Financial Data Localization: Conflicts and Consequences

December 7, 2017

FPF Staff

How has the growing trend of global financial data localization laws affected financial institutions handling difficult questions of data privacy? What have been the practical impacts of these laws? FPF addresses these questions in a new info-graphic: “Financial Data Localization: Conflicts and Consequences” (view the info-graphic here) (Pdf).

Financial Data Localization: Conflicts and Consequences explores the perceived drivers as well as the potential unintended consequences of the growing trend of global data localization laws. Data localization laws, which require data about a country’s residents be processed or stored inside the geographical boundaries of a country, are often perceived as a way to protect privacy, stimulate a local economy, or maintain national control over data and technology, among other motivations.

Despite the importance of these goals, there may be better ways to safeguard privacy and protect individuals’ financial data (for example, through narrowly tailored and proportionate law enforcement access requests) while avoiding unintended consequences. This info-graphic highlights three ways in which such laws may lead to unintended results: First, legal tension is often created by banks’ conflicting obligations to comply with local privacy laws and international law enforcement requests; second, threat responses may be hampered by cross-border data transfer restrictions that limit banks’ abilities to share security threats from one country to another; and finally, banks’ reporting abilities may be compromised by regulations that restrict cross border data transfer and regulations that require criminal reports to be made locally, increasing the risk that a criminal rejected in one country can open an account in another country.

As more countries consider data localization laws, these issues will continue to grow in importance. Recently, for example, the Brazilian Central Bank proposed cybersecurity regulations that would prohibit financial institutions from using data processing and cloud computing services based abroad. According to some, regulations such as these could have negative implications for banks and consumers, including raising the costs of effective fraud detection.

As U.S. financial institutions grapple with these difficult questions, we hope that this info-graphic will contribute to the growing conversation around data localization laws and how best to protect privacy and security internationally.

Explore

Issues

authors

dates

Posts by FPF

Privacy Best Practices for Rideshare Drivers Using Dashcams

0125746e e60a 4bcb bc7e 31b33fa50a80 1 201 a

Future of Privacy Forum Launches its Asia-Pacific Office Led by Dr. Clarisse Girot

A New Era for Japanese Data Protection: 2020 Amendments to the APPI

Financial Data Localization: Conflicts and Consequences

Explore

The African Union’s Continental AI Strategy: Data Protection and Governance Laws Set to Play a Key Role in AI Regulation

U.S. Legislative Trends in AI-Generated Content: 2024 and Beyond

Processing of Personal Data for AI Training in Brazil: Takeaways from ANPD’s Preliminary Decisions in the Meta Case

Do LLMs Contain Personal Information? California AB 1008 Highlights Evolving, Complex Techno-Legal Debate

Future of Privacy Forum Convenes Over 200 State Lawmakers in AI Policy Working Group Focused on 2025 Legislative Sessions

Synthetic Content: Exploring the Risks, Technical Approaches, and Regulatory Responses

Out, Not Outed: Privacy for Sexual Health, Orientations, and Gender Identities

FPF Analysis of New Requirements for Generative AI Use by Healthcare Entities in Patient Communications

FPF Submits Comments to Inform New York Children’s Privacy Rulemaking Processes