Belarus’s Cross-Border Data Transfer Regulation
The Framework
Belarus’s cross-border data rules hinge on whether the foreign jurisdiction is recognized by the National Personal Data Protection Center (NPDPC) as providing adequate data safeguards. Membership in the Council of Europe Convention 108 or the Eurasian Economic Union typically satisfies Belarus’s adequacy standard. For transfers to “inadequate” regions, companies must either secure explicit, informed consent from data subjects or obtain an individual permit from the NPDPC. Through this system, Belarus grants itself considerable oversight of how personal data crosses its borders.[1]
Implications for U.S. Technology Companies
Because large U.S. technology firms rely heavily on constant data sharing and processing worldwide, Belarus’s requirements can introduce added legal, logistical, and financial hurdles. They may need to implement specific data-localization measures, devote resources to repetitive consent and disclosure processes, or even adjust key features to comply. These obligations can undercut the scale advantages of big U.S. service providers, limiting innovation and market reach in Belarus.
How China Benefits
These same compliance burdens can weigh more heavily on American companies with extensive global operations, leaving a gap that Chinese providers can more readily fill. Chinese tech firms can position themselves as alternatives by tailoring services to meet Belarus’s rules—sometimes with smaller data footprints or more flexible approaches. As a result, while U.S. companies grapple with higher compliance costs, Chinese companies may seize the opportunity to expand into Belarus’s digital landscape, gaining local partnerships and user bases.
Endnotes
[1] DLA Piper, “Data Protection Laws of the World,” accessed February 24, 2025, https://www.dlapiperdataprotection.com/?t=transfer.