Research Outline

Data Localization Laws: Case Studies


To find case studies of companies that have successfully navigated the data localization laws in a country with strict requirements and companies that did not properly follow the laws in one of those countries.

Early Findings


  • China has one of the strictest data localization laws in the world. The Cybersecurity Law in China is a data localization law.
  • Apple's investment in China included the building of a data center in Guizhou province to store the cloud data of Chinese users. This was in compliance with China’s Cybersecurity Law which has data localization requirements and required "critical information infrastructure (CII) providers to store personal information within mainland China".
  • Apple addressed cybersecurity concerns by assuring users that the government would not have back door access to data stored within China.
  • Apple partnered with Guizhou-Cloud Big Data Industry Co Ltd (GCBD), a local government-backed third-party data center service provider to build the data center.
  • Hosting servers within China is necessary to help Apple and other companies to prevent network constraints and offer more reliable services in China.