Rush to regulate data sovereignty hampering cloud growth in Asia

By Digital News Asia December 9, 2013

Rush to regulate leads to inconsistent laws from one country to next, blocking economic opportunity
Widening ‘cloud divide’ – the gap in cloud adoption between developed and emerging markets

ASIA’S ability to capitalise on cloud computing will be jeopardised if governments continue to rush to regulate without giving adequate consideration to consistency across the Asian region, according to research commissioned by the Asia Cloud Computing Association.

Research was conducted across 14 Asia Pacific countries using information on data sovereignty factors that helped or hindered the adoption of cloud computing. Each country was assessed on five key assessment criteria: (1) cloud access, (2) data safety, (3) international consistency, (4) cross-border movement, and (5) regulatory stability and enforcement.

The countries covered were Australia, China, Hong Kong, India, Indonesia, Japan, Malaysia, New Zealand, Philippines, Singapore, South Korea, Taiwan, Thailand and Vietnam, the association said in a statement.

Rush to regulate data sovereignty hampering cloud growth in Asia “Governments have taken the initiative to ensure privacy protections, regulatory oversight and support the technology needs of businesses. This has unfortunately led some to rush to regulate,” said Stacy Baird (pic), the chair of the association’s Data Sovereignty Working Group.

“The complexity of cloud technology and how businesses will implement it, misinformation or lack of understanding has led to unclear and inconsistent laws. This has led to adverse business conditions.

“In some sectors such as financial services, in many countries the industry doesn’t know how to comply because the regulators haven’t been clear, or have enacted laws that do not accurately reflect how businesses will use cloud computing, so they simply won’t adopt.

“The resulting rush to regulate is leading to inconsistent laws from one country to the next, blocking economic opportunity,” he added.

The Asia Cloud Computing Association is an industry trade association that represents the stakeholders of the cloud computing ecosystem in Asia, working to ensure that the interests of the cloud computing community are effectively represented in the public policy debate.

Gap between leaders and followers

The report’s scorecard shows a widening ‘cloud divide’ – the gap in cloud adoption between developed markets such as Australia, New Zealand, Japan, and Singapore; and emerging markets such as China, the Philippines and Vietnam.

Japan (80%) ranked top on the Asia Cloud Computing Association’s Data Sovereignty Scorecard for its ability to move data across borders, having a stable legal environment consistent with global norms, ahead of New Zealand (79%), Singapore (78%) and Australia (76%), with China propping up the region on 46% behind Vietnam (48%) and the Philippines (59%).

Among other factors, leading markets were found to have clear data protection laws that corresponded to globally-accepted best practices and a transparency of laws around data protection that did not place filtering or censoring requirements on Internet service providers (ISPs) or cloud service providers (CSPs).

Most of the countries falling behind had no formal data protection laws, discriminated between local and foreign-service providers, imposed excessive restrictions on data transfers to other jurisdictions, or provided for mandatory filtering and/ or censoring of the Internet, the association said.

Inconsistent regulation introduces complexity

The association’s analysis reveals that the biggest challenge to cloud computing adoption in Asia is the lack of regulatory consistency across the region, and consistency with global norms on data privacy and regulatory oversight.

“There is emerging a picture of regulatory chaos and a cloud divide that could prevent Asia Pacific from benefitting from the economies of scale and agility that cloud offers,” said Baird.

“With the correct regulation within a consistent regional framework, cloud adoption will accelerate … but on the current regulatory path, much of the region will miss out on this technology leap and businesses will end up paying the price; at a time where global trade most relies on – and includes – data transfers across borders,” he added.

According to the association, data safety and security remain the key problems alongside the lack of clear regulation on cross-border data flow. And while countries such as India, Indonesia, Taiwan and Vietnam scored lowest on data safety, these nascent markets are precisely the countries that stand to benefit most from the emergence of regional frameworks.

Developing markets such as India, Indonesia, Malaysia and Thailand could also potentially leverage the new opportunities that cloud computing offers to be the next wave of global business process outsourcing (BPO) hubs.

Data Sovereignty Framework for Asia

“The current climate surrounding security and cross-border data transfers presents a unique opportunity for Asia to come together around data sovereignty with a regional framework – indeed, we believe Asia could take the leading role in architecting a basic regional framework on data privacy and regulatory oversight,” said Bernie Trudel (pic), the chair of the association.

“Asia could quite feasibly leapfrog into a leading role on data protection and cross-border transfers, led by some of its emerging markets in South-East Asia. But this will only happen if more and better information is available to make informed decisions about the regulatory landscape,” he added.

Cloud computing is expected to create 14 million new jobs globally between 2011 and 20152, of which 10 million will be in Asia, according to IDC study Cloud Computing & Worldwide Job Creation.

The public cloud market in Asia Pacific could be worth US$21.8 billion by 2020, according to Forrester Research’s Sizing the Cloud Markets in Asia Pacific report.