The Internet Jurisdiction Risk of International Data Centers and the Cloud

CTOs in Fintech Industries are currently eager to adopt cloud-computing technologies and services into their infrastructure. However, with these cloud services comes an issue surrounding the jurisdiction under which they operate.
Our case study presents certain suggestions through which these complex issues may be dealt with across different jurisdictions.

Data centers belonging to a single cloud provider, like AWS Cloud, are usually located around the globe to support a worldwide customer base. Now, different countries have different data protection laws, and these multi-national data center distributions create a conflict of law and certain additional issues.
For instance, there are strict limitations to the mobility of data generated from EU jurisdictions to other jurisdictions. Subcontracting makes this scenario even worse, as when a CSP (communications service providers) leverages the services of another CSP, confusion arises on the exact jurisdiction to be applied. This serves as a major roadblock in case legal action from a user is warranted.

There’s no universal solution to mitigating risks with CSP jurisdiction, and this is unsurprisingly due to different countries running under different laws.
Nonetheless, some measures have been identified to work in your favor.
The more common scenario is CSPs and even regulators focusing on the content of service-level agreements (SLAs). Firstly, CSPs have tried to expressly state the jurisdiction under which they fall, while regulators introduced standardization guidelines to the formulation of these SLAs.
Mutual Legal Assistance Treaties (MLATs) between countries also allow for easy transfer of sensitive data between them. One case we could look at is the MLAT between India and Poland. A CSP like Equinix can be forced to transfer data between these countries without issues around jurisdiction arising.
Apparently, only legal agreements can mitigate the risks surrounding cloud service jurisdictions.

The whole scenario around CSP jurisdiction is as complex as it gets. Conflict of law exists due to the geo-location of data centers and there are particularly suffocating rules on the control and transfer of data.
Nonetheless, there are solutions for online fintech owners that wish to adopt cloud infrastructure through CSPs. Your best bets are to choose a CSP that clearly states jurisdiction in its SLA, make sure this jurisdiction protects you against data breaches, and verify that MLATs exist between countries where your CSP’s data centers are located.