Cross-Border Data Flows
How personal data moves across national borders and the legal battles over data sovereignty, transfer mechanisms, and surveillance.
Data Without Borders?
The modern internet depends on data flowing across national borders. When a European user sends an email through Gmail, their data is processed on Google servers that may be located in the United States. When a Japanese company uses Amazon Web Services, its data may be stored in Singapore or Ireland. Cloud computing, social media, and digital services all require data transfers that cross dozens of jurisdictions.
This creates a fundamental tension. Data protection laws vary dramatically between countries. The EU treats personal data as a fundamental right under the GDPR. The US has a patchwork of sector-specific laws but no comprehensive federal privacy law. China's Personal Information Protection Law restricts cross-border transfers and requires data localization for certain categories. Russia requires personal data of Russian citizens to be stored on servers physically located within Russia. Each of these regimes reflects different values about privacy, security, and state power.