Book Review: Data Localisation Laws and Policy

Book Review: ‘Data Localisation Laws and Policy’

Daniel Davenport

Cite as Davenport, D, “Book Review: Data Localisation Laws and Policy”, European Journal of Law and Technology, Vol 10, No. 2, 2019


W Kuan Hon, Data Localization laws and Policy, 2017, Edward Elgar Publishing, 488pp, ISBN 9781786431967.


In a climate where the obtainment and usage of personal data have come under increasing controversy, this text provides an essential guide for all those who are curious about the law governing these pertinent issues in these technologically driven times. It is also a fundamental resource for practitioners, policymakers, regulators, computing/technology organisations, and academics alike who are looking for a lively discussion on the topic of data localization in order to guide themselves through the challenging thickets of the present.

In particular, the discussion on assumptions offers a clear, in-depth, insightful, comprehensive, and comprehensible account of the conceptual difficulties associated with data which is transferred and how the laws particular to each third country can affect the level of protection offered. This exploration is also very lucid in explaining the difficulties and uncertainties inherent within this area, especially those surround physical possession and intelligible access.

The author smoothly guides the reader through intellectually challenging problem areas in a way that is comprehensive without sacrificing nuance, whilst at the same time incorporating academic, business, and political issues in a manner that consistently incorporates them throughout in the context of how personal data is transferred and processed on a transnational basis. Given the commercial, economic, social, and technological relevance of data, it should be no surprise that this matter has become a prominent issue in current political debates, as well as helping to illuminate the blurred lines that are drawn between law and technology.

The fundamental tension of this debate concerns the protection of privacy against the ability of corporations and governments to access such information, and what limits should be placed on this capacity. Data localization laws, which require certain data to be kept within the jurisdictional confines of the location to which they are stored, have been touted as having the potential to limit digital globalization. Yet, this text does not simply outline this view but gives a broad approach that incorporates various intellectually challenging issues within this subject area and relates them to the wider socio-political and commercial context.

This enhances the substantive legal aspects of this book because the text does not just cover the current issues relating to the functionality of data law, but it also ensures that the historical background is given to add clarity for the reader, as well as open up the future direction for this legal area if the restrictive effects of the law are not given fresh consideration.

In particular, this book tends to focus on the role of the data law as a tool in which to limit the transfer of information in jurisdictions like the European Union pertaining to international transfers of personal data in the context of cloud computing, and the role that the location of the data can affect the rules governing it. As a result, this text can also be considered vital reading for those working within the security services and other intelligence agencies that have a particular emphasis on surveillance to ensure compliance with national and transnational legal provisions, as well as to increase individual understanding of how the laws of data localization permeate into the lives of a country’s residents pursuant to surveillance based investigative practices.

The only real criticism of this text and this may be considered somewhat constrained in the grand scheme, is that there could have been a greater development and usage of the case law particular to this area. To expand, there could have been a more extensive analysis of the jurisprudence used, namely greater cases used and a heightened level of analysis applied to the ones chosen. However, this is not to say that the current text is in any way limited by the approach taken as the current text is comprehensive for the purposes intended. However, this is a minor criticism and one which could have been a consequential result of the unfortunate restrictions imposed by the word limit and broadness of the matters dealt with in a single book, precluding any such development.

This text by Kuan Hon can be considered a practical accomplishment that helps to create a vital interlinkage between the legal and academic world that is not always obvious, but also, she has done it in a way that provides vision in the often foggy landscape occupied by substantive legal and technical issues that are at the forefront of the constrained debate that is data localization.

This book brings about an unrivalled level of accessibility to the table, whereby explanations are technical enough to satisfy those in academia and practice, but also, are succinct enough to take it beyond the niche of specialists. It is a text which exerts a key quality often missed in books of this nature and it is refreshing to see that intellectual stimulation and practical accessibility are two compatible concepts which can coexist.

It is a useful tool for anyone wishing to understand the inevitable problems created between globalization and advancing technology, and how this has created a clash between law, computer security and industrial organisation, with data localization becoming the bridge between them, and also the key to where society wants to draw the legal boundaries in the online world.

This text by Kuan provides a much-needed map to navigate this uncertain territory which can help to ease the uncertainty that will conceivably take place as society seeks to strike a balance between technology and data protection to prevent either from taking on a life of their own. It brings the most important matters to the forefront and encourages users to think beyond the present and towards the future implications of legal barriers to the free interchange of personal data globally. This book should for essential reading to anyone interested in data localization laws and policy generally, but also, those who wish to explore the technical rules and regulations on how to protect personal data that is transferred and processed on the global Internet.

It is hoped that the views expressed here provide both creative encouragements and where mentioned, constructive criticism for future endeavours.