BSA & Galexia Global Coud Computing Scorecard (2018) - Galexia Analytics Release
Data Privacy
Cloud users need to trust that their data, which may be stored anywhere in the world, will not be used
or disclosed by a cloud provider in unauthorized ways. Countries can provide these assurances with appropriate privacy laws. But it is a delicate balance — unnecessarily burdensome restrictions will hinder the important advantages of cloud computing that users want and need.
This section of the Scorecard examines how countries are managing these competing interests. Overall, the concern for privacy has produced many positive results across jurisdictions, including significant law reform and a greater public awareness of data privacy issues.
Most countries in the Scorecard have data protection frameworks in place and have established independent privacy commissioners. Many of the data protection laws are now being updated to meet new international standards — such as the European Union General Data Protection Regulation (GDPR) and the APEC Cross Border Privacy scheme (CBPRs).
Unfortunately, privacy laws are still absent or insufficient in several countries. Brazil and Thailand have no comprehensive laws in place, while laws in China, India, Indonesia, and Vietnam remain very limited.
A small number of countries have adopted or proposed prescriptive data localization regimes that would require cloud providers to restrict the free flow of data or build costly — and unnecessary — servers in order to provide services in a specific market.
Canada and Mexico score highest in the privacy section, offering comprehensive privacy regimes without onerous registration requirements. Countries with no laws ( Brazil and Thailand) and countries with prescriptive data localization requirements (such as Russia and Indonesia) score poorly in this section.