Galexia
             home
       about us
        services
        projects
       research
          contact
» home » research » assets » bsa global cloud computing scorecard 2016  

Subscribe to Galexia news and announcements.
More information »

Privacy Management Strategy (PMS): Galexia's methodologies are used to develop and implement a risk management strategy and practical action plan. Find out more »

[Review of E-commerce Legislation Harmonization in ASEAN (2013)]

Review of E-commerce Legislation Harmonization in ASEAN (2013)
Find out more »

BSA & Galexia Global Coud Computing Scorecard (2016) - Galexia Analytics Release

[« previous] [next »] [up] [title page] [full contents]

Data Privacy

Users of cloud computing continue to be concerned with the protection of private information they store in the cloud. The revelations regarding widespread national security surveillance have increased scrutiny of the issue and its scope.

Cloud users need to trust that their data, which may be stored anywhere in the world, will not be used or disclosed by a cloud provider in unauthorized ways. Countries can provide these assurances with appropriate privacy laws. But it is a delicate balance: unnecessarily burdensome restrictions will hinder the important advantages of cloud computing that users want and need.

This section of the Scorecard examines how countries are managing these competing interests. Overall, the concern for privacy has produced many positive results around the globe, including significant law reform, greater oversight of national security agencies, a strengthening of security and encryption regimes by key cloud service providers and a greater public awareness of data privacy issues.

But in some nations, governments have proposed stronger restrictions on the cross-border transfer of data without further benefits. If those proposals become law, they could negatively impact cloud service providers.

Since 2013, most countries have data protection frameworks in place and have established independent privacy commissioners. Many of the protection laws are based on the Organisation for Economic Co-operation and Development Guidelines, the European Union Data Protection Directive and the Asia-Pacific Economic Cooperation Privacy Principles.

However, some countries still have registration requirements for data controllers and cross-border data transfers in place, and a small number of countries have adopted or proposed prescriptive data localization regimes that would require cloud providers to restrict the free flow of data or build costly — and unnecessary — servers in order to provide services in a specific market.

Canada and Korea have the highest score in the privacy section, offering comprehensive privacy regimes with no onerous registration requirements. Because Japan continues to update and reform its privacy laws, it also scores well in this section. South Africa received a big boost to its score and ranking for introducing a comprehensive privacy regime.

Unfortunately, privacy laws are still absent or insufficient in several countries. Brazil, Thailand and Turkey have no comprehensive laws in place, while laws in China, India, Indonesia and Vietnam remain very limited.

One notable development is the introduction of a new data protection framework in Russia containing prescriptive data localization requirements, such as a new law requiring that the personal data of Russian citizens be stored on servers based in Russia. This new regime is likely to act as a significant barrier to cloud service providers, and Russia’s score and ranking fell as a direct result.

Privacy laws in the European Union and the United States continue to be the subject of significant debate and reform. The EU is close to the final implementation of a new regulation. The proposed General Data Protection Regulation (GDPR) contains many positive elements, and it should drive improved harmonization of laws across Europe. But the proposed regulation presents some challenges and potential administrative burdens for cloud service providers, including its liability regime, extension of data processor burdens, and the potential for jurisdictional clashes on access to data by authorities.

(Editor’s note: Following the completion of the research underlying this year’s research, the United States and European Union have continued to move closer to finalizing a new agreement, the Privacy Shield, that will allow data to continue to be shared across borders. This is an important development that was not finalized in time to fully be considered for this report.)

In the United States, officials have not made significant progress on development of general privacy legislation, but work has increased on improving oversight of national security agencies and improving legal redress avenues for overseas data subjects.

The following visualisations show the transition and patterns in the overall scores and scoring components for this theme over time (from 2012 to 2016):


[ Galexia Dots ]

[« previous] [next »] [up] [title page] [full contents]

[full document] [download PDF version]

[up to research]

 

Search for:

HERE

PrintVersionprint this page

Sitemapsitemap

Subcribe to RSS newsrss news feed

Manage email subscriptionsmanage email subscriptions

Latest News

September 2019
Register of Public Galexia PIAs. Read more »

September 2019
Updates to Galexia Website. Read more »

September 2019
PM&C / Office of the National Data Commissioner (ONDC) releases Discussion Paper and accepts recommendations from Galexia’s PIA on the proposed Data Sharing and Release legislative framework. Read more »

August 2019
Galexia providing privacy advice and an independent public Privacy Impact Assessment (PIA) on 2021 Census for ABS. Read more »

June 2019
Galexia completes privacy advice and an independent Privacy Impact Assessment (PIA) on the Naval Shipbuilding College Workforce Register. Read more »

view all news items »

[Home] [Sitemap] [Print this page] [Privacy statement]

© Galexia Pty Ltd
Telephone: +61 (02) 9660 1111
Email: [email protected]