the distinct laws of each market in which they operate.
-
The Reaction
Some countries stand to benefit economically from data localization, but widespread global barriers on data transfers risk lower global growth overall. Data localization practices restrict the flow of data and raise costs for international tech companies, fragmenting markets and threatening to hinder global growth. Despite the potentially adverse economic impacts globally, data localization measures are continuing to be implemented as countries’ concerns with foreign data collection and governments’ attempts to limit their operations increase.
-
What’s at Stake
Data localization restrictions threaten to deny or limit access to major data-reliant international corporations, including in key developing markets where the majority of future growth could occur, such as India and Vietnam. On a broad scale, data localization regulations stand to seriously disrupt the free cross-border flow of data, which has enabled the rise of digital commerce for the past few decades.
Beyond Data Localization: Other Influential Data Regulations and Emerging Data Governance Practices
In addition to data localization, varying economic, political, and social factors are driving governments to craft other data governance measures. Due to each country’s unique regulatory environment, data governance practices can differ significantly globally. However, common frameworks, particularly for data privacy laws, are emerging. As with GDPR, to date, a few influential countries with significant market power are leading the way by enacting comprehensive data regulation laws.
Key Takeaways
-
The Issue
Led by the EU and China, countries with large domestic markets and significant global influence are defining data governance trends internationally. Within the past four years, the EU, China, India, and Brazil all enacted or drafted comprehensive data regulations focused on their national interests. These regulations are reshaping the global data governance landscape and are being emulated, revised, or adapted by other nations with similar interests.
-
The Reaction
Variations within and among data governance regimes are disrupting multinationals’ ability to operate in the global digital economy and raising costs. Data regulations are fundamentally dividing cyberspace into different spheres and upending businesses’ ability to operate seamlessly across borders, forcing businesses to adhere to a complex mix of often conflicting regulations in order to operate within different national borders.
-
What’s at Stake
While aiming to protect privacy more effectively, the layering of data regulations is making operating internationally in the digital economy more complicated and costly. Despite the GDPR and similar data privacy laws being enacted largely in response to the international dominance and data collection practices of large U.S. tech companies, a more complicated regulatory landscape will likely favor larger and more established firms, as they can better bear the increased legal costs and potential fines.
Navigating an Increasingly Fractured Future
The implementation of new and updated data governance regulations across the world is fundamentally changing the business landscape across the digital landscape. Data localization requirements, more comprehensive and widely enforceable data privacy laws, and increased cybersecurity laws (which will be explored in Part II of this series) are creating a complicated and increasingly costly web of regulations for businesses to navigate. These factors stand to impact small businesses disproportionately, though increasing compliance costs have been a major point of contention for large businesses as well. However, with the recent adoption of comprehensive privacy laws in major e-commerce markets, data regulation is likely to continue to accelerate. While privacy laws to date have been passed to protect users’ data from being exploited by large international companies and foreign governments, there is a concurrent wave of data privacy laws around the world that are enabling governments to have sweeping access to user data. These laws range from China’s Cybersecurity Law (elements of which we have covered in this section) to the Patriot Act in the U.S. For individuals, the amount of data being accessed by governments through surveillance and requests to private companies is rising sharply. Simultaneously, governments are embarking on a drive to repeal cybersecurity provisions, such as end-to-end encryption as in the case of the U.S.’s EARN IT Act, in order to collect citizens’ data more effectively. In Part II of our Data Governance Power Map series, we dive into these and other measures and how governments are increasing their data collection efforts globally, and what this means for businesses and private citizens.
Written by Christian Perez. Edited by Allison Carlson. Copyedited by David Johnstone. Design by Andrew Baughman and Jon Benedict. Development by Andrew Baughman. Art direction by Lori Kelley.

Learn more about how FP Analytics can enable your organization to act strategically through data-driven insights at ForeignPolicy.com/FP-Analytics.
References
- Agrawal, R. (2020, April 23). Why Facebook Is Betting Big on India. Foreign Policy. Retrieved April 23, 2020, from https://foreignpolicy.com/2020/04/23/facebook-betting-big-india-investment-reliance-jio/
- Albright Stonebridge Group. (2015, September). Data Localization: A Challenge to Global Commerce and the Free Flow of Information. Retrieved April 15, 2020, from https://www.albrightstonebridge.com/files/ASG%20Data%20Localization%20Report%20-%20September%202015.pdf
- Ankeny, C. (2016, April 17). The costs of data localization. Information Technology Industry Council. Retrieved March 26, 2020, from https://www.itic.org/news-events/techwonk-blog/the-costs-of-data-localization
- Basu, A., & Sherman, J. (2020, January 28). Key Global Takeaways From India’s Revised Personal Data Protection Bill. Lawfare. Retrieved April 8, 2020, from https://www.lawfareblog.com/key-global-takeaways-indias-revised-personal-data-protection-bill
- Bauer, Matthias, et al. (2016, May 10). Tracing the Economic Impact of Regulations on the Free Flow of Data and Data Localization. Centre for International Governance Innovation. Retrieved April 15, 2020, from https://www.cigionline.org/publications/tracing-economic-impact-regulations-free-flow-data-and-data-localization
- Bowman, C.M. (2015, November 17). A primer on Russia's new data localization law. Privacy Law Blog. Retrieved April 15, 2020, Retrieved April 9, 2020, from https://privacylaw.proskauer.com/2015/08/articles/international/a-primer-on-russias-new-data-localization-law/
- Brandom, Russell (2018, May 25). Everything you need to know about GDPR. The Verge. Retrieved March 25, 2020, from https://www.theverge.com/2018/3/28/17172548/gdpr-compliance-requirements-privacy-notice
- Bundesministerium der Justiz und für Verbraucherschutz (Federal Ministry of Justice and Consumer Protection). (2017, July 12). Act to Improve Enforcement of the Law in Social Networks (Network Enforcement Act). https://www.bmjv.de/SharedDocs/Gesetzgebungsverfahren/Dokumente/NetzDG_engl.pdf
- Center for Strategic & International Studies. (n.d.). Global Cyber Strategies Index.https://csis-website-prod.s3.amazonaws.com/s3fs-public/Cyber%20Regulation%20Index%20V2%20%28002%29.pdf
- Chander, A., & Le, U. (n.d.). (2015) Data Nationalism. Emory Law Journal. 64(3), 677. https://law.emory.edu/elj/_documents/volumes/64/3/articles/chander-le.pdf
- Chivot, E., & Castro, D. (2019, June 17). What the Evidence Shows About the Impact of the GDPR After One Year. Center for Data Innovation. https://www.datainnovation.org/2019/06/what-the-evidence-shows-about-the-impact-of-the-gdpr-after-one-year/
- Colaner, S. (2020, May 18). The technologies the world is using to track coronavirus—and people. VentureBeat. https://venturebeat.com/2020/05/18/the-technologies-the-world-is-using-to-track-coronavirus-and-people/
- Congressional Research Service. (2019, March 11). Data Flows, Online Privacy, and Trade Policy. https://fas.org/sgp/crs/row/R45584.pdf
- Congressional Research Service. (2021, January 15). U.S. Export Control Reforms and China: Issues for Congress. https://fas.org/sgp/crs/natsec/IF11627.pdf
- Conner-Simons, A. (2020, April 14). CSAIL device lets doctors monitor COVID-19 patients from a distance. MIT CSAIL. https://www.csail.mit.edu/news/csail-device-lets-doctors-monitor-covid-19-patients-distance
- Council of Europe. (2014). Budapest Convention and related standards. https://www.coe.int/en/web/cybercrime/the-budapest-convention
- Data Protection Commissioner v Facebook Ireland and Maximillian Schrems. (Court of Justice of the European Union July 16, 2020).
- Deloitte. (2020, April 7). Brazilian General Data Protection Act. Retrieved April 13, 2020, from https://www2.deloitte.com/br/en/pages/risk/articles/lgpd.html
- Digital Realty. (2018). Data Economy Report 2018. https://go2.digitalrealty.com/rs/087-YZJ-646/images/Report_Digital_Realty_1805_Data_Economy_Report_2018.PDF?mkt_tok=eyJpIjoiWlRJME9XTXpOalF4TURjNCIsInQiOiJ6QmNJdmtTRGUzZ1wvUHBkRFMwdEYxYU02RjRjSnJueUNqZUdUZlYzYkR1QWRyeEtEZ25GbitpVXF0dGRQMGtIcUZVNXBOaERFd1RZWVJzZ0RcL3lnVVZqbFVlSWxRREZIVlAzNzhDanM5eW5jbGQ5ZE1CT1dKSEIxcDhwbjZWSWhQIn0%3D
- Dillinger, J. (2019, September 6). List of Countries By Internet Users. WorldAtlas. Retrieved April 14, 2020, from https://www.worldatlas.com/articles/the-20-countries-with-the-most-internet-users.html
- DLA Piper. Breach notification. (n.d.). Data Protection Laws of the World. Retrieved April 13, 2020, from https://www.dlapiperdataprotection.com/index.html?t=breach-notification&c=RU
- Economy, E. (2018, July 4). The great firewall of China: Xi Jinping’s internet shutdown. Retrieved January 11, 2021, from The Guardian website: https://www.theguardian.com/news/2018/jun/29/the-great-firewall-of-china-xi-jinpings-internet-shutdown
- Emmanuel Pernot-Leplay. (2020, March 27). Data Privacy Law in China: Comparison with the EU and U.S. Approach. Retrieved April 20, 2020, from https://pernot-leplay.com/data-privacy-law-china-comparison-europe-usa/
- European Commission. (n.d.). Commission Implementing Decision pursuant Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the United Kingdom. Retrieved July 23, 2021, from https://ec.europa.eu/info/sites/default/files/draft_decision_on_the_adequate_protection_of_personal_data_by_the_united_kingdom_-_general_data_protection_regulation_19_feb_2020.pdf
- European Commission. (2021, April 21). Europe fit for the Digital Age: Commission proposes new rules and actions for excellence and trust in Artificial Intelligence.https://ec.europa.eu/commission/presscorner/detail/en/ip_21_1682
- Federal Data Protection Act (BDSG). (n.d.). Gesetze im Internet. https://www.gesetze-im-internet.de/englisch_bdsg/
- Fernandez, D. (2018, October 2). Argentina’s new Bill on Personal Data Protection. International Association of Privacy Professionals. Retrieved April 15, 2020, from https://iapp.org/news/a/argentinas-new-bill-on-personal-data-protection/
- Foote, C. (2019, April 15). Fact of the week: The Digital Economy Grew 4.3 Times Faster than the U.S. Economy Overall from 1997 to 2017. Information Technology and Innovation Foundation. https://itif.org/publications/2019/04/15/fact-week-digital-economy-grew-43-times-faster-us-economy-overall-1997-2017
- Gabel, D. & Hickman, T. (2019). The Rapid Evolution of Data Protection Laws: Data Protection 2019. International Comparative Legal Guides International Business Reports. Retrieved April 8, 2020, from https://iclg.com/practice-areas/data-protection-laws-and-regulations/1-the-rapid-evolution-of-data-protection-laws
- Gartner. (2021, May 17). Gartner Forecasts Worldwide Security and Risk Management Spending to Exceed $150 Billion in 2021. https://www.gartner.com/en/newsroom/press-releases/2021-05-17-gartner-forecasts-worldwide-security-and-risk-managem
- GDPR Enforcement Tracker. (n.d.). List of GDPR fines. Retrieved April 9, 2020, from https://www.enforcementtracker.com/?
- GDPR.EU. GDPR Small Business Survey 2019. (2019, May) https://gdpr.eu/wp-content/uploads/2019/05/2019-GDPR.EU-Small-Business-Survey.pdf
- Griffiths, J. (2019, April 8). Governments are rushing to regulate the internet. Users could end up paying the price. CNN. Retrieved April 8, 2020, from https://www.cnn.com/2019/04/08/uk/internet-regulation-uk-australia-intl-gbr/index.html
- Guo, E. (2020a, December 9). Facebook is now officially too powerful, says the US government. Retrieved January 20, 2021, from MIT Technology Review website: https://www.technologyreview.com/2020/12/09/1013641/facebook-should-be-broken-up-says-us-government/
- Guo, E. (2020b, December 16). US states are suing Google: here’s what you need to know. Retrieved January 20, 2021, from MIT Technology Review website: https://www.technologyreview.com/2020/12/16/1014886/texas-lawsuit-google-antitrust-facebook/
- Haeck, P. (2021, May 27). Paris and Berlin urge EU to crack down on Big Tech. Politico. https://www.politico.eu/article/brussels-eu-big-tech-regulation-digital-markets-act-act-apple-amazon-facebook-google/
- Harwell, D. (2021, May 18). Amazon extends ban on police use of its facial recognition technology indefinitely. The Washington Post. https://www.washingtonpost.com/technology/2021/05/18/amazon-facial-recognition-ban/
- Hernandez, B. (2020, April 17). Data Localization Laws around the World. Women in Localization. Retrieved April 15, 2020, from https://womeninlocalization.com/data-localization-laws-around-the-world/
- Hinck, G. (2018, January 5). Wassenaar Export Controls on Surveillance Tools: New Exemptions for Vulnerability Research. Lawfare. https://www.lawfareblog.com/wassenaar-export-controls-surveillance-tools-new-exemptions-vulnerability-research
- Horowitz, L. (2021, January 26). IoT Security Trends, 2021: COVID-19 Casts Long Shadow. ITProToday. https://www.itprotoday.com/iot/iot-security-trends-2021-covid-19-casts-long-shadow
- Hout, T., & Ghemawat, P. (2010, December 1). China vs the World: Whose Technology Is It? Retrieved January 12, 2021, from Harvard Business Review website: https://hbr.org/2010/12/china-vs-the-world-whose-technology-is-it
- The History of the General Data Protection Regulation. (2017, March 29). European Data Protection Supervisor—European Data Protection Supervisor. Retrieved April 7, 2020, from https://edps.europa.eu/data-protection/data-protection/legislation/history-general-data-protection-regulation_en
- Hulefeild, M. (2018, December 12). Australia and Chinese Taipei join APEC’s CBPR system. International Association of Privacy Professionals. Retrieved April 22, 2020, from https://iapp.org/news/a/australia-and-chinese-taipei-join-apec-cbpr-system/
- Human Rights Watch. (1996, May). Silencing the Net: The Threat to Freedom of Expression On-line. The New York Times On the Web. Retrieved March 25, 2020, from https://archive.nytimes.com/www.nytimes.com/library/cyber/week/0910hrw.html
- Hunton Andrews Kurth’s Privacy & Information Security Law Blog. (2020, October 27). China Issues Draft of Personal Information Protection Law. https://www.huntonprivacyblog.com/2020/10/27/china-issues-draft-of-personal-information-protection-law
- Hunton Andrews Kurth. (2019, June 13). APEC Endorses Additional U.S. CBPR and PRP Accountability Agent. Privacy & Information Security Law Blog. Retrieved April 20, 2020, from https://www.huntonprivacyblog.com/2019/06/13/apec-endorses-additional-u-s-cbpr-and-prp-accountability-agent/
- India’s misguided move towards data localisation. (2018, September 10). Financial Times. Retrieved April 16, 2020, from https://www.ft.com/content/92bb34a8-b4e5-11e8-bbc3-ccd7de085ffe
- Insider Intelligence. (2020, December 12). Top 10 Countries, Ranked by Retail Ecommerce Sales, 2020 & 2021. https://www.emarketer.com/chart/242909/top-10-countries-ranked-by-retail-ecommerce-sales-2020-2021-billions-change
- Information Commissioner’s Office. (2019, August 2). Guide to the General Data Protection Regulation (GDPR). Retrieved March 25, 2020, from https://ico.org.uk/media/for-organisations/guide-to-the-general-data-protection-regulation-gdpr-1-0.pdf
- International Association of Privacy Professionals. (2017, May 31). GDPR Matchup: The APEC Privacy Framework and Cross-Border Privacy Rules. Retrieved April 15, 2020, from https://iapp.org/news/a/gdpr-matchup-the-apec-privacy-framework-and-cross-border-privacy-rules/
- International Privacy Standards. (n.d.). Electronic Frontier Foundation. Retrieved April 14, 2020, from https://www.eff.org/issues/international-privacy-standards
- Institute of International Finance. (2019, March). Data Flows Across Borders: Overcoming Data Localization Restrictions. Institute of International Finance. Retrieved April 8, 2020, from https://www.iif.com/Portals/0/Files/32370132_iif_data_flows_across_borders_march2019.pdf
- Johnson, L. (2019, October 8). Ctrl + shift + delete: The GDPR’s Influence on National Security Posture. Council on Foreign Relations. Retrieved March 24, 2020, from https://www.cfr.org/blog/gdpr-influence-national-security-posture
- Kathuria, R., Kedia, M., Varma, G., & Bagchi, K. (2019, November). Economic Implications of Cross-Border Data Flows. Indian Council for Research on International Economic Relations. Retrieved April 13, 2020, from https://icrier.org/pdf/Economic_Implications_of_Cross-Border_Data_Flows.pdf
- Key Issues. (2018, October 9). General Data Protection Regulation (GDPR). Retrieved March 24, 2020, from https://gdpr-info.eu/issues/
- KPMG China. (2017, February). Overview of China’s Cybersecurity Law. https://assets.kpmg/content/dam/kpmg/cn/pdf/en/2017/02/overview-of-cybersecurity-law.pdf
- Kurzer, R. (2018, May 9). As GDPR approaches, marketers are moving away from their reliance on third-party data. MarTech Today. Retrieved March 25, 2020, from https://martechtoday.com/as-gdpr-approaches-marketers-are-moving-away-from-their-reliance-on-third-party-data-215125
- Laskai, L. & Segal, A. (2021, March 31). The Encryption Debate in China: 2021 Update. Carnegie Endowment for International Peace. https://carnegieendowment.org/2021/03/31/encryption-debate-in-china-2021-update-pub-84218
- McCann, D., Patel, O., & Ruiz, J. (2020, November 30). The cost of data inadequacy. New Economics Foundation. https://neweconomics.org/2020/11/the-cost-of-data-inadequacy
- McKinsey & Company. (2020, October 5). How COVID-19 has pushed companies over the technology tipping point—and transformed business forever. https://www.mckinsey.com/business-functions/strategy-and-corporate-finance/our-insights/how-covid-19-has-pushed-companies-over-the-technology-tipping-point-and-transformed-business-forever
- Monteiro, R. (2018, August 14). The new Brazilian General Data Protection Law—a detailed analysis. International Association of Privacy Professionals. Retrieved April 20, 2020, from https://iapp.org/news/a/the-new-brazilian-general-data-protection-law-a-detailed-analysis/
- Newton, C. (2020, December 29). Everything you need to know about Section 230. The Verge. https://www.theverge.com/21273768/section-230-explained-internet-speech-law-definition-guide-free-moderation
- Oberlo. (2020, March 5). Ecommerce Sales by Country in 2019. Retrieved April 21, 2020, from https://www.oberlo.com/statistics/ecommerce-sales-by-country
- O’Neill, P. H. (2020, November 9). Europe is adopting stricter rules on surveillance tech. MIT Technology Review. https://www.technologyreview.com/2020/11/09/1011837/europe-is-adopting-stricter-rules-on-surveillance-tech/
- Panday, J. (2017, September 15). Rising Demands for Data Localization a Response to Weak Data Protection Mechanisms. Electronic Frontier Foundation. Retrieved April 15, 2020, from https://www.eff.org/deeplinks/2017/08/rising-demands-data-localization-response-weak-data-protection-mechanisms
- Rahman, M. (2021, February 25). Here are the countries using Google and Apple’s COVID-19 Tracing API. XDA Developers. https://www.xda-developers.com/google-apple-covid-19-contact-tracing-exposure-notifications-api-app-list-countries/
- Reinsch, W.A. (2018, March 9). A Data Localization Free-For-All? Center for Strategic and International Studies. Retrieved April 8, 2020, from https://www.csis.org/blogs/future-digital-trade-policy-and-role-us-and-uk/data-localization-free-all
- Rej, A. (2020, October 2). US Issues Human Rights Guidelines for Exporters of Surveillance Tech. The Diplomat. https://thediplomat.com/2020/10/us-issues-human-rights-guidelines-for-exporters-of-surveillance-tech/
- Rodriguez, M. (2019, November 13). The Definitive Guide to Brazil’s LGPD Privacy Law. Osano. Retrieved April 21, 2020, from https://www.osano.com/articles/brazil-lgpd
- Sabbagh, D., & Hern, A. (2020, June 18). UK abandons contact-tracing app for Apple and Google model. The Guardian. https://www.theguardian.com/world/2020/jun/18/uk-poised-to-abandon-coronavirus-app-in-favour-of-apple-and-google-models
- Sacks, S., & Sherman, J. (2019, June 26). The Global Data War Heats Up. The Atlantic. Retrieved April 14, 2020, from https://www.theatlantic.com/international/archive/2019/06/g20-data/592606/
- Salem, D. (1981). The Joint Venture Law of the People’s Republic of China: Business and Legal Perspectives. Maryland Journal of International Law, 7(1), 1–4.
- Singh, M. (2019, December 10). India Proposes New Rules to Access Its Citizens’ Data. TechCrunch. Retrieved April 14, 2020, from https://techcrunch.com/2019/12/10/india-personal-data-protection-bill-2019/
- Sivasubramanian, S. (2020, May 28). How AI and machine learning are helping to fight COVID-19. World Economic Forum. https://www.weforum.org/agenda/2020/05/how-ai-and-machine-learning-are-helping-to-fight-covid-19/
- Sobers, R. (2020, March 29). A Year in the Life of the GDPR: Must-know stats and takeaways. Varonis. Inside Out Security. Retrieved April 9, 2020, from https://www.varonis.com/blog/gdpr-effect-review/
- Social Media Stats Worldwide. (n.d.). StatCounter GlobalStats. Retrieved April 16, 2020, from https://gs.statcounter.com/social-media-stats
- SonicWall. (2021). Sonicwall Cyber Threat Report. https://www.sonicwall.com/medialibrary/en/white-paper/2021-cyber-threat-report.pdf
- The State of Data Protection Rules Around the World: A Briefing for Consumer Organisations. (n.d.). Consumers International. https://www.consumersinternational.org/media/155133/gdpr-briefing.pdf
- Statista. (2020, January 7). Countries with the highest number of internet users as of June 2019. Retrieved April 16, 2020, from https://www.statista.com/statistics/262966/number-of-internet-users-in-selected-countries/
- Stahl, L. (2020, May 10). Examining Amazon’s treatment of its workers. 60 Minutes. https://www.cbsnews.com/news/amazon-workforce-safety-60-minutes-2020-05-10/?ftag=CNM-00-10aab7d&linkId=88333560
- Sullivan, C. (2019, August). EU GDPR or APEC CBPR? A Comparative Analysis of the Approach of the EU and APEC to Cross Border Data Transfers and Protection of Personal Data in the IoT Era. Computer Law & Security Review, Vol. 35, Issue 4, August 2019, pp. 380-97. Retrieved April 21, 2020, from https://www.sciencedirect.com/science/article/abs/pii/S026736491930038X
- Swinhoe, D. (2019, March 11). What are the new China Cybersecurity Law provisions? And how CISOs should respond. CSO Online. Retrieved April 14, 2020, from https://www.csoonline.com/article/3359236/what-is-the-china-cybersecurity-law-how-cisos-should-respond.html
- The National Law Review. (2021, May 10). China Issues the Second Version of the Draft of Data Security Law. https://www.natlawreview.com/article/china-issues-second-version-draft-data-security-law
- UNCTAD. Data Protection and Privacy Legislation Worldwide. (n.d.). Retrieved April 9, 2020, from https://unctad.org/en/Pages/DTL/STI_and_ICTs/ICT4D-Legislation/eCom-Data-Protection-Laws.aspx
- UNCTAD. (2019). Digital Economy Report 2019. (2019, September 4). https://unctad.org/en/PublicationsLibrary/der2019_overview_en.pdf
- Understanding Data Localization Laws. (2016, August 17). Big Bang ERP. Retrieved April 10, 2020, from https://www.bigbangerp.com/blog/data-localization-laws/
- United Nations. (2019) Data Economy: Radical transformation or dystopia? https://www.un.org/development/desa/dpad/wp-content/uploads/sites/45/publication/FTQ_1_Jan_2019.pdf
- United States International Trade Commission. (2017, August). Global Digital Trade 1: Market Opportunities and Key Foreign Trade Restrictions. https://www.usitc.gov/publications/332/pub4716_0.pdf
- Vargo, D., Zhu, L., Benwell, B., & Yan, Z. (2020, December 28). Digital technology use during COVID‐19 pandemic: A rapid review. Human Behavior and Emerging Technologies, 3(1), 13–24. https://doi.org/10.1002/hbe2.242
- Wagner, J. (2017, June 1). China’s Cybersecurity Law: What You Need to Know. Retrieved April 15, 2020, from https://thediplomat.com/2017/06/chinas-cybersecurity-law-what-you-need-to-know/
- Wimmer, K., & Maldoff, G. (2019, December 13). India Proposes Updated Personal Data Protection Bill. Covington & Burling, Inside Privacy. Retrieved April 15, 2020, from https://www.insideprivacy.com/india/india-proposes-updated-personal-data-protection-bill/
- Wray, S. (2021, May 5). How US cities are using artificial intelligence to boost vaccine uptake. CitiesToday. https://cities-today.com/how-us-cities-are-using-artificial-intelligence-to-boost-vaccine-uptake/
- Yaraghi, N. (2018, June 11). A case against the General Data Protection Regulation. Brookings. Retrieved April 7, 2020, from https://www.brookings.edu/blog/techtank/2018/06/11/a-case-against-the-general-data-protection-regulation/