Cloud Computing Policy and Personal Data Protection in the Cloud among the European Union, the United States, Australia and ASEAN : A Thailand Perspective

Authors

  • สราวุธ ปิติยาศักดิ์ สาขาวิชานิติศาสตร์ มหาวิทยาลัยสุโขทัยธรรมาธิราช

Keywords:

Cloud computing, Personal data protection, Legal scope

Abstract

The purposes of this research were: 1) to study concepts and theories related to personal data protection; 2) to compare cloud computing policy and personal data protection laws among various countries; and 3) to examine problems and difficulties concerning Thailand’s data protection in the cloud. The methodology employed documentary research, analysis of interviews with 10 cloud computing and data protection experts, and group discussion with 20 stakeholders from government, private, academic and community sectors. Analyzes showed that; 1) all member countries of OECD and EU had enacted the data protection laws; 2) most APEC member countries had passed the data protections laws. Government policy, meanwhile, played an important role in the adoption of cloud computing; and 3) the General Data Protection Regulation’s extraterritorial scope had implications for personal data controllers and for personal data processors (cloud service providers) outside of the EU that were processing the personal data of EU residents. Thus, the current draft data protection law, applicable only to personal data controllers domiciled or located within Thailand was not sufficient for protecting personal data in the cloud. This finding suggested that Thailand should set up a data governance framework and classified data into discrete categories for the appropriate management and use of classified data stored in the cloud. The enactment of its personal data protection law and expanded its legal scope accelerated to enforce its personal data protection law for personal data controllers and personal data processors domiciled or located outside of Thailand who were collecting, using, or disclosing personal data within Thailand.

References

Allen & Overy. (2017). The EU Data Protection Regulation. Retrieved from http://www. allenovery.com/SiteCollectionDocuments/Radical%20changes%20to%20European%20data%20protection%20legislation.pdf

Asia Cloud Computing Association. (2016). Cloud Readiness Index 2016. Retrieved from http://www.asiacloudcomputing.org/research/2016-research/cri2016

Australian Government, Department of Finance. (2014). Australian Government Cloud Computing Policy, Smarter ICT Investment. Version 3.0. Retrieved from https://www.dta.gov.au/files/Australian%20Government%20Cloud%20Computing%20Policy%203.0-WCAG.pdf

DLA PIPER. (2018). Data Protection Laws of the World. Retrieved from https://www.dlapiperdataprotection.com

European Commission. (2015). A Digital Single Market Strategy for Europe. COM 192 final.

Gartner Inc. (2017). Gartner Says Worldwide Public Cloud Services Market to Grow 18 Percent in 2017. Newsroom, Press Release, Stamford, Conn. Retrieved from http://www.gartner.com/newsroom/id/3616417

Infocomm Media Development Authority of Singapore. (2017). Multi Tier Cloud Security Certified Cloud Services. Retrieved from https://www.imda.gov.sg/industry-development/infrastructure/ict-standards-and-frameworks/mtcs-certification-scheme/multi-tier-cloud
-security-certified-cloud-services

Malaysia Digital Economic Corporation. (2017). Building Malaysia’s Digital Future. Retrieved from https://mdec.my/about-mdec

Office of Australian Information Commissioner. (2014). Australian Privacy Principles guidelines, Privacy Act 1988. Retrieved from https://www.oaic.gov.au/images/documents/privacy/applying-privacy-law/app-guidelines/APP-guidelines-combined-set-v1.pdf

Republic of Philippines, Department of Information and Communications Technology. (2017). Prescribing the Philippine Government’s Cloud First Policy, (Department Circular No.2017-002) Retrieved from http://www.dict.gov.ph/wp-content/uploads/2017/02/
Signed_DICT-Circular_2017-002_CloudComp_2017Feb07.pdf

Sainul, A. K. (2017). Malaysia to Introduce ‘Cloud First’ Strategy, to Develop a National AI Framework. Retrieved from https://e27.co/malaysia-introduce-cloud-first-strategy -develop-national-ai-framework-20171020

Samuel, D. W., Louis, D. B. (1890). The Right to Privacy. Harvard Law Review, 4(5), 193-220.

Segkhoonthod, S. (2017). Data Governance is Urgently Required in the Management and Use of Data. Retrieved from https://www.ega.or.th/th/content/890/12248 (in Thai)

U.S. Government’s National Institute of Standards and Technology (NIST). (2001). Definition of Cloud Computing, (Special Publication 800-145).

Vivek, K. (2011). Federal Cloud Computing Strategy. The White House, Washington.

Downloads

Published

2018-12-28

How to Cite

ปิติยาศักดิ์ ส. (2018). Cloud Computing Policy and Personal Data Protection in the Cloud among the European Union, the United States, Australia and ASEAN : A Thailand Perspective. Sukhothai Thammathirat Open University Journal, 31(2), 25–43. retrieved from https://so05.tci-thaijo.org/index.php/stouj/article/view/206766

Issue

Vol. 31 No. 2 (2018): July – December

Section

Research Articles

License

บทความที่ได้รับการตีพิมพ์เป็นลิขสิทธิ์ของวารสารมหาวิทยาลัยสุโขทัยธรรมาธิราช

ข้อความที่ปรากฏในบทความแต่ละเรื่องในวารสารวิชาการเล่มนี้เป็นความคิดเห็นส่วนตัวของผู้เขียนแต่ละท่านไม่เกี่ยวข้องกับมหาวิทยาลัยสุโขทัยธรรมาธิราช และคณาจารย์ท่านอื่นๆในมหาวิทยาลัยฯ แต่อย่างใด ความรับผิดชอบองค์ประกอบทั้งหมดของบทความแต่ละเรื่องเป็นของผู้เขียนแต่ละท่าน หากมีความผิดพลาดใดๆ ผู้เขียนแต่ละท่านจะรับผิดชอบบทความของตนเองแต่ผู้เดียว

ห้ามนำข้อความทั้งหมด หรือบางส่วนไปพิมพ์ซ้ำ เว้นแต่จะได้รับอนุญาตจากกองบรรณาธิการวารสาร