The Moscow court has today upheld a complaint by the regulatory authorities concerning localisation of data. Data sovereignty has become a big issue as many coutries seek to on-shore their Internet. Canada, Australia, Germany, France are just a few enacting or enforcing laws in this area.
Germany’s Federal IT administration has now ruled on how cloud computing can be used within government: “Information which needs to be protected (e.g., business secrets and sensitive data about the federal IT infrastructure) must exclusively be processed in Germany. Cloud providers must enter into a Non-Disclosure Agreement, whereby such data may not become subject to foreign disclosure and access obligations.”
The Digital Bill as voted for by the French Senate on 3 May 2016 includes a data localization provision: “Data shall be stored in a data center located within any EU Member State territory, without prejudice to international agreements to which France and the EU are parties. They cannot be subject to a transfer to a third country”.
So today’s ruling in Russia about LinkedIn is nothing more than a sovereign state ensuring it’s laws (in this case, one that came into effect 1 Sept 2015) are respected.
The issue concerning Russia’s Information Law Amendment FZ242 is that it stipulates that Russian citizens’ information is stored within the Russian Federation. This essentially means that the master copy of the data (phone number, address, credit card details etc) be held in a server on Russian soil. The database can be worked on from anywhere in the world however.
This does not appear to have been so complex for many big names, with Booking.com, Apple and La Redoute mentioned in the press as already having addressed this issue in 2015.
Forcing compliance with these laws obviously has a positive effect on the economy. In the case of Germany it ensures that all cloud services sold into government will be hosted in Germany, so more datacenters (and hence more inward investment), more servers, more jobs for technical staff. Having a physical presence also enables a country to charge taxes. In Europe (for example when I was President of Equinix Europe) we were aware of the taxation issues surrounding a number of big names in the Internet. These big names were (and are today of course) already paying tax and abiding by all necessary was, it is just that the EC woke up to the fact that tax inequality between members states had created an area of conflict, and today is trying to address this issue. Now transpose this onto an emerging market country. If said company has no servers and no legal presence then presumably it can offer its service (by means of credit card payments for example) VAT free and not pay any tax as no revenues are declared for that country. Or sell advertising on the basis of its information on users in that country.
It is this issue of fairness that is becoming a bigger issue in emerging markets, where typically the excuse was that the local laws were unclear so why bother abiding by them.
The conclusion in my view is that if you want revenue from a country then you should abide by its laws and behave as a good corporate citizen…or not operate in that country.
Guy Willner, CEO and co-founder of IXcellerate Moscow One Datacentre.