Time is Ripe for ASEAN’s Cloud-First Policy

By Desarack Teso | April 29, 2021, 1.30PM

Photo by Clint Patterson on unsplash

The time is ripe for Member States of the Association of Southeast Asian Nations (ASEAN) to take initiative to promote the adoption of cloud computing in the public sector. Just as the current unprecedented time requires more digital innovation, creative policymaking is required as well.

The Framework on Digital Data Governance that was agreed to in 2018 could be a potential platform. Under this framework, the Member States approved the Data Management Framework (DMF) and the Model Contractual Clauses for Cross Border Data Flows (MCCs)  in January 2021. This came on the heels of ASEAN’s signing of the Regional Comprehensive Economic Partnership Agreement (RCEP) with major economies – Australia, China, Japan, Korea and New Zealand – in November 2020.

These multilateral instruments will no doubt help to facilitate cross border data flow and promote data protection, but they do not apply to the public sector.

RCEP Agreement

Chapter 12 on Electronic Commerce commits the signatories not only to promote cross-border data flow, but also to refrain from requiring computing facilities (e.g., servers, data centers) to be located locally as a condition to conduct business in its territory. However, these commitments do not apply to a “financial institution” or a “public entity.”

Data Management Framework

The DMF, which was previously called the ASEAN Data Classification Framework, recognizes that companies need to develop data governance structure and appropriate data protection safeguards based on the purpose of data use throughout the data lifecycle (e.g., data in transit, data at rest). The DMF sets out voluntary and practical guidance for private sector businesses operating in ASEAN to enable them to build their own policies and procedures using a risk-based data management methodology.\

Model Contractual Clauses for Cross Border Data Flows

The MCCs are voluntary, baseline contractual terms and conditions that may be included in a binding commercial contract between businesses that are transferring personal data to each other across borders. Similar to the EU GDPR’s standard contractual clauses (SCCs) concept, the MCCs could potentially provide a legal basis for the cross-border transfer of data within ASEAN. The ASEAN MCCs provide two modules based upon the nature of the relationships (i.e., Controller-to-Processor Transfer, Controller-to-Controller).

Time is Now for Cloud-First Policy for Public Sector

RCEP, DMF and MCCs provide a great starting point to enhance trust and confidence for private sector companies to use cloud and digital technologies to ensure business and operation continuity amidst the current global pandemic, as well as to avail themselves of new innovation and business opportunities in the post-pandemic era.

As for the public sector, ASEAN Member States such as Malaysia, the Philippines and Singapore that adopted variations of a cloud-first policy and/or strategy before the pandemic should find themselves in a better position to ensure the continuity of government operations and service delivery to their citizens. The Philippines, which was the first Member State to adopt a cloud-first policy in 2017 (and later amended in 2020 in response to the pandemic), requires public sector organizations to adopt cloud computing as the preferred ICT deployment strategy unless they can present “adequate, reasonable and well-reasoned justifications” against the cloud option.

At the ASEAN Leaders’ Meeting held on 24 April 2021, the Member States expressed commitment to support the timely realization of the region’s 2021 deliverables around three strategic priorities of Recovery, Digitization and Sustainability. The time has never been more ripe for ASEAN leaders to initiate a meaningful discussion on a cloud-first policy as one deliverable to advance each of these priorities.

Posted in

Related Articles

How will South Korea’s Online Platform Self-Regulation Work?

By Somang Yang | August 2, 2022 Photo by Joongil Lee on unsplash Since the Yoon Seok-yeol administration took office with a deregulatory zeal, the fate of various legislative efforts to regulate the power of online platforms look doomed. The “Online Platform Fairness Act” was promoted by the ruling Democratic Party of Korea during the Moon […]

Vietnam’s new FDI Strategy promises opportunities for tech companies

By Nga Dao | June 14, 2022, 2.00pm Photo by Samson on unsplash Vietnam’s Deputy Prime Minister Pham Binh Minh has signed off Decision 667/QD-TTg approving the Strategy for foreign investment cooperation in the 2021-2030 period. The Strategy was issued following Resolution 50-NQ/TW of the Politburo (the highest body of the Communist Party of Vietnam) […]

The Indo Pacific Economic Framework for Prosperity

By Mark Chan | June 5, 2022, 2.00pm SGT Photo by Adrian Schwarz on unsplash First proposed by U.S. President Joe Biden at the East Asia Summit in October 2021, the Indo-Pacific Economic Framework for Prosperity (IPEF) has garnered significant attention following its launch in May 2022. It is widely seen as an attempt at […]