The (Data) World Is Not Flat: Microsoft, Isolationism, and Data in the Age of Cloud Computing
How can Azure and cloud services compete against rising international data protectionism?
Data is no longer just data. A perfect storm of protectionism and the advent of data as an internationally traded good requires business leaders to regard data as part of the supply chain, subject to similar trade and regulatory patterns. Microsoft’s cloud service, Azure, is at the forefront of data’s transformation but growth is hampered by increasingly protectionist data policies in China and Europe.
While free trade sputters, data protectionism runs rampant. Amazon recently sold $300 million of cloud assets in China to comply with regulations stipulating Chinese ownership of public cloud services [1]. The European Union adopted the General Data Protection Regulation (GDPR), stipulating localization of data and requiring consent for routine transfers of data across borders [2]. The US Supreme Court will soon decide the legality of federal searches of foreign data that American companies hold overseas [3]. Transferring and storing data, once largely unregulated, are now subject to laws limiting corporate ownership of hardware and routine data transfer. Those laws are similar to trade of physical goods, which often face tariffs, import/export restrictions, and search by authorities. Moreover, data protectionism is defended for the same reasons: domestic industry protection, national defense, and tax revenue.
Far from esoteric legal issues, data restrictions are profoundly deleterious to world economies and Azure’s growth. Unregulated data increased world GDP by 10% ($7 trillion) in 10 years [4], and GDPR will cost 1.3% of EU-27 GDP ($200 billion) due to productivity and research losses [5]. Chinese protectionism hampers Azure’s growth; Azure must license its technology to a Chinese company that owns the hardware [6]. Azure’s inability to market its brand and own its infrastructure prevents it from competing with domestic leader Alibaba, and Chinese control of Azure-licensed assets means that Chinese authorities have access to customer data. Those restrictions are deal breakers for most multinational corporations, and Azure thus has difficulty attracting large contracts in China. In Europe, GDPR protections compel Microsoft to build many local data centers, increasing the price of Azure services between 10% and 50% [7]. Azure is thus not price competitively with European cloud providers despite an overwhelming economy of scale advantage in a capital intensive industry. In short, data protectionism works as intended: foreign companies are severely disadvantaged versus domestic industry, but at staggering cost.
In the short term, Azure has little choice but to build localized infrastructure and cede control and growth potential. In China, Azure is licensed through 21Vianet, which is responsible for its management, infrastructure, sales, and marketing [8]. Ironically, 21Vianet has the same agreement with IBM’s cloud services [9]. In the EU, Microsoft will spend more than $1 billion building datacenters to comply with GPDR [10]. The trend is worldwide: Azure now has 42 global public sites, perhaps half of which would be unnecessary without data protectionism concerns [11]. Falling behind in the exploding cloud market is fatal, leaving Microsoft little choice but to build datacenters worldwide and accept slower growth in China managed by a company with conflicts of interest.
Unable to change the economics of cloud services, Microsoft invests in political strategies to reduce barriers in the long term. The company spent $10 million lobbying in 2017 [12], unsuccessfully advocating against subsidies for European cloud service competitors [13] and leading the legal battle against US search warrants applying to data held overseas [14]. Directly challenging legal barriers is ill-advised; there are few examples of American tech firms successfully changing foreign laws in the EU and China. In fact, Microsoft’s broad lobbying focus and average levels of funding suggest that the company’s efforts may be a public relations campaign.
Continuing Azure’s breathtaking 93% growth rate [15] requires Microsoft to further differentiate Azure and focus its political messaging. Protectionist environments have stripped Azure of both its brand and pricing power, leaving quality as the prime differentiator. Microsoft must position Azure as the premium cloud offering, providing seamless integration with a range of business software and hardware. Making Azure indispensable for business IT will allow Microsoft to capture market share from other cloud providers. Politically, Microsoft should focus its lobbying efforts to push the WTO and governments to adopt international standards against excessive data protectionism, highlighting the staggering economic costs.
Data has proven to follow similar trade and regulatory patterns as physical goods, prompting nations to enact well-intentioned but risky protectionist policies. World leaders must reach multilateral agreements on data management or include data in future trade deals. Azure highlights the challenges of data in the era of cloud computing, and business leaders must recognize that data is part of the supply chain, subject to similar protections and barriers as conventional trade. In turn, political leaders must ask themselves how data should be regulated in the era of cloud computing. What are the economic and social tradeoffs? How much do privacy and transparency matter?
(800 words)
Footnotes:
- Cadell, Cate. “Amazon sells off China cloud assets as tough new rules bite,” http://www.reuters.com/article/us-china-amazon-cloud/amazon-sells-off-china-cloud-assets-as-tough-new-rules-bite-idUSKBN1DE0CL, Accessed November 2017.
- Government of the United Kingdom. “Overview of the General Data Protection Regulation (GPDR),” https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/, Accessed November 2017.
- Smith, Brad. “US Supreme Court will hear petition to review Microsoft search warrant case while momentum to modernize the law continues in Congress,” https://blogs.microsoft.com/on-the-issues/2017/10/16/us-supreme-court-will-hear-petition-to-review-microsoft-search-warrant-case-while-momentum-to-modernize-the-law-continues-in-congress/, Accessed November 2017.
- Manyika, James et al. “Digital globalization: The new era of global flows,” https://www.mckinsey.com/business-functions/digital-mckinsey/our-insights/digital-globalization-the-new-era-of-global-flows, Accessed November 2017.
- “Economic impact assessment of the proposed European General Data Protection Regulation,” https://www2.deloitte.com/content/dam/Deloitte/uk/Documents/about-deloitte/deloitte-uk-european-data-protection-tmt.pdf, Accessed November 2017.
- Yang, Samuel. “Regulation of cloud computing in China,” https://uk.practicallaw.thomsonreuters.com/w-007-4744?originationContext=document&transitionType=DocumentItem&contextData=(sc.Default)&firstPage=true&bhcp=1, Accessed November 2017.
- Cory, Nigel. “Cross-Border Data Flows: Where Are the Barriers, and What Do They Cost?” http://www2.itif.org/2017-cross-border-data-flows.pdf, Accessed November 2017.
- Microsoft Corporation. “Welcome to Azure China 21Vianet,” https://docs.microsoft.com/en-us/azure/china/china-welcome, Accessed November 2017.
- Darrow, Barb. “IBM Teams Up With Wanda On Chinese Cloud,” http://fortune.com/2017/03/19/ibm-cloud-in-china/, Accessed November 2017.
- Microsoft Corporation. “Preparing for a new era in privacy regulation,” https://www.microsoft.com/en-us/TrustCenter/Privacy/gdpr/default.aspx, Accessed November 2017.
- Microsoft Corporation. “Azure regions,” https://azure.microsoft.com/en-us/regions/, Accessed November 2017.
- Shaban, Hamza. “Google spent the most it ever has trying to influence Washington: $6 million,” https://www.washingtonpost.com/news/the-switch/wp/2017/07/21/google-spent-the-most-it-ever-has-trying-to-influence-washington-6-million/?utm_term=.9d5cc3e8edba, Accessed November 2017.
- Scott, Mark. “E.U. Rules Look to Unify Digital Market, but U.S. Sees Protectionism,” https://www.nytimes.com/2016/09/14/technology/eu-us-tech-google-facebook-apple.html, Accessed November 2017.
- Smith, Brad. “US Supreme Court will hear petition to review Microsoft search warrant case while momentum to modernize the law continues in Congress,” https://blogs.microsoft.com/on-the-issues/2017/10/16/us-supreme-court-will-hear-petition-to-review-microsoft-search-warrant-case-while-momentum-to-modernize-the-law-continues-in-congress/, Accessed November 2017.
- Evans, Bob. “Microsoft’s Soaring Growth In The Cloud makes Marc Benioff’s Digs Seem Silly: Check These Stats,” https://www.forbes.com/sites/bobevans1/2017/11/13/microsofts-soaring-growth-in-the-cloud-make-marc-benioffs-digs-seem-silly-check-these-stats/#55d7fefe6522, Accessed November 2017.
I agree that political and business leaders need to ask themselves what tradeoffs they are willing to make in our our new cloud-first world. A complicating factor is that regulators seem to be using an old model to evaluate a new paradigm.
A central tenet of cloud computing is that data location should be abstracted from the users and easy to access by multiple parties. In this case, what is the definition of data ownership and location? If the London and Boston offices of a company hosting on Azure both make substantial contributions to the same database, which location “owns” the data? What about data in transit (traveling over the network) vs. at rest (static in a data center)? In today’s world, the answer may be to default to European locations given GDPR, but what happens if other regions enact their own versions of GDPR?
To effectively lobby, business leaders need to shift politicians’ fundamental way of thinking about data and digital supply chains. Cloud companies should also look internally to tackle tricky questions about data ownership in their products.
I had not considered isolationist policies in the context of data and cloud computing – I thought this essay was really interesting!
I completely agree that these policies are challenging for companies and can make it difficult to compete with local players. Furthermore, for a global Azure customer, keep track of these policies and different costs that may be passed through because of this complexity is an additional downside effect.
However, I do believe governments have rights to and should enact rules upon multinational corporations in the interest of their citizens. For example, the EU has often taken a strong stance against many tech companies. Many citizens were in support when it enacted the ‘right to be forgotten,’ allowing individuals to petition to take certain pieces of information off the internet. On the one hand, one could argue the need for these types of nationalist data policies in order to ensure adherence and control to legislative measures like these. On the other hand, as the previous commentator suggested, a better solution may require a fundamental shift in the way countries and organizations look at data and the data supply chain.
Very interesting essay.
I think the main tensions here relate to national security and economic development. It is particularly interesting to me that there are European regulations around these data centers – and I am curious as to how many of these EU regulations are related to economic development initiatives (no one wants to be left behind in the cloud computing “revolution”), vs concerns around national security and having access to consumer data when needed.
I believe data should be regulated, but it should be regulated in such a manner that allows for full consumer privacy (including privacy to their governments). If they have to require data centers to be built in country to enforce those regulations, then this is the price of doing business. However, if countries could agree on data protection standards, then there should be no need to build localized data centers if they are not cost effective.
Super interesting application of isolationism.
What really intrigues me the history of data protectionist policies and how this has evolved and how it might continue to do so in the future. Historically, the free data exchange has enabled the internet to work seamlessly and enabled it to become a global trade route. However, in the recent past there have been several concerns on data privacy and protection (e.g. Snowden revelations) . One of the outcomes of these growing concerns was the European Union creating a separate EU cloud which has been referred to in this article. [1]
Given data is power, the two critical questions that needs to answered not just for Microsoft but all global corporations:
1. Who owns the data (creators or platforms) and how will regulations be defined in this regard?
2. How will data flow continue to remain fluid but at the same time respect the privacy and ownership of the data owners
Personally, I think free flowing data is critical for businesses to continue to operate effectively. Law and security measures need to be developed that ensure data owners are adequately protected and compensated.
[1] https://democracyjournal.org/magazine/34/beyond-borders-fighting-data-protectionism/
A fascinating look at protectionism in the data space and how it increases costs for major corporates. I do find some value in these measures since in theory, they are ways to help protect the users who are generating the data. If all data sets were centralized wherever a corporate chose, the impact of hacking could be cataclysmic. Entire systems could be lost and hundreds of millions of users impacted simultaneously.
I do believe data access should be regulated in a way that promotes user safety rather than isolationist trends. For example, the notion of government accessing huge data sets of private or publicly traded firms is a matter of extreme importance. In China, we see a major consolidation in the chat and social media space with WeChat. WeChat captures a complete view of its users, from payments, location services, restaurant preference, friendship network, personal videos, user behavior, texts and voice notes, to posted images. In order to operate, WeChat is obligated to deliver this data to the Chinese government. Is this akin to destroying the notion of privacy? Should this be regulated, and if so how? If there were an international standard for data usage and access, this may safely replace data isolationism. For now, isolationist policies might be the best proxy currently available to try to protect users.
I found this article fascinating. The concept of protectionist policies applying to cloud infrastructure was new to me and I think it raises some interesting talking points. However given the plethora of data storage and fairly simple software development, dare I say data storage is a commodity? To me it appears fungible and thus, is differentiation even possible? I don’t think it is, and if points of difference can be created, I don’t think their impact is noteworthy. Thus, how can Azure best compete in a global market? You mentioned quality, but what does that mean? Customer service? Speed? Reliability? Pricing? To me, Azure can best attack their “commodity” problem by creating interdependencies between Azure and other Microsoft products. These may exist through pricing strategies or perhaps technological synergies. There are inherent risks – customers may migrate to other services if the interdependencies don’t create significant value. Still, given the maturing data storage environment and the challenges Azure is facing, I see few alternatives.