- This section of the Scorecard examines data privacy regulation and the presence and structure of privacy regulators in each jurisdiction. The section also examines registration requirements for data controllers and data breach notification requirements.
The Scorecard reveals that most countries have data protection laws in place and have established independent privacy commissioners. Many of these laws are based on a mix of the OECD Guidelines, the EU Directive or the APEC Privacy Principles. Unfortunately, registration requirements for data controllers or data transfers may act as barriers to the take-up of cloud services. Such requirements are common in some countries, including requirements for registering crossborder transfers in some EU countries.
Korea, which replaced its patchwork of privacy protections with modern and comprehensive legislation in 2011, scored 9.3 out of 10 available points to top the Scorecard’s rankings in the privacy section. At the other end of the spectrum, South Africa finished with just 2.8 points.
The Scorecard also reveals substantial pending data protection law reform, with major reviews and proposals in China, The European Union, India, Singapore, South Africa and the United States. This is an area of rapid legal development. Unfortunately, some key jurisdictions, including China, India, Indonesia and Singapore do not yet have any substantial data protection laws in place.
Such developments are important because cloud users will fully accept and adopt cloud computing only if they are confident that private information stored in the cloud, wherever in the world, will not be used or disclosed by the cloud provider in unexpected ways. National privacy regimes should be predictable, transparent and avoid unnecessarily burdensome restrictions on cloud service providers such as registration requirements for data controllers and cross-border data transfers. Cloud providers should be encouraged to establish privacy policies that are appropriate for the particular cloud service they provide and the business model they use.
- SecurityConsumers of cloud computing and other digital services (including both private-sector and government users) need assurance that cloud service providers understand and appropriately manage the security risks associated with storing their data and running their applications on cloud systems. This section of the Scorecard examines whether security criteria and the ongoing testing of security measures are the subject of regulation in each jurisdiction. The Security section also examines electronic signature laws and Internet censorship or filtering requirements. Japan tops the Scorecard’s security section with 8.4 of the 10 available points; Thailand’s regime, on the other end of the scale, nets just 1.6 points.
The Scorecard reveals that most countries do have clear, technology neutral electronic signature laws. In addition, security requirements are in place in most jurisdictions, and security audit requirements were generally absent.
A number of countries — ranging from advanced markets like Korea (6.0 points on security) to developing countries like India (4.4) — have implemented Internet filtering or censorship regimes that may act as a barrier to the expansion of the digital economy and cloud computing. Some such regimes regulate criminal conduct, including distribution of illegal material, particularly child pornography. However, a number of the filtering or censorship schemes appear to include a strong political element, in that they regularly block sites that expressed political dissent. China, for example, restricts access to online content under a large and complex legal and technical regime that invokes the protection of national security and social order. This factor played a significant factor in China scoring just 2.0 points in the security section.
viernes, 24 de febrero de 2012
BSA Cloud Scorecard 2012
The first-of-its-kind BSA Global Cloud Computing Scorecard ranks 24 countries accounting for 80 percent of the global ICT market based on seven policy categories that measure the countries’ preparedness to support the growth of cloud computing. This unprecedented insight into the laws and regulations of markets around the world provides a window into which countries are best poised to capitalize on the technological and economic benefits of cloud computing.
Among other findings: The Scorecard reveals that while developed nations are more “cloud ready” than developing economies, troubling obstacles emerge when you examine the lack of alignment in the legal and regulatory environments in many of those advanced countries. A healthy national market for cloud computing does not necessarily translate into a market that is “in harmony” with the laws of other countries in a way that will allow for the smooth flow of data across borders. It is this kind of harmony that is needed to advance the growth of cloud computing at the level that will allow it to truly take advantage of its global efficiencies.
Scorecard ThemesThe Scorecard examines major laws and regulations relevant to cloud computing in seven policy categories as well as each country’s ICT-related infrastructure and broadband deployment. These policy categories align with the BSA’s Cloud Computing Guiding Principles, which underpin the Scorecard’s analytical framework and its suggestions for providing a workable framework to allow for the growth of cloud computing.
Cloud Computing Policy Environment