Effects of Regulations on Cross-border Data Flows: Evidence from a Survey of Japanese Firms

Author Name TOMIURA Eiichi (Faculty Fellow, RIETI) / ITO Banri (Research Associate, RIETI) / KANG Byeongwoo (Hitotsubashi University)
Creation Date/NO. October 2019 19-E-088
Research Project Empirical Analysis of Corporate Global Activities in the Digital Economy
Download / Links

First draft: October 2019
Revised: November 2019


We distributed a questionnaire to large- and mid-sized firms in the manufacturing, wholesale, and information-related service industries in Japan to investigate the firms' responses to regulations governing cross-border data transfers. Only a limited fraction of the surveyed firms regularly transfer data across national borders. However, among the firms active in collecting data from Internet of Things (IoT) devices from overseas, the EU's General Data Protection Regulation (GDPR) affects more than 20% of firms and the number of firms affected by the Cyber Security Act of China and similar regulations in other countries exceeds the number of firms that have not noticed an impact. The affected firms have responded to the regulations through measures such as changing the location of their data processing/storage, introducing firewalls, and/or assigning staff to address the issues. However, many firms have not yet taken any action.