From: Out-Law.com
Cloud adoption in Asia has yet to reach its potential because of data protection concerns in the region, the Asia Cloud Computing Association (ACCA) has said.
The group, which lobbies on regulatory issues to promote cloud adoption and whose members include Microsoft, AT&T and Cisco, said that a more harmonised approach to data privacy in Asia could boost the cloud computing industry and help businesses obtain greater flexibility and costs savings from their IT infrastructure.
“The promise of cloud is yet to be fully realised in Asia as it continues to remain surrounded by concerns around data sovereignty, cross border data flow and data security,” ACCA said in a new report seen by Out-Law.com. “Regulators and authorities in Asia have rapidly responded to these concerns by introducing new laws, regulations and compliance requirements which attempt to mitigate the security and data privacy risks associated with the use of cloud computing platforms. However, it is unclear whether regulations are effectively addressing the key risks and may create inconsistencies from one country to another.”
“As legal environments among the 14 countries differ significantly, there is a huge challenge for those adopting cloud services in satisfying requirements across the multiple jurisdictions,” it said.
ACCA assessed the regulatory regimes in Australia, China, Hong Kong, India, Indonesia, Japan, Malaysia, New Zealand, Philippines, Singapore, South Korea, Taiwan, Thailand and Vietnam. Of the 14 countries, ACCA ranked Japan’s legal framework as the most conducive for cloud adoption, but identified barriers to take up present within each country’s regimes.
“From the scorecard results, it is observed that one of the key challenges in promoting cloud computing as an industry is the overall data safety,” the report said. “Specific pain points for most countries are: data access and security, and the lack of regulation on cross border data flow.”
Among its findings, ACCA said China has “strict and unclear restrictions on cross border data flow” and that its “province level” regulations do not align with “globally accepted standards”. It said that whilst Singapore’s regulatory regime is “business friendly”, it said there is “minimal transparency in data access mechanism”. In Hong Kong the same issue is present and means that “authorities are permitted to intercept communications”, the report said.
ACCA said it backed the Asia Pacific Economic Cooperation (APEC) framework which facilitates the consistent transfer of personal data across borders among member countries.
APEC countries, which include Australia, Japan, Singapore and the US, operate a voluntary certified system that is aimed at ensuring data protection standards are consistent when personal data is transferred out of one of the member economies to another.
The APEC Cross-Border Privacy Rules (CBPR) is a relatively new development and operates where businesses submit their plans for governing data transfers to ‘accountability agents’ that are responsible for assessing and ultimately certifying whether businesses meet the standards set out in the CBPR. Those rules contain base requirements that relate to how personal data is collected and use and how secure the information is, among other things.
Data protection expert Rosemary Lee of Pinsent Masons MPillay, the Singapore joint law venture partner of Pinsent Masons, the law firm behind Out-Law.com, said: “Data privacy regulations are hardly homogenous in Asia and this does have an impact since there is a perception that Asian countries do not have sufficiently robust regimes to facilitate cloud adoption. For example, Hong Kong and South Korea have established data protection regimes whilst Malaysia, the Philippines and Singapore have only recently introduced their comprehensive data protection frameworks.”
Leave a Reply