Regulators and legislators contend that data localization laws, which mandate that data be stored domestically, are necessary for national security reasons and to enhance consumer privacy. Case in point is Montana, which recently banned TikTok out of concern that the Chinese Communist Party was using data obtained through the app to spy on Montanans.
However, consumers do not share legislators’ fears regarding data-sharing. Technology Policy Institute (TPI) Scholars Scott Wallsten and Jeffrey Prince recently published research titled “Do People Around the World Care Where Their Data is Stored?” which assesses the importance of data localization to residents of seven countries: the United States, the United Kingdom, Japan, South Korea, India, France, and Italy.
Wallsten and Prince use discrete choice experiments (DCEs) to measure respondents’ preferences on privacy for many types of data on five different platforms: smartphone, financial institution, healthcare app, smart home device, and social media. The DCEs aimed to mimic the choices that consumers face in real markets by having respondents choose among varied levels of privacy protection and payments to the consumers for specific types of data. DCEs avoid much of the subjectivity and ambiguity inherent in open-ended, question-and-answer surveys.
Respondents appeared to value data localization on just 22 out of the 175 survey combinations of data types, countries, and platforms. This value was associated with sensitive data, such as biometric, location, or financial information. TPI’s research reveals that individuals do not discriminate against authoritarian China and Russia when it comes to data-sharing– despite government warnings about the threat to U.S. national security– if their data is already being shared internationally. Japanese and South Korean respondents even preferred to not exclude China and Russia from data sharing rings. This finding suggests that Japanese and South Korean respondents may be particularly sensitive to the negative trade effects of data protectionism given their countries’ strong economic ties with China.
The study does not argue that data localization laws are wrong. It does not evaluate national security concerns, for example. Still, it shows that consumers themselves do not put much, if any, value on requiring firms to store data domestically. That means the laws are unlikely to increase consumer satisfaction.
These findings imply that privacy concerns may be exaggerated as a motivating factor for data localization mandates. Welfare justifications for data localization may instead rely on national security or economic considerations.