Regional regulations are affecting cross-border data flows, whether motivated by protection of user privacy, control over the Internet, or otherwise. Europe and the U.S. have sought to protect cross-border data flows between the two regions through the U.S.-E.U. Privacy Shield. . At the same time, there is a growing sense of concern that Asia is becoming Balkanized when it comes to cross-border data flows there.
On July 6, 2015, China’s National People’s Congress (NPC) released a draft of a Cyber Security Law for comment. A number of multinationals and foreign business associations expressed concern about required safety certifications and inspections for “suppliers of network products and services” before market entry and mandated siting of data centers in China. After receiving those comments, the NPC did not take action, even during the so-called “Two Meetings” that included the NPC’s annual meeting earlier this year.