Data Embassy Issues Paper
Data Embassies Issues Paper
Asian Business Law Institute and Singapore Academy of Law
January 2024
Over the years, the Asian Business Law Institute has been focusing on data governance, in particular cross-border transfer of personal data, as one key plank of its work to promote convergence of laws and practices in this field. Its current collection of data publications can be found at https://payhip.com/AsianBusinessLawInstitute/collection/data.
This issues paper on data embassy is a continuation of ABLI’s ongoing efforts to promote convergence of risk management practices with a view to facilitating the transfer of data across Asia.
Why data embassy?
From engagement with public and private stakeholders, ABLI has learnt that one recurring pain point when it comes to transferring data across borders stems from the hesitation on the part of transferor organisations to grant access to their data. Once the transferor transfers its data to the recipient, the data falls under the possession of the recipient, leaving the transferor with limited ability to act (or react) if public authorities of the recipient’s jurisdiction require access to that data. The transferor is also often unfamiliar with the legal regimes and institutions of the recipient’s jurisdiction. Its reluctance to “part with” its data is thus understandable.
One solution proffered is the creation of data embassies, a special type of offshore data centres. A data embassy embodies a dynamic interplay of competing yet, at times, compatible interests: the desire of the customer to “insulate” its data from access by public authorities of the country hosting the data embassy and to have a say in the law that governs the data embassy needs to be balanced against the desire of the host country to exercise sovereignty over the territory on which the data embassy sits, all happening against the backdrop where countries globally are racing to establish themselves as technology or digital economy hubs by playing host to data centres.
So what is a data embassy? What are the data embassy models in operation today? What features does a data embassy tend to have? Is the creation of a data embassy the ultimate response to concerns over offshore public authorities’ access to data? What more needs to be done so that the overall robustness of data embassies can be enhanced?
This issues paper attempts to address these queries and put forward further questions for thought in the hope of eliciting more discussions among businesses, policy practitioners and public officials who are
studying the data embassy concept and contemplating its adoption.
This issues paper will be accompanied by a soon-to-be-released mapping of the primary data embassy models in operation today.
Table of contents