Why Facebook bet US$1 billion on Singapore data centre
Tech firms are re-examining their operations as they face headwinds in Asian countries increasingly concerned with protecting their own data
Facebook’s announcement that it is investing more than US$1 billion in building a new data centre in Singapore underlines how multinational technology firms are re-examining their operations as they face regulatory headwinds in Asian countries increasingly concerned with protecting their own data and data flows.
The data centre, projected to start operations in 2022, is a testament to Facebook’s long-term commitment to Southeast Asia, home to 360 million users of the website. In choosing Singapore to host its first data centre in Asia, Facebook has confirmed the city state’s status as the region’s data storage hub, a status that owes much to its strong data and intellectual property protection laws.
DATA PRIVACY RULES
China, South Korea, India, Indonesia, Thailand, and Vietnam are among the Asian countries that have either recently passed or proposed regulations on data protection. Unlike Singapore, however, data privacy rules in these countries tend to be unbalanced. While they require internet companies to store citizens’ data on local servers, an act known as data localisation, these countries will also restrict cross-border data transfers, an essential practice in an increasingly borderless digital world.
“Cross-border data flow is essential for the development of the digital economy, which countries globally are seeing as the engine of growth for GDP, trade, job creation, innovation and productivity,” says Jeff Paine, managing director of the Asia Internet Coalition, an industry group whose members include Facebook, Amazon, Google, and Apple. “Governments should realise that not only do data localisation policies restrict opportunities for businesses to grow domestically and globally, but they, in fact, increase vulnerabilities and don’t address the core concern of cybersecurity.”
Facebook is bent on friending China, but …
The EU’s passage in May of the GDPR, a law that requires internet companies to obtain consent from European consumers before using their information, has served as a boost for Asian states to implement their own legal frameworks on data privacy.
However, Paine notes “there is a misperception that locally stored data is the answer to more security”.
“In reality, ring-fencing data to a locality actually narrows the point of attack and creates more security vulnerabilities,” he says. “Cloud-based storage ensures that data is distributed at different points of the network, across multiple geographies, to minimise the risks from a single point of failure or breach.”
NEW CYBERSECURITY MEASURES
Why Facebook and Google’s China dream will cost more than it pays
As it stands now, the bill’s definition of sensitive data is deemed too broad, which would affect companies’ ability to transfer data out of the country, according to analysts.
“The definition of sensitive personal data [in the bill] could be reviewed. For example, financial data, official identifiers, passwords are important but by themselves and in isolation are not sensitive, even in aggregate,” says Ashish Aggarwal, senior director for public policy at the National Association of Software and Services Companies, an industry lobby based in Delhi. “They may require a higher level of consent for storage and processing but they may not require stricter control over their cross-border flow.”
“In India, [data localisation] will undermine firm productivity and competitiveness, and ultimately the economy’s productivity, by forcing firms to spend more than necessary on IT services,” says Nigel Cory, associate director of trade policy at Washington-based think tank Information Technology and Innovation Foundation. “This cost is not only borne by those firms directly impacted by the data localisation requirements, such as financial payment processors, but all IT service users, as it forces everyone to pay more for these services.”
NEW RULES DO OFFER BENEFITS
Indian tech start-ups argue that having data stored within the country is also beneficial to companies as proximity with cloud servers would prevent cloud service latency, or a delay between client request and server response.
Guess what Chinese travellers are bringing back home? VPNs
“Our data centre is based in Mumbai. Shifting data from storage in Singapore or US to India is not that of much of a hassle,” says Sachin Jaiswal, co-founder of Bangalore-based artificial intelligence start-up Niki.ai. “It is also better [to store data in Indian servers] as the response time is much, much faster.”
Jaiswal points out that data localisation is a non-issue for many Indian tech start-ups that cater to clients abroad as the rule is applied only to those that serve Indian customers. Companies such as Amazon and Google also provide local hostings in India – both companies run data centre facilities in Mumbai – which offer cheaper hosting than their servers in the US, he adds.
“Broadly speaking, [data localisation] is beneficial to Indian companies as it creates a more level-playing field. Even for some big [foreign] companies, this is just a small hindrance, not a big cost,” Jaiswal says. “India has the resources [to set up a top-tier data centre], all it requires is just a little bit more of an effort from these brands.” ■