Time is Ripe for ASEAN’s Cloud-First Policy

By Desarack Teso | April 29, 2021, 1.30PM

Photo by Clint Patterson on unsplash

The time is ripe for Member States of the Association of Southeast Asian Nations (ASEAN) to take initiative to promote the adoption of cloud computing in the public sector. Just as the current unprecedented time requires more digital innovation, creative policymaking is required as well.

The Framework on Digital Data Governance that was agreed to in 2018 could be a potential platform. Under this framework, the Member States approved the Data Management Framework (DMF) and the Model Contractual Clauses for Cross Border Data Flows (MCCs)  in January 2021. This came on the heels of ASEAN’s signing of the Regional Comprehensive Economic Partnership Agreement (RCEP) with major economies – Australia, China, Japan, Korea and New Zealand – in November 2020.

These multilateral instruments will no doubt help to facilitate cross border data flow and promote data protection, but they do not apply to the public sector.

RCEP Agreement

Chapter 12 on Electronic Commerce commits the signatories not only to promote cross-border data flow, but also to refrain from requiring computing facilities (e.g., servers, data centers) to be located locally as a condition to conduct business in its territory. However, these commitments do not apply to a “financial institution” or a “public entity.”

Data Management Framework

The DMF, which was previously called the ASEAN Data Classification Framework, recognizes that companies need to develop data governance structure and appropriate data protection safeguards based on the purpose of data use throughout the data lifecycle (e.g., data in transit, data at rest). The DMF sets out voluntary and practical guidance for private sector businesses operating in ASEAN to enable them to build their own policies and procedures using a risk-based data management methodology.\

Model Contractual Clauses for Cross Border Data Flows

The MCCs are voluntary, baseline contractual terms and conditions that may be included in a binding commercial contract between businesses that are transferring personal data to each other across borders. Similar to the EU GDPR’s standard contractual clauses (SCCs) concept, the MCCs could potentially provide a legal basis for the cross-border transfer of data within ASEAN. The ASEAN MCCs provide two modules based upon the nature of the relationships (i.e., Controller-to-Processor Transfer, Controller-to-Controller).

Time is Now for Cloud-First Policy for Public Sector

RCEP, DMF and MCCs provide a great starting point to enhance trust and confidence for private sector companies to use cloud and digital technologies to ensure business and operation continuity amidst the current global pandemic, as well as to avail themselves of new innovation and business opportunities in the post-pandemic era.

As for the public sector, ASEAN Member States such as Malaysia, the Philippines and Singapore that adopted variations of a cloud-first policy and/or strategy before the pandemic should find themselves in a better position to ensure the continuity of government operations and service delivery to their citizens. The Philippines, which was the first Member State to adopt a cloud-first policy in 2017 (and later amended in 2020 in response to the pandemic), requires public sector organizations to adopt cloud computing as the preferred ICT deployment strategy unless they can present “adequate, reasonable and well-reasoned justifications” against the cloud option.

At the ASEAN Leaders’ Meeting held on 24 April 2021, the Member States expressed commitment to support the timely realization of the region’s 2021 deliverables around three strategic priorities of Recovery, Digitization and Sustainability. The time has never been more ripe for ASEAN leaders to initiate a meaningful discussion on a cloud-first policy as one deliverable to advance each of these priorities.

Posted in

Related Articles

Why does ASEAN need an Institute for Innovation, Technology and Industry (AITII)?

By How Yong Yang ASEAN, or the Association of the Southeast Asian Nations, has made countless headlines in recent years for different reasons: political, economic, and security. Professor Kishore Mahbubani, former President of the United Nations Security Council, has said that ASEAN should be given the Nobel Peace Prize for its capacity to maintain peace, […]

Consumer data privacy: a snapshot of new regulations in Vietnam

By Nga Dao The first half of 2023 has witnessed some key developments in Vietnam’s data privacy legislation. These particularly include the issuance of the first-ever decree on personal data protection (Decree 13/2023/ND-CP or PDPD) in April and the adoption of the Law on E-Transactions and Law on Consumers’ Right Protection in June, both of […]

Thailand’s improving internet freedom under the new government

By Pett Jarupaiboon Thailand’s politics is currently in transition. Thai voters voiced their demands and are looking for a change after almost a decade under the Prayuth regime. As the winner in the election, the Move Forward Party (MFP) is trying to form a government and among the sweeping policies to reform the country, digital […]