Think Local, Act Global with Cloud Data Protection Policy:
These comments were part of series of observations from Jeff Gould, President of SafeGov.org, at a recent roundtable hosted by the Asia Cloud Computing Association (ACCA) in Singapore. SafeGov.org is a forum for IT providers and leading industry experts dedicated to promoting trusted and responsible cloud computing offerings for the public sector.
Jeff briefed members and invited guests about how he sees the role of public policy in driving a safe cloud environment. He updated the forum that The European Union's (EU) Data Protection laws are being reviewed and will have major implications on the free flow of information between Europe and Asia. With the EU being a strategic trading bloc with many Asian markets (there is more than $260 billion in annual bilateral trade between the EU and ASEAN markets alone), the impact of data protection laws in EU need to be considered alongside the implementation of new laws in countries such as Singapore, Malaysia, Philippines, Hong Kong and Australia.
As many of these markets seek to become major cloud computing and data service hubs, close attention needs to be paid to how these local laws interoperate with developments in Europe. Jeff noted that no country in Asia Pacific (with the exception of New Zealand) meets Europe's stringent data protection requirements, and effectively excludes them from being data transfer partners with the region.
Jeff's experience in the US shows that there are ways to help drive local laws as well as create international harmonization. For instance, companies with datacenters in different markets enact binding corporate rules (BCRs) internally that are compliant with EU regulations while the incorporation of ‘model clauses' in contract with European customers means that non-European Economic Area (EEA) data processors such as those domiciled in the US can abide by EU data protection standards.
With trade in data and virtual services set to become a major economic driver for markets across Asia, governments across the region should be encouraged to update and modernize their data protection and cloud computing laws, but ensure that they think local and act global in the development of confident, trustworthy but interoperable cloud regulation. This is certainly something the ACCA and its members consider to be a major measure of cloud maturity in any market and an important metric in our Cloud Readiness Index ratings.