The Tour d’ Horizon of Data Law Implications of Digital Twins
4.3 DATA LOCALIZATION
In some jurisdictions such as India, Singapore and Russia, certain types of data( personal data or otherwise) are prohibited from being transferred or even accessed outside the specific jurisdiction. For instance, Russia 36 imposes restrictions on even access to certain categories of data. In 2024, the USA released an executive order that prevented access to bulk sensitive personal data and government related data by countries of concern 37. In India, local geospatial laws prohibit access to certain sensitive geospatial data known as“ negative attributes.” This prohibited category of geospatial data includes defense areas. Additionally, foreign entities are explicitly prohibited from accessing geospatial data which is finer than the prescribed thresholds. 38 Hence, DTs in the defense sector may have restrictions to ensure that the data is stored within the territorial limit of the country concerned.
4.3.1 POTENTIAL RISKS
Defense related DTs may be created by an external private company, which may have multiple offices across the globe. Data related to defense is sensitive and may include geospatial data and data on weapon capabilities, military sites and even military supply chain. If such data is not permitted to be transferred outside the relevant jurisdiction, it would limit the accessibility to such data by the DT. In which case, the DT may not be able produce the desirable or precise results.
4.3.2 IMPACT
Data localization requirements for certain categories, such as defense, may restrict cross-border data transfers, hindering real-time data updates essential for DT applications. Further, DT applications impacted by data localization laws would have to be deployed at domestic level, i. e. the servers and data centers hosting the applications should be located in the same region as where the Input Data is collected and the DT application is deployed. Hence, this would involve significant infrastructure costs to the developer and the deployer of DT to ensure that the Input Data subject to localization is not being transferred outside the specific country.
4.4 DATA TRANSFERS
Data laws in most jurisdictions permit the cross-border transfer of personal data subject to certain conditions, which include that the recipient country offers adequate or same level of
36
Federal Law No. 149-Fz of July 27, 2006 On Information, Informational Technologies and the Protection of Information, Russia.
37
Executive Order on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern issued by the White House, dated February 28, 2024.
38
Guidelines for acquiring and producing Geospatial Data and Geospatial Data Services including Maps, 2021, India; Office Memorandum on Clarifications / Compliance points in pursuance to Geospatial Guidelines dated November 28, 2022, India.
Journal of Innovation 85