BSA & Galexia Global Coud Computing Scorecard (2018) - Galexia Analytics Release
8. Themes and Criteria (updated for the 2018 Scorecard)
The BSA Global Cloud Computing Scorecard examines the legal and regulatory framework of 24 countries around the world, identifying 72 criteria that are relevant to determining readiness for cloud computing. The questions are categorized under the 8 policy themes, and are generally framed so as to be answerable by “yes” or “no.” The answers are also color coded:
[YES] Indicates a positive assessment, which is generally considered to be an encouraging step toward the establishment of a favorable legal and regulatory environment for cloud computing.
[NO] Indicates a negative assessment and the presence of a potential barrier to the establishment of a favorable legal and regulatory environment for cloud computing.
[PARTIAL] Indicates that the assessment is positive in part, although some gaps or inconsistencies may exist that require further remedial work.
Indicates a fact-finding question on relevant issues.
The Scorecard aims to provide a platform for discussion between policymakers and providers of cloud offerings, with a view toward developing an internationally harmonized regime of laws and regulations relevant to cloud computing. It is a tool that can help policymakers conduct a constructive self-evaluation, and determine the next steps that need to be taken to help advance the growth of global cloud computing.
Responses for the infrastructure portion of the Scorecard are color coded based on the scale below. That is, the “highest” answer to a particular question (e.g., the largest population or highest number of Internet users) is indicated in bright green, and the color for other responses graduates down to the lowest response in red.
Q |
Theme / Criteria |
Checklist response |
1. |
||
1.1. |
Is a data protection law or regulation in place? |
YES | NO | PARTIAL | DRAFT |
1.2. |
What is the scope and coverage of the data protection law or regulation? |
INFORMATION GATHERING |
1.3. |
Is a data protection authority in place? |
YES | NO | PARTIAL |
1.4. |
What is the nature of the data protection authority? |
INFORMATION GATHERING |
1.5. |
Is the data protection authority enforcing the data protection law or regulation in an effective and transparent manner? |
YES | NO | PARTIAL |
1.6. |
Is the data protection law or regulation compatible with globally recognized frameworks that facilitate international data transfers? |
INFORMATION GATHERING |
1.7. |
Are data controllers free from registration requirements? |
YES | NO | PARTIAL |
1.8. |
Are there cross border data transfer requirements in place? |
INFORMATION GATHERING |
1.9. |
Are cross border data transfers free from arbitrary, unjustifiable or disproportionate restrictions, such as national or sector-specific data or server localization requirements? |
YES | NO | PARTIAL |
1.10. |
Is there a personal data breach notification law or regulation? |
YES | NO | PARTIAL | DRAFT |
1.11. |
Are personal data breach notification requirements transparent, risk-based and not overly prescriptive? |
YES | NO | PARTIAL |
1.12. |
Is an independent private right of action available for breaches of data privacy? |
YES | NO | PARTIAL | DRAFT |
2. |
||
2.1. |
Is there a national cybersecurity strategy in place? |
YES | NO | PARTIAL | DRAFT |
2.2. |
Is the national cybersecurity strategy current, comprehensive and inclusive? |
YES | NO | PARTIAL |
2.3. |
Are there laws or appropriate guidance containing general security requirements for cloud service providers? |
YES | NO | PARTIAL | DRAFT |
2.4. |
Are laws or guidance on security requirements transparent, risk-based and not overly prescriptive? |
YES | NO | PARTIAL |
2.5. |
Are there laws or appropriate guidance containing specific security audit requirements for cloud service providers that take account of international practice? |
YES | NO | PARTIAL | DRAFT |
2.6. |
Are international security standards, certification and testing recognized as meeting local requirements? |
YES | NO | PARTIAL |
3. |
||
3.1. |
Are cybercrime laws or regulations in place? |
YES | NO | PARTIAL | DRAFT |
3.2. |
Are cybercrime laws or regulations consistent with the Budapest Convention on Cybercrime? |
YES | NO | PARTIAL |
3.3. |
Do local laws and policies on law enforcement access to data avoid technology specific mandates or other barriers to the supply of security products and services? |
YES | NO | PARTIAL |
3.4. |
Are arrangements in place for the cross border exchange of data for law enforcement purposes that are transparent and fair? |
YES | NO | PARTIAL |
4. |
||
4.1. |
Are copyright laws or regulations in place that are consistent with international standards to protect cloud service providers? |
YES | NO | PARTIAL | DRAFT |
4.2. |
Are copyright laws or regulations effectively enforced and implemented? |
YES | NO | PARTIAL |
4.3. |
Is there clear legal protection against misappropriation of trade secrets? |
YES | NO | PARTIAL | DRAFT |
4.4. |
Is the law or regulation on trade secrets effectively enforced? |
YES | NO | PARTIAL |
4.5. |
Is there clear legal protection against the circumvention of Technological Protection Measures? |
YES | NO | PARTIAL | DRAFT |
4.6. |
Are laws or regulations on the circumvention of Technological Protection Measures effectively enforced? |
YES | NO | PARTIAL |
4.7. |
Are there clear legal protections in place for software implemented inventions? |
YES | NO | PARTIAL | DRAFT |
4.8. |
Are laws or regulations on the protection of software implemented inventions effectively implemented? |
YES | NO | PARTIAL |
5. |
||
5.1. |
Is there a regulatory body responsible for standards development for the country? |
YES | NO | PARTIAL |
5.2. |
Are international standards favored over domestic standards? |
YES | NO | PARTIAL |
5.3. |
Does the government participate in international standards setting process? |
YES | NO | PARTIAL |
5.4. |
Are e-commerce laws or regulations in place? |
YES | NO | PARTIAL | DRAFT |
5.5. |
What international instruments are the e-commerce laws or regulations based on? |
INFORMATION GATHERING |
5.6. |
Is there a law or regulation that gives electronic signatures clear legal weight? |
YES | NO | PARTIAL | DRAFT |
5.7. |
Are cloud service providers free from mandatory filtering or censoring? |
YES | NO | PARTIAL |
6. |
||
6.1. |
Is a national strategy or platform in place to promote the development of cloud services and products? |
YES | NO | PARTIAL |
6.2. |
Are there any laws or policies in place that implement technology neutrality in government? |
YES | NO | PARTIAL |
6.3. |
Are cloud computing services able to operate free from laws or policies that either mandate or give preference to the use of certain products services, standards or technologies? |
YES | NO | PARTIAL |
6.4. |
Are cloud computing services able to operate free from laws, procurement policies or licensing rules that discriminate based on the nationality of the vendor, developer or service provider? |
YES | NO | PARTIAL |
6.5. |
Has the country signed and implemented international agreements that ensure the procurement of cloud services is free from discrimination? |
YES | NO | PARTIAL |
6.6. |
Are services delivered by cloud providers free from tariffs and other trade barriers? |
YES | NO | PARTIAL |
6.7. |
Are cloud computing services able to operate free from laws or policies that impose data localization requirements? |
YES | NO | PARTIAL |
7. |
||
7.1. |
Is there a National Broadband Plan? |
Summary text |
7.2. |
Is the National Broadband Plan being effectively implemented? |
YES | NO | PARTIAL |
7.3. |
Are there laws or policies that regulate "net neutrality"? |
INFORMATION GATHERING |
7.4. |
Base Indicators |
|
7.4.1. |
Population (millions) (2015) |
Number |
7.4.2. |
Urban Population (%) (2015) |
Percentage |
7.4.3. |
Number of Households (millions) (2015) |
Number |
7.4.4. |
Population Density (people per square km) (2015) |
Number |
7.4.5. |
Per Capita GDP (US$ 2015) |
Number |
7.4.6. |
ICT Service Exports (billions of US$) (2015) |
Number |
7.4.7. |
Personal Computers (% of households) (2015) |
Percentage |
7.5. |
IT and Network Readiness Indicators |
|
7.5.1. |
ITU ICT Development Index (IDI) (2016) |
Score |
7.5.2. |
World Economic Forum Networked Readiness Index (NRI) (2016) |
Score |
7.6. |
Internet Users and International Bandwidth |
|
7.6.1. |
Internet Users (millions) (2015) |
Number |
7.6.2. |
Internet Users (& of population) (2015) |
Percentage |
7.6.3. |
International Internet Bandwidth (2015) (total gigabits per second (Gbps) per country) |
Number |
7.6.4. |
International Internet Bandwidth (bits per second (bps) per internet user) (2015) |
Number |
7.7. |
Fixed Broadband |
|
7.7.1. |
Fixed Broadband Subscriptions (millions) (2015) |
Number |
7.7.2. |
Fixed Broadband Subscriptions (% of households) (2015) |
Percentage |
7.7.3. |
Fixed Broadband Subscriptions (% of population) (2015) |
Percentage |
7.7.4. |
Fixed Broadband Subscriptions (% of Internet users) (2015) |
Percentage |
7.7.5. |
Average Broadband Data Connection Speed (Q1 2017) (total megabits per second (Mbps) per country) |
Number |
7.8. |
Fiber-to-the-home/building (FttX) |
|
7.8.1. |
Fiber-to-the-home/building (FttX) Internet Subscriptions (millions) (2015) |
Number |
7.8.2. |
Proportion of Fiber-to-the-home/building (FttX) Internet Subscriptions (% of households) (2015) |
Percentage |
7.8.3. |
Proportion of Fiber-to-the-home/building (FttX) Internet Subscriptions (% of fixed broadband subscriptions) (2015) |
Percentage |
7.9. |
Mobile Broadband |
|
7.9.1. |
Mobile Cellular Subscriptions (millions) (2015) |
Number |
7.9.2. |
Number of Active Mobile Broadband Subscriptions (millions) (2015) |
Number |
7.9.3. |
Active Mobile Broadband Subscriptions (% of population) (2015) |
Number |
7.9.4. |
Average Mobile Data Connection Speed (Q1 2017) (total megabits per second (Mbps) per country) |
Number |