I question the statement “Data localisation is based on the misconception that cybersecurity risk is dependent on physical location. However, the main determinants of cyber-resilience are technical, such as strong encryption measures and infrastructure protection, and governance-related”. It surely depends on what threat one is guarding against. If the threat is a cyber crime conglomerate then I agree that data location is not a primary lever for security. However, we cannot ignore the threat of foreign governments who can use legal / quasi-legal processes to access “local” data. There are countries where I would not be comfortable having my data stored lest it be used for election manipulation, sham criminal investigations or foreign influence (if not over me, then over politicians whose data may also be stored there). Even in the context of legitimate criminal investigations by “trusted” countries, there are questions about the loss of sovereignty over decisions by foreign law enforcement agencies.
I question the statement “Data localisation is based on the misconception that cybersecurity risk is dependent on physical location. However, the main determinants of cyber-resilience are technical, such as strong encryption measures and infrastructure protection, and governance-related”. It surely depends on what threat one is guarding against. If the threat is a cyber crime conglomerate then I agree that data location is not a primary lever for security. However, we cannot ignore the threat of foreign governments who can use legal / quasi-legal processes to access “local” data. There are countries where I would not be comfortable having my data stored lest it be used for election manipulation, sham criminal investigations or foreign influence (if not over me, then over politicians whose data may also be stored there). Even in the context of legitimate criminal investigations by “trusted” countries, there are questions about the loss of sovereignty over decisions by foreign law enforcement agencies.