Galexia

BSA & Galexia Global Coud Computing Scorecard (2018) - Galexia Analytics Release

8. Themes and Criteria (updated for the 2018 Scorecard)

The BSA Global Cloud Computing Scorecard examines the legal and regulatory framework of 24 countries around the world, identifying 72 criteria that are relevant to determining readiness for cloud computing. The questions are categorized under the 8 policy themes, and are generally framed so as to be answerable by “yes” or “no.” The answers are also color coded:

[YES] Indicates a positive assessment, which is generally considered to be an encouraging step toward the establishment of a favorable legal and regulatory environment for cloud computing.
[NO] Indicates a negative assessment and the presence of a potential barrier to the establishment of a favorable legal and regulatory environment for cloud computing.
[PARTIAL] Indicates that the assessment is positive in part, although some gaps or inconsistencies may exist that require further remedial work.
Indicates a fact-finding question on relevant issues.

The Scorecard aims to provide a platform for discussion between policymakers and providers of cloud offerings, with a view toward developing an internationally harmonized regime of laws and regulations relevant to cloud computing. It is a tool that can help policymakers conduct a constructive self-evaluation, and determine the next steps that need to be taken to help advance the growth of global cloud computing.

Responses for the infrastructure portion of the Scorecard are color coded based on the scale below. That is, the “highest” answer to a particular question (e.g., the largest population or highest number of Internet users) is indicated in bright green, and the color for other responses graduates down to the lowest response in red.

Q

Theme / Criteria

Checklist response

1.

DATA PRIVACY


1.1.

Is a data protection law or regulation in place? 

YES | NO | PARTIAL | DRAFT

1.2.

What is the scope and coverage of the data protection law or regulation?

INFORMATION GATHERING
- Comprehensive
- Sectoral
- Not applicable

1.3.

Is a data protection authority in place? 

YES | NO | PARTIAL

1.4.

What is the nature of the data protection authority?

INFORMATION GATHERING
- Collegial body
- Sole commissioner
- Other government official
- Not applicable

1.5.

Is the data protection authority enforcing the data protection law or regulation in an effective and transparent manner? 

YES | NO | PARTIAL

1.6.

Is the data protection law or regulation compatible with globally recognized frameworks that facilitate international data transfers?

INFORMATION GATHERING
- APEC framework
- EU framework
- APEC framework & EU framework
- Not applicable

1.7.

Are data controllers free from registration requirements? 

YES | NO | PARTIAL

1.8.

Are there cross border data transfer requirements in place?

INFORMATION GATHERING
- No requirements
- Brief requirements
- Detailed requirements

1.9.

Are cross border data transfers free from arbitrary, unjustifiable or disproportionate restrictions, such as national or sector-specific data or server localization requirements? 

YES | NO | PARTIAL

1.10.

Is there a personal data breach notification law or regulation? 

YES | NO | PARTIAL | DRAFT

1.11.

Are personal data breach notification requirements transparent, risk-based and not overly prescriptive? 

YES | NO | PARTIAL

1.12.

Is an independent private right of action available for breaches of data privacy? 

YES | NO | PARTIAL | DRAFT

2.

SECURITY


2.1.

Is there a national cybersecurity strategy in place? 

YES | NO | PARTIAL | DRAFT

2.2.

Is the national cybersecurity strategy current, comprehensive and inclusive? 

YES | NO | PARTIAL

2.3.

Are there laws or appropriate guidance containing general security requirements for cloud service providers? 

YES | NO | PARTIAL | DRAFT

2.4.

Are laws or guidance on security requirements transparent, risk-based and not overly prescriptive? 

YES | NO | PARTIAL

2.5.

Are there laws or appropriate guidance containing specific security audit requirements for cloud service providers that take account of international practice? 

YES | NO | PARTIAL | DRAFT

2.6.

Are international security standards, certification and testing recognized as meeting local requirements? 

YES | NO | PARTIAL

3.

CYBERCRIME


3.1.

Are cybercrime laws or regulations in place? 

YES | NO | PARTIAL | DRAFT

3.2.

Are cybercrime laws or regulations consistent with the Budapest Convention on Cybercrime? 

YES | NO | PARTIAL

3.3.

Do local laws and policies on law enforcement access to data avoid technology specific mandates or other barriers to the supply of security products and services? 

YES | NO | PARTIAL

3.4.

Are arrangements in place for the cross border exchange of data for law enforcement purposes that are transparent and fair? 

YES | NO | PARTIAL

4.

INTELLECTUAL PROPERTY RIGHTS


4.1.

Are copyright laws or regulations in place that are consistent with international standards to protect cloud service providers?

YES | NO | PARTIAL | DRAFT

4.2.

Are copyright laws or regulations effectively enforced and implemented?

YES | NO | PARTIAL

4.3.

Is there clear legal protection against misappropriation of trade secrets? 

YES | NO | PARTIAL | DRAFT

4.4.

Is the law or regulation on trade secrets effectively enforced? 

YES | NO | PARTIAL

4.5.

Is there clear legal protection against the circumvention of Technological Protection Measures? 

YES | NO | PARTIAL | DRAFT

4.6.

Are laws or regulations on the circumvention of Technological Protection Measures effectively enforced? 

YES | NO | PARTIAL

4.7.

Are there clear legal protections in place for software implemented inventions? 

YES | NO | PARTIAL | DRAFT

4.8.

Are laws or regulations on the protection of software implemented inventions effectively implemented? 

YES | NO | PARTIAL

5.

STANDARDS AND INTERNATIONAL HARMONIZATION


5.1.

Is there a regulatory body responsible for standards development for the country? 

YES | NO | PARTIAL

5.2.

Are international standards favored over domestic standards? 

YES | NO | PARTIAL

5.3.

Does the government participate in international standards setting process? 

YES | NO | PARTIAL

5.4.

Are e-commerce laws or regulations in place? 

YES | NO | PARTIAL | DRAFT

5.5.

What international instruments are the e-commerce laws or regulations based on?

INFORMATION GATHERING
- UNCITRAL Model Law on E-Commerce
- UN Convention on E-Contracting
- Other
- Not applicable

5.6.

Is there a law or regulation that gives electronic signatures clear legal weight? 

YES | NO | PARTIAL | DRAFT

5.7.

Are cloud service providers free from mandatory filtering or censoring? 

YES | NO | PARTIAL

6.

PROMOTING FREE TRADE


6.1.

Is a national strategy or platform in place to promote the development of cloud services and products? 

YES | NO | PARTIAL

6.2.

Are there any laws or policies in place that implement technology neutrality in government? 

YES | NO | PARTIAL

6.3.

Are cloud computing services able to operate free from laws or policies that either mandate or give preference to the use of certain products services, standards or technologies? 

YES | NO | PARTIAL

6.4.

Are cloud computing services able to operate free from laws, procurement policies or licensing rules that discriminate based on the nationality of the vendor, developer or service provider? 

YES | NO | PARTIAL

6.5.

Has the country signed and implemented international agreements that ensure the procurement of cloud services is free from discrimination? 

YES | NO | PARTIAL

6.6.

Are services delivered by cloud providers free from tariffs and other trade barriers? 

YES | NO | PARTIAL

6.7.

Are cloud computing services able to operate free from laws or policies that impose data localization requirements? 

YES | NO | PARTIAL

7.

IT READINESS AND BROADBAND INFRASTRUCTURE


7.1.

Is there a National Broadband Plan?

Summary text

7.2.

Is the National Broadband Plan being effectively implemented? 

YES | NO | PARTIAL

7.3.

Are there laws or policies that regulate "net neutrality"?

INFORMATION GATHERING
- Extensive regulation
- Limited regulation
- Regulation under consideration
- No regulation

7.4.

Base Indicators


7.4.1.

Population (millions) (2015)
- Total for all countries in this scorecard: 4,700 million

Number

7.4.2.

Urban Population (%) (2015)
- Average for all countries in this scorecard: 73%

Percentage

7.4.3.

Number of Households (millions) (2015)
- Total for all countries in this scorecard: 1,249 million

Number

7.4.4.

Population Density (people per square km) (2015)
- Average for all countries in this scorecard: 471

Number

7.4.5.

Per Capita GDP (US$ 2015)
- Average for all countries in this scorecard: US$ 22,649

Number

7.4.6.

ICT Service Exports (billions of US$) (2015)
- Total for all countries in this scorecard: US$ 978 billion

Number

7.4.7.

Personal Computers (% of households) (2015)
- Average for all countries in this scorecard: 63%

Percentage

7.5.

IT and Network Readiness Indicators


7.5.1.

ITU ICT Development Index (IDI) (2016)
(Score is out of 10 and covers 175 countries)
- Average for all countries in this scorecard: 6.58

Score

7.5.2.

World Economic Forum Networked Readiness Index (NRI) (2016)
(score is out of 7 and covers 139 countries)
- Average for all countries in this scorecard: 4.77

Score

7.6.

Internet Users and International Bandwidth


7.6.1.

Internet Users (millions) (2015)
- Total for all countries in this scorecard: 2,330 million

Number

7.6.2.

Internet Users (& of population) (2015)
- Average for all countries in this scorecard: 67%

Percentage

7.6.3.

International Internet Bandwidth (2015) (total gigabits per second (Gbps) per country)
- Total for all countries in this scorecard: 117,736 Gbps

Number

7.6.4.

International Internet Bandwidth (bits per second (bps) per internet user) (2015)
- Average for all countries in this scorecard: 97,747 bps

Number

7.7.

Fixed Broadband


7.7.1.

Fixed Broadband Subscriptions (millions) (2015)
- Total for all countries in this scorecard: 697 million

Number

7.7.2.

Fixed Broadband Subscriptions (% of households) (2015) 
- Average for all countries in this scorecard: 63%

Percentage

7.7.3.

Fixed Broadband Subscriptions (% of population) (2015) 
- Average for all countries in this scorecard: 21%

Percentage

7.7.4.

Fixed Broadband Subscriptions (% of Internet users) (2015) 
- Average for all countries in this scorecard: 29%

Percentage

7.7.5.

Average Broadband Data Connection Speed (Q1 2017) (total megabits per second (Mbps) per country)
- Average for all countries in this scorecard: 12 Mbps
- Average peak for all countries in this scorecard: 70 Mbps

Number

7.8.

Fiber-to-the-home/building (FttX)


7.8.1.

Fiber-to-the-home/building (FttX) Internet Subscriptions (millions) (2015)
- Total for all countries in this scorecard: 258 million

Number

7.8.2.

Proportion of Fiber-to-the-home/building (FttX) Internet Subscriptions (% of households) (2015) 
- Average for all countries in this scorecard: 18%

Percentage

7.8.3.

Proportion of Fiber-to-the-home/building (FttX) Internet Subscriptions (% of fixed broadband subscriptions) (2015) 
- Average for all countries in this scorecard: 23%

Percentage

7.9.

Mobile Broadband


7.9.1.

Mobile Cellular Subscriptions (millions) (2015)
- Total for all countries in this scorecard: 4,823 million

Number

7.9.2.

Number of Active Mobile Broadband Subscriptions (millions) (2015)
- Total for all countries in this scorecard: 2,506 million

Number

7.9.3.

Active Mobile Broadband Subscriptions (% of population) (2015) 
- Average for all countries in this scorecard: 77%

Number

7.9.4.

Average Mobile Data Connection Speed (Q1 2017) (total megabits per second (Mbps) per country)
- Average for all countries in this scorecard: 11 Mbps

Number



[ Galexia Dots ]