proposed presidential executive order in the Philippines that would have imposed data localization requirements on businesses in the nation triggered a strong reaction among both domestic and international industry actors. The rule change would have required an exceptionally wide range of information and data to be kept within the Philippines, covering a significant amount of personal information processed by private entities.
For international industry players, there is concern that the pursuit of a data localization mandate in the Philippines is a step backwards from progressive policies on digital trade which have ensured access to digital technologies, enabled economic growth, and guaranteed the economic competitiveness over preceding decades.
While the current proposal may or may not go ahead, there are two key reasons countries gravitate towards wanting data to be hosted locally. Firstly, some countries assert that the safety of data can be more directly overseen and assured if it is stored only within their own territories, leading to greater security for citizens. Secondly, countries often believe that data is intrinsically valuable, and that having control over the movement of large quantities of data brings economic benefit. However, both of these conclusions are based on ideas about how data is used and stored which don’t reflect the reality of the situation.
It may at first glance seem reasonable to be concerned about the location of public and private data. Data stored offshore may appear to be a greater risk of data leaks or breaches. However, it often turns out that data stored locally is no safer and often is at greater risk. This is because keeping data at home often means using data storage providers that do not have the same levels of experience and infrastructure to store information effectively and securely.
Many firms do not have the capacity to manage the storage of their digital data well, particularly smaller companies that are focused on running their businesses and not on handling data. Without access to best-in-class providers of data storage, smaller firms are at greater risk of using providers that are unable to keep information secure.
Alternatively, small firms may try to handle their data storage on their own, using their computers or data servers. The risks of data breaches from such approaches are significant, as most firms will not have the right technology or knowledge to manage information effectively and will be unable or unwilling to pay for expertise and experience.
Creating secure, reliable data storage is expensive. The costs of using local providers are likely to be higher, as they are unlikely to achieve the same economies of scale that global firms can achieve. They will probably not deliver the same wide range of services, including the relative ease with which companies can scale up or down their storage requirements. Higher costs are likely to be passed along to local storage customers, including both firms and consumers.
Keeping information secure is an important objective. Fortunately, there are many other approaches to achieving this goal besides just insisting that data remain locally hosted. For example, existing data breach rules can be enhanced to give companies greater incentives to ensure that information is securely stored. Companies should be encouraged to take data security seriously and given information or training to support their efforts.
Fortunately, most firms are likely to agree that data security is critical. After all, particularly for small companies, the information that they hold about their firm, customers, and suppliers is vital to the operation of their business. If they are not seen as a trusted partner, they will lose business and the impact of a data breach can completely destroy their firm overnight.
The proposed rule change for the Philippines seems also driven by the idea that data held in storage locally will better support the use of such information. If data or information is valuable, it may seem appealing to hold on to it.
However, as most companies can attest, data found in a server has limited or even no value on its own. A customer list, as one example, may be no more useful than an ordinary phone book unless it is matched against a specific type of product or service that appeals to specific customers. An out-of-date customer list is useless. Holding information about customers that cannot be accessed at the moment when the customer might be prepared to purchase an item or a service is also unhelpful.
The basic point is that much of the “data” housed in servers is only valuable when it is properly analyzed, understood, and applied with the right timing. It may need to be combined with a range of additional data to create value. Hosting data locally in the Philippines is unlikely, on its own, to drive additional economic gains.
Keeping data onshore will, however, drive up costs and is unlikely to make information storage any more secure. The proposed policy change will create results that are the opposite of the desired intent. There are better ways to support data security that the Philippines ought to support than a quixotic attempt to keep information hosted only locally.
a global affairs media network
Philippines’ New Digital Rules a Cause for Local, Global Concern
November 17, 2023
The government of the Philippines is pursuing a data localization mandate which would be a step backward from progressive policies on digital trade. That’s bad news locally and globally, and reflects a fundamental misunderstanding about how data is used and stored, writes Deborah Elms.
A
proposed presidential executive order in the Philippines that would have imposed data localization requirements on businesses in the nation triggered a strong reaction among both domestic and international industry actors. The rule change would have required an exceptionally wide range of information and data to be kept within the Philippines, covering a significant amount of personal information processed by private entities.
For international industry players, there is concern that the pursuit of a data localization mandate in the Philippines is a step backwards from progressive policies on digital trade which have ensured access to digital technologies, enabled economic growth, and guaranteed the economic competitiveness over preceding decades.
While the current proposal may or may not go ahead, there are two key reasons countries gravitate towards wanting data to be hosted locally. Firstly, some countries assert that the safety of data can be more directly overseen and assured if it is stored only within their own territories, leading to greater security for citizens. Secondly, countries often believe that data is intrinsically valuable, and that having control over the movement of large quantities of data brings economic benefit. However, both of these conclusions are based on ideas about how data is used and stored which don’t reflect the reality of the situation.
It may at first glance seem reasonable to be concerned about the location of public and private data. Data stored offshore may appear to be a greater risk of data leaks or breaches. However, it often turns out that data stored locally is no safer and often is at greater risk. This is because keeping data at home often means using data storage providers that do not have the same levels of experience and infrastructure to store information effectively and securely.
Many firms do not have the capacity to manage the storage of their digital data well, particularly smaller companies that are focused on running their businesses and not on handling data. Without access to best-in-class providers of data storage, smaller firms are at greater risk of using providers that are unable to keep information secure.
Alternatively, small firms may try to handle their data storage on their own, using their computers or data servers. The risks of data breaches from such approaches are significant, as most firms will not have the right technology or knowledge to manage information effectively and will be unable or unwilling to pay for expertise and experience.
Creating secure, reliable data storage is expensive. The costs of using local providers are likely to be higher, as they are unlikely to achieve the same economies of scale that global firms can achieve. They will probably not deliver the same wide range of services, including the relative ease with which companies can scale up or down their storage requirements. Higher costs are likely to be passed along to local storage customers, including both firms and consumers.
Keeping information secure is an important objective. Fortunately, there are many other approaches to achieving this goal besides just insisting that data remain locally hosted. For example, existing data breach rules can be enhanced to give companies greater incentives to ensure that information is securely stored. Companies should be encouraged to take data security seriously and given information or training to support their efforts.
Fortunately, most firms are likely to agree that data security is critical. After all, particularly for small companies, the information that they hold about their firm, customers, and suppliers is vital to the operation of their business. If they are not seen as a trusted partner, they will lose business and the impact of a data breach can completely destroy their firm overnight.
The proposed rule change for the Philippines seems also driven by the idea that data held in storage locally will better support the use of such information. If data or information is valuable, it may seem appealing to hold on to it.
However, as most companies can attest, data found in a server has limited or even no value on its own. A customer list, as one example, may be no more useful than an ordinary phone book unless it is matched against a specific type of product or service that appeals to specific customers. An out-of-date customer list is useless. Holding information about customers that cannot be accessed at the moment when the customer might be prepared to purchase an item or a service is also unhelpful.
The basic point is that much of the “data” housed in servers is only valuable when it is properly analyzed, understood, and applied with the right timing. It may need to be combined with a range of additional data to create value. Hosting data locally in the Philippines is unlikely, on its own, to drive additional economic gains.
Keeping data onshore will, however, drive up costs and is unlikely to make information storage any more secure. The proposed policy change will create results that are the opposite of the desired intent. There are better ways to support data security that the Philippines ought to support than a quixotic attempt to keep information hosted only locally.