Rush to regulate cloud threatening Asia's progress

Kneejerk responses are leading to unclear and inconsistent laws, according to the Asia Cloud Computing Association, which unveiled guidelines to help harmonize data sovereignty laws and its first regional scorecard.
Written by Ryan Huang, Contributor

SINGAPORE--To realize the potential of cloud computing in Asia, the region needs to harmonize policy and regulatory frameworks, according to the Asia Cloud Computing Association (ACCA).

However, there is a challenge with the legal environments across Asia differing significantly, making it a huge challenge for those adopting cloud services in satisfying requirements across multiple jurisdictions, said ACCA.

It will be important for public policy makers to look beyond their own individual economies when planning data sovereignty laws, said Alan Perkins, ACCA's vice chairman, at a briefing here on Thursday.

"The more we have friction and barriers, the more society suffers", noted Perkins, who is also CTO of Rackspace Asia-Pacific. Drawing a parallel to data transfer, he pointed out the early days of rail travel in Australia required passengers to change trains when crossing interstate because of different wheel systems. Another example is the varied electrical systems worldwide burdening both device manufacturers and travellers.

In order to prevent a similar "deadweight loss" in society from uneven cloud computing regulations, it would be in the best interest for everyone to strive toward the same standards, Perkins said.

Onerous data sovereignty regulations can stifle the adoption of cloud computing by mandating specific location for data, according to the ACCA. These regulations may require organizations to leverage a local data center instead of perhaps a better alternative such as in-house or outsourced. Regulatory restrictions may also be used by some countries as protectionist measures.

Asia's growth gives urgency to harmonization

The ACCA's push is timely as historically much of the debate and discussion over IT public policy has taken place in Europe and the United States. However, new conditions are emerging where Asia is likely to lead growth in terms of both on the cloud user and vendor end, and so should play a bigger role in setting global standards.

In line with its vision, the ACCA published on Thursday its first set of guidelines and a scorecard ranking countries in the region. Its study, "The impact of data sovereignty on cloud computing", aims to describe the ideal state of data sovereignty.

Stacy Baird, ACCA's Data Sovereignty Working Group chairman, explained the report will help other regions and other governments as a guidepost to developing frameworks and included country specific recommendations for regulators.

"In order to get maximum technology benefits in everyone one of our countries, we need to have a uniform approach to data sovereignty, that is recognized by ASEAN, recognized by APAC," said Baird, also at the briefing.

Many fare poorly in data access laws

In the scorecard, countries are allocated points in five key areas:

  1. Cloud access: Regulations support the use of cloud computing
  2. Data safety: Data is safe from access and liability regulations
  3. International consistency: Regulatoins are clear, reasonable to comply with, and aligned to global norms
  4. Cross border movement: Consumers can leverage cloud providers from other jurdictions
  5. Regulatory stability and enforcement: Legal environment is predictable, fair, and aligned internationally
ACCA's data sovereignty scorecard ranking 14 Asian economies. (source: ACCA)

While Singapore was among the leaders, it ranked relatively lowly for data access regulations. The country had minimal transparency in data access mechanism, said ACCA. This was a similar problem which Australia, Japan, Malaysia and Hong Kong faced. It noted Philippine authorities could access data under certain situations even without a warrant.

Although China was ranked bottom, the ACCA credited the country for having "no evident prohibitions against the use of cloud computing". However, it was marked down for strict and unclear restrictions on cross border data flow, and regulations at province level were not aligned with globally accepted standards.

Editorial standards