Tag Archives: iceland data centers

Who Controls Peoples’ Data?

The McKinsey Global Institute estimates that cross-border flows of goods, services and data added 10 per cent to global gross domestic product in the decade to 2015, with data providing a third of that increase. That share of the contribution seems likely to rise: conventional trade has slowed sharply, while digital flows have surged. Yet as the whole economy becomes more information-intensive — even heavy industries such as oil and gas are becoming data-driven — the cost of blocking those flows increases…

Yet that is precisely what is happening. Governments have sharply increased “data localisation” measures requiring information to be held in servers inside individual countries. The European Centre for International Political Economy, a think-tank, calculates that in the decade to 2016, the number of significant data localisation measures in the world’s large economies nearly tripled from 31 to 84.

Even in advanced economies, exporting data on individuals is heavily restricted because of privacy concerns, which have been highlighted by the Facebook/ Cambridge Analytica scandal. Many EU countries have curbs on moving personal data even to other member states. Studies for the Global Commission on Internet Governance, an independent research project, estimates that current constraints — such as restrictions on moving data on banking, gambling and tax records — reduces EU GDP by half a per cent.

In China, the champion data localiser, restrictions are even more severe. As well as long-established controls over technology transfer and state surveillance of the population, such measures form part of its interventionist “ Made in China 2025 ” industrial strategy, designed to make it a world leader in tech-heavy sectors such as artificial intelligence and robotics.

China’s Great Firewall has long blocked most foreign web applications, and a cyber security law passed in 2016 also imposed rules against exporting personal information, forcing companies including Apple and LinkedIn to hold information on Chinese users on local servers. Beijing has also given itself a variety of powers to block the export of “important data” on grounds of reducing vaguely defined economic, scientific or technological risks to national security or the public interest.   “The likelihood that any company operating in China will find itself in a legal blind spot where it can freely transfer commercial or business data outside the country is less than 1 per cent,” says ECIPE director Hosuk Lee-Makiyama….

Other emerging markets, such as Russia, India, Indonesia and Vietnam, are also leading data localisers. Russia has blocked LinkedIn from operating there after it refused to transfer data on Russian users to local servers.

Business organisations including the US Chamber of Commerce want rules to restrain what they call “digital protectionism”. But data trade experts point to a serious hole in global governance, with a coherent approach prevented by different philosophies between the big trading powers. Susan Aaronson, a trade academic at George Washington University in Washington, DC, says: “There are currently three powers — the EU, the US and China — in the process of creating separate data realms.”

The most obvious way to protect international flows of data is in trade deals — whether multilateral, regional or bilateral. Yet only the World Trade Organization laws governing data flows predate the internet and have not been thoroughly tested through litigation. It recently recruited Alibaba co-founder Jack Ma to front an ecommerce initiative, but officials involved admit it is unlikely to produce anything concrete for a long time. In any case, Prof Aaronson says: “While data has traditionally been addressed in trade deals as an ecommerce issue, it goes far wider than that.”

The internet has always been regarded by pioneers and campaigners as a decentralised, self-regulating community. Activists have tended to regard government intervention with suspicion, except for its role in protecting personal data, and many are wary of legislation to enable data flows.  “While we support the approach of preventing data localisation, we need to balance that against other rights such as data protection, cyber security and consumer rights,” says Jeremy Malcolm, senior global policy analyst at the Electronic Frontier Foundation, a campaign for internet freedom…

Europe has traditionally had a very different philosophy towards data and privacy than the US. In Germany, for instance, public opinion tends to support strict privacy laws — usually attributed to lingering memories of surveillance by the Stasi secret police in East Germany. The EU’s new General Data Protection Regulation (GDPR), which comes into force on May 25, 2018 imposes a long list of requirements on companies processing personal data on pain of fines that could total as much as 4 per cent of annual turnover….But trade experts warn that the GDPR is very cautiously written, with a blanket exemption for measures claiming to protect privacy. Mr Lee-Makiyama says: “The EU text will essentially provide no meaningful restriction on countries wanting to practice data localisation.”

Against this political backdrop, the prospects for broad and binding international rules on data flow are dim. …In the battle for dominance over setting rules for commerce, the EU and US often adopt contrasting approaches.  While the US often tries to export its product standards in trade diplomacy, the EU tends to write rules for itself and let the gravity of its huge market pull other economies into its regulatory orbit. Businesses faced with multiple regulatory regimes will tend to work to the highest standard, known widely as the “Brussels effect”.  Companies such as Facebook have promised to follow GDPR throughout their global operations as the price of operating in Europe.

Excerpts from   Data protectionism: the growing menace to global business, Financial Times, May 13, 2018

Advertisements

Iceland as a Privacy Haven?

Nesjavellir Geothermal Power Plant, Iceland. Image from wikipedia

A former NATO airbase in Iceland  looks  like nothing more than a huge warehouse from the outside.  But the barbed-wire fence surrounding it and surveillance cameras atop its gates betray  its importance.  This facility, which began operating in February 2012, is one of several data centres in Iceland. It’s run by Verne Global, a company that allows its customers to store data on servers here.

Tate Cantrell, the company’s chief technical officer, explained why Verne Global favoured this tiny Nordic nation of all places. “In Iceland, you’ve got this ideal situation: energy, excellent connectivity for data, and a constant cool climate. So Iceland was an obvious choice.”  Iceland’s abundant renewable energy from geothermal and hydroelectric plants means the costs of running these data centres are low. And the Gulf Stream current keeps the temperature in Iceland more or less stable throughout the year, avoiding the need to provide cooling for the servers and computers.

Data centres based here have another advantage, too: Iceland is in the initial stage of implementing the most progressive data-privacy laws in the world, a major selling point especially after whistleblower Edward Snowden’s revelations regarding widespread surveillance by the United States’ National Security Agency (NSA).  A recent paper published by Verne Global stated that Iceland was “uniquely positioned as a data privacy haven” because of the new regulations.

The International Modern Media Institute (IMMI), a non-profit organisation, has played an instrumental role in designing and promoting the legal framework for Iceland’s new data privacy laws….Birgitta Jónsdóttir is IMMI’s spokeswoman and now represents the Pirate Party in the Icelandic parliament.  In 2010, the IMMI, then known as the Icelandic Modern Media Initiative, proposed a resolution to change Icelandic law to ensure data privacy and freedom of speech. The proposal includes protection for whistleblowers and journalists’ sources, as well as an “ultra-modern Freedom of Information Act” based on elements from existing laws in Estonia, the United Kingdom, and Norway.  The data centres would benefit from a clause in the law that ensures the protection of intermediaries such as internet service providers and telecommunications carriers.The resolution was passed by the Icelandic parliament that same year, and is now being implemented into law, piece by piece.  “A bit more than half of what IMMI proposed has been made into law – somewhere between 50 and 70 percent,” Jonsdottir said…

Despite the new measures, Icelandic journalist Jón Bjarki Magnusson said he thinks his country still has a long way to go when it comes to media freedom.  “IMMI for me is a bit like a fairy tale, reality on the ground is different from the idea,” he told Al Jazeera at a café in downtown Reykjavik. “I like the idea but Iceland is far from being a haven for free journalism.”Earlier this year, Magnusson worked on an investigative story for DV newspaper, in which he wrongly identified an assistant to Iceland’s interior minister as being under police investigation.  Magnusson and his colleagues quickly realised their mistake and issued an apology within a few hours of publishing. But that didn’t stop the official from pressing criminal libel charges against Magnusson and a colleague of his, Johann Pall Johannsson, demanding a sentence of up to two years in prison.

Watchdog group Reporters Without Borders (RSF) has issued a statement condemning the steps against the reporters as disproportionate. The group said that freedom of information in Iceland has declined over the past two years, citing the libel case and budget cuts for public broadcasters.

Excerpt from Felix Gaedtke, Can Iceland become the ‘Switzerland of data’?, Al Jazeera, Dec. 28, 2014