Data localisation laws: trade barriers or legitimate responses to cybersecurity risks, or both?

Laws requiring data to be hosted within a particular jurisdiction tend to upset existing ideas about how the Internet should work. Some countries, particularly the USA, have labelled such laws as trade barriers. Other countries, such as Russia and China, have claimed they are pursuing legitimate strategies to protect their citizenry. With a particular focus upon the BRICs, this article aims to make an original contribution to this discourse by synthesising insights from the disciplines of international trade law and internet governance to analyse and separate the rhetoric from the reality of these competing claims. Drawing upon evidence from information leaked by Edward Snowden about the activities of the US National Security Agency, the article argues that underlying these tensions is the battle to retain or reduce the comparative advantage the US has historically enjoyed in economies of scale for its Internet signals intelligence capabilities. Underneath the debate over trade issues, this article argues that data localisation laws are being supported by some countries not only as a means to reduce their comparative disadvantage in Internet data hosting, but also to reduce their comparative disadvantage in Internet signals intelligence.