2013 Data Sovereignty Report
Launched 5 Dec 2013 in Singapore and 12 Dec 2013 in Hong Kong
SUMMARY OF STUDY [download]
FULL 14 Country Study [DOWNLOAD]
The Impact of Data Sovereignty on Cloud Computing” was created by the Asia Cloud Computing Association (ACCA) to offer detailed information describing the implications of data sovereignty law and policy on the adoption of cloud computing-based infrastructures and services in Asia. By describing and analyzing data sovereignty regulations in 14 countries in this study, the Association identifies potential bottlenecks that could slow adoption and threaten Asia’s digital future.
The study serves to identify the gaps between an "ideal state" and the actual realities in Asian countries around policy, legal and commercial cloud drivers to provide a tool for businesses organizations, cloud service providers and policy makers to look at cloud in a more holistic manner.
This summary report provides an overview of our research strategy and findings from the full report, which is available to members of the ACCA. The full report provides substantive detailed analysis for each of the 14 countries, including 4-5 page detailed insights into the regulatory environment for data sovereignty in each country and recommendations for each country to bring attention to the highest priority issues that if addressed will bring the country closer to the "ideal state".
UNDER EMBARGO UNTIL 5 DEC 2013, 5.30pm (UMT +8) [download in PDF]
Rush to regulate on data sovereignty hampering cloud growth in Asia
5 Dec 2013, SINGAPORE – Asia’s ability to capitalise on cloud computing will be jeopardised if governments continue to rush to regulate without giving adequate consideration to consistency across the Asian region, according to research commissioned by the Asia Cloud Computing Association (ACCA).
The research was compiled across 14 Asia Pacific countries (Australia, China, Hong Kong, India, Indonesia, Japan, Malaysia, New Zealand, Philippines, Singapore, South Korea, Taiwan, Thailand, Vietnam) using information on data sovereignty factors that helped or hindered the adoption of cloud computing. Each country was assessed on five key assessment criteria: (1) cloud access, (2) data safety, (3) international consistency, (4) cross border movement, and (5) regulatory stability and enforcement.
Gap between Leaders and Followers
The report’s scorecard shows a widening “cloud divide” – the gap in cloud adoption between developed markets such as Australia, New Zealand, Japan, and Singapore, and emerging markets such as China, Philippines and Vietnam.
Japan (80%) ranked top on the ACCA Data Sovereignty Scorecard for its ability to move data across borders, having a stable legal environment consistent with global norms, ahead of New Zealand (79%), Singapore (78%) and Australia (76%) with China propping up the region on 46% behind Vietnam (48%) and the Philippines (59%).
Among other factors, leading markets were found to have clear data protection laws that corresponded to globally-accepted best practices and a transparency of laws around data protection that did not place filtering or censoring requirements on Internet Service Providers (ISPs) or Cloud Service Providers (CSPs). Most of the countries falling behind had no formal data protection laws, discriminated between local and foreign-service providers, imposed excessive restrictions on data transfers to other jurisdictions, or provided for mandatory filtering and/or censoring of the Internet.
Inconsistent Regulation introduces Complexity into Cloud
The ACCA analysis reveals that the biggest challenge to cloud computing adoption in Asia is the lack of regulatory consistency across the region and consistency with global norms on data privacy and regulatory oversight.
“Governments have taken the initiative to ensure privacy protections, regulatory oversight and support the technology needs of businesses. This has unfortunately led some to rush to regulate. The complexity of cloud technology and how businesses will implement it, misinformation or lack of understanding has led to unclear and inconsistent laws. This has led to adverse business conditions. In some sectors such as financial services, in many countries the industry doesn’t know how to comply because the regulators haven’t been clear, or have enacted laws that do not accurately reflect how businesses will use cloud computing, so they simply won’t adopt. The resulting rush to regulate is leading to inconsistent laws from one country to the next, blocking economic opportunity,” said Stacy Baird, the Chair of the ACCA’s Data Sovereignty Working Group.
“There is emerging a picture of regulatory chaos and a cloud divide that could prevent Asia Pacific from benefitting from the economies of scale and agility that cloud offers. With the correct regulation within a consistent regional framework, cloud adoption will accelerate… but on the current regulatory path much of the region will miss out on this technology leap and businesses will end up paying the price; at a time where global trade most relies on – and includes – data transfers across borders.”
According to the ACCA, data safety and security remain the key problems alongside the lack of clear regulation on cross border data flow. And while countries such as India, Indonesia, Taiwan and Vietnam scored lowest on data safety, these nascent markets are precisely the countries that stand to benefit most from the emergence of regional frameworks. Developing markets such as India, Indonesia, Malaysia and Thailand could also potentially leverage the new opportunities that cloud computing offers to be the next wave of global business process outsourcing (BPO) hubs.
Opportunity to Develop a Data Sovereignty Framework for Asia
“The current climate surrounding security and cross border data transfers presents a unique opportunity for Asia to come together around data sovereignty with a regional framework – indeed, we believe Asia could take the leading role in architecting a basic regional framework on data privacy and regulatory oversight. The ACCA’s report contributes to this understanding by identifying the building blocks that contribute to a robust data management regime which reflect some of the best ideas from the leading economies in Asia. Asia could take the lead in developing a global secure digital marketplace built on a regional framework for data sovereignty...But this can only be achieved with a better understanding of how laws and regulations are – or are not - impacted by cloud computing,” said Bernie Trudel, the Chair of the ACCA.
“Asia could quite feasibly leapfrog into a leading role on data protection and cross border transfers, led by some of its emerging markets in Southeast Asia. But this will only happen if more and better information is available to make informed decisions about the regulatory landscape.”
Cloud computing is expected to create 14 million new jobs globally between 2011 and 2015 , of which 10 million will be in Asia. The public cloud market in Asia Pacific could be worth $21.8 billion by 2020 .
ACCA’s Data Sovereignty Scorecard