Introducing the Customer Metadata Boundary

Data localization has become a significant concern in recent years as various countries seek to control or protect their citizens' data. Countries such as Australia, China, India, Brazil, and South Korea have implemented or are considering regulations that assert legal sovereignty over personal data of their citizens. The EU's General Data Protection Regulation (GDPR) is one of the world's most comprehensive data privacy laws, but it does not mandate that personal data must stay within Europe. In response to these concerns and developments, Cloudflare has introduced the Data Localisation Suite, which provides customers with control over where their data is inspected and stored. The suite includes the Customer Metadata Boundary, which ensures that a customer's end-user traffic metadata stays in the EU. This helps address the third concern of many customers who want to keep metadata local as well. The Data Localisation Suite is focused on helping customers in the EU localize data for their inbound HTTP traffic and includes products like Cache, Firewall, DDoS protection, and Bot Management. Cloudflare plans to expand this suite globally and include more of its Data Localisation Products, such as Geo Key Manager and Regional Services. Additionally, they are working on expanding the Metadata Boundary to include their Zero Trust products like Cloudflare for Teams.