Time is Ripe for ASEAN’s Cloud-First Policy

By Desarack Teso | April 29, 2021, 1.30PM

Photo by Clint Patterson on unsplash

The time is ripe for Member States of the Association of Southeast Asian Nations (ASEAN) to take initiative to promote the adoption of cloud computing in the public sector. Just as the current unprecedented time requires more digital innovation, creative policymaking is required as well.

The Framework on Digital Data Governance that was agreed to in 2018 could be a potential platform. Under this framework, the Member States approved the Data Management Framework (DMF) and the Model Contractual Clauses for Cross Border Data Flows (MCCs)  in January 2021. This came on the heels of ASEAN’s signing of the Regional Comprehensive Economic Partnership Agreement (RCEP) with major economies – Australia, China, Japan, Korea and New Zealand – in November 2020.

These multilateral instruments will no doubt help to facilitate cross border data flow and promote data protection, but they do not apply to the public sector.

RCEP Agreement

Chapter 12 on Electronic Commerce commits the signatories not only to promote cross-border data flow, but also to refrain from requiring computing facilities (e.g., servers, data centers) to be located locally as a condition to conduct business in its territory. However, these commitments do not apply to a “financial institution” or a “public entity.”

Data Management Framework

The DMF, which was previously called the ASEAN Data Classification Framework, recognizes that companies need to develop data governance structure and appropriate data protection safeguards based on the purpose of data use throughout the data lifecycle (e.g., data in transit, data at rest). The DMF sets out voluntary and practical guidance for private sector businesses operating in ASEAN to enable them to build their own policies and procedures using a risk-based data management methodology.\

Model Contractual Clauses for Cross Border Data Flows

The MCCs are voluntary, baseline contractual terms and conditions that may be included in a binding commercial contract between businesses that are transferring personal data to each other across borders. Similar to the EU GDPR’s standard contractual clauses (SCCs) concept, the MCCs could potentially provide a legal basis for the cross-border transfer of data within ASEAN. The ASEAN MCCs provide two modules based upon the nature of the relationships (i.e., Controller-to-Processor Transfer, Controller-to-Controller).

Time is Now for Cloud-First Policy for Public Sector

RCEP, DMF and MCCs provide a great starting point to enhance trust and confidence for private sector companies to use cloud and digital technologies to ensure business and operation continuity amidst the current global pandemic, as well as to avail themselves of new innovation and business opportunities in the post-pandemic era.

As for the public sector, ASEAN Member States such as Malaysia, the Philippines and Singapore that adopted variations of a cloud-first policy and/or strategy before the pandemic should find themselves in a better position to ensure the continuity of government operations and service delivery to their citizens. The Philippines, which was the first Member State to adopt a cloud-first policy in 2017 (and later amended in 2020 in response to the pandemic), requires public sector organizations to adopt cloud computing as the preferred ICT deployment strategy unless they can present “adequate, reasonable and well-reasoned justifications” against the cloud option.

At the ASEAN Leaders’ Meeting held on 24 April 2021, the Member States expressed commitment to support the timely realization of the region’s 2021 deliverables around three strategic priorities of Recovery, Digitization and Sustainability. The time has never been more ripe for ASEAN leaders to initiate a meaningful discussion on a cloud-first policy as one deliverable to advance each of these priorities.

Posted in

Related Articles

What’s Next for AI Governance in ASEAN?

ASEAN is a remarkably diverse region. With over 655 million individuals and 11 official languages across ten states, AI is expected to have a significant impact on every facet of life in ASEAN. AI is already changing how we think about safety, governance, and public discourse, among many other aspects of our social, political, and […]

Vietnam- Embracing Innovation: The Role of FinTech, RegTech, and SupTech in Modern Finance  

In recent years, the Vietnamese financial sector has experienced a wave of innovation driven by FinTech (financial technology), RegTech (regulatory technology), and SupTech (supervisory technology). These technologies promise to enhance the efficiency, transparency, and accessibility of financial services while supporting regulatory compliance and improving oversight. However, to ensure that these developments remain beneficial for customers […]

Southeast Asia’s New Frontier: Welcoming the World’s Digital Nomads

By Mark Chan  Now that we are a few years past the height of the pandemic, the concept of digital nomads is no longer novel. The shift to remote work has reshaped how many people choose to live and travel, which has led to lasting change even as workplace norms continue to evolve. Digital nomads […]