Commissioned by Salesforce, this report is the second edition of the Cross-Border Data Flows Index (CBDFI) which was first presented in 2019. The Index quantifies and evaluates eight regulatory dimensions that serve to either restrict or enhance the volume and variety of cross-border data flows for G20 economies. For this 2021 edition of the report, Singapore has been added to the original economies covered. It has created a conducive policy and regulatory environment for the development of its digital economy. Experiences from Singapore can be leveraged to enable the seamless flow of data across borders.
The report recommends long-term measures to build trust and confidence as well as short-term initiatives that will deliver immediate results in offering clarity on data transfer mechanisms.
The Impact of Data Sovereignty on Cloud Computing in Asia 2013 by the Asia Cl...accacloud
The Impact of Data Sovereignty on Cloud Computing offers detailed information describing the implications of data sovereignty law and policy on the adoption of cloud computing-based infrastructures and services in Asia. By describing and analyzing data sovereignty regulations in 14 countries in this study, the Association identifies potential bottlenecks that could slow adoption and threaten Asia’s digital future.
The study serves to identify the gaps between an “ideal state” and the actual realities in Asian countries around policy, legal and commercial cloud drivers to provide a tool for businesses organizations, cloud service providers and policy makers to look at cloud in a more holistic manner.
This report provides substantive detailed analysis for each of the 14 countries, including 4-5 page detailed insights into the regulatory environment for data sovereignty in each country and recommendations for each country to bring attention to the highest priority issues that if addressed will bring the country closer to the “ideal state.”
For more information, visit http://www.asiacloudcomputing.org
Transforming Hong Kong into a smart city: The economic opportunity of digital...FairTechInstitute
This study, conducted by AlphaBeta and commissioned by Google, examines the economic significance of digital technologies and skills in Hong Kong. This study finds that, if leveraged fully, digital technologies could create an annual economic value of HKD387 billion (USD 50 billion) by 2030. In addition, if it were to accelerate the pace of its digital skilling efforts over the next decade, workers with digital skills can contribute up to a fifth (21 percent) of Hong Kong’s gross domestic product (GDP) in 2030.
E-commerce in Latin America: Maximising equitable growth and the potential of...FairTechInstitute
This white paper addresses the regional e-commerce landscape for Latin America. It sheds light on current trends and opportunities, looks at long-standing challenges and includes policy considerations that policymakers should address which would help the region maintain a balanced regulatory framework for online marketplaces.
The report was presented by Access Partnership during the online event, “E-commerce in Latin America: Maximising equitable growth and the potential of retail post-Covid-19”, which took place on 10 December 2021.
Intermodal Transport Data Sharing Programme (Sep 2021)FairTechInstitute
This was a year-long project conducted in Hong Kong to support evidence-based policymaking, supporting good data governance, green smart cities, and strong data security and protection. The project developed a Proof-of-Concept to demonstrate a trusted data sharing mechanism - Data Trust 1.0 - could be implemented to allow transport operators and service providers to share limited amounts of data for the purposes of limited-scope, mode-specific research e.g. research which asks "how many people cycle to work between 8-9am?"
While this research was conducted for transport operators, the Data Trust 1.0 model is applicable across all sectors. Funding was provided by the Hong Kong Innovation and Technology Commission, and supported generously by sponsors Daimler, MTR, Thales, and Via.
The ASEAN Data Protection Index 2020 uses seven Principles of Personal Data Protection in the ASEAN Framework on Data Protection 2016 to assess the level of data protection across various economies. This is the first index to use the ASEAN Framework on Data Protection as a best practice guideline, where the assessment of a positive data protection policy posture by a country would be one which promotes the free flow of data across borders.
Unlocking Pakistan's digital potential: The economic opportunities of digital...FairTechInstitute
There is a significant economic prize attached to accelerating Pakistan’s digital transformation. AlphaBeta’s study (commissioned by Google) finds that digital technologies can unlock PKR9.7 trillion (USD 59.7 billion) worth of annual economic value in Pakistan by 2030.
Key messages from the research include: there is a significant economic prize attached to accelerating Pakistan’s digital transformation; there are three areas of action required for Pakistan to fully capture its digital opportunity; and through its programmes and products, Google is making contributions to Pakistan’s digital transformation journey and supports benefits to businesses, consumers, and the broader society.
Regulating for a Digital Economy: Understanding the Importance of Cross-Borde...accacloud
Cross-border data access, usage, and exchange are essential to economic growth in the digital age. Every sector—including manufacturing, services, agriculture, and retail—relies on data and on the global flow of that data. Whether directly, or by indirectly taking advantage of global-scale data infrastructure such as cloud computing, global connectivity has enabled cross-border economic activity, allowing individuals, startups, and small businesses to participate in global markets. However, while the economic and trade opportunity from connectivity and data flows are significant, governments are increasingly introducing measures which restrict data flows—data localization measures.
This report reviews the various mechanisms by which governments are attempting to manage their digital economy. It covers the issues of data localization and data residency, clarifies cross-border data flow restrictions by developing a typology of data localization mechanisms like privacy, cybersecurity, law enforcement, digital protectionism, and levelling the playing field for businesses.
Sponsored by the Asia Cloud Computing Association, this report was independently researched and published by the Brookings Institution and TRPC Pte Ltd.
For more information, visit us at http://www.asiacloudcomputing.org
The Impact of Data Sovereignty on Cloud Computing in Asia 2013 by the Asia Cl...accacloud
The Impact of Data Sovereignty on Cloud Computing offers detailed information describing the implications of data sovereignty law and policy on the adoption of cloud computing-based infrastructures and services in Asia. By describing and analyzing data sovereignty regulations in 14 countries in this study, the Association identifies potential bottlenecks that could slow adoption and threaten Asia’s digital future.
The study serves to identify the gaps between an “ideal state” and the actual realities in Asian countries around policy, legal and commercial cloud drivers to provide a tool for businesses organizations, cloud service providers and policy makers to look at cloud in a more holistic manner.
This report provides substantive detailed analysis for each of the 14 countries, including 4-5 page detailed insights into the regulatory environment for data sovereignty in each country and recommendations for each country to bring attention to the highest priority issues that if addressed will bring the country closer to the “ideal state.”
For more information, visit http://www.asiacloudcomputing.org
Transforming Hong Kong into a smart city: The economic opportunity of digital...FairTechInstitute
This study, conducted by AlphaBeta and commissioned by Google, examines the economic significance of digital technologies and skills in Hong Kong. This study finds that, if leveraged fully, digital technologies could create an annual economic value of HKD387 billion (USD 50 billion) by 2030. In addition, if it were to accelerate the pace of its digital skilling efforts over the next decade, workers with digital skills can contribute up to a fifth (21 percent) of Hong Kong’s gross domestic product (GDP) in 2030.
E-commerce in Latin America: Maximising equitable growth and the potential of...FairTechInstitute
This white paper addresses the regional e-commerce landscape for Latin America. It sheds light on current trends and opportunities, looks at long-standing challenges and includes policy considerations that policymakers should address which would help the region maintain a balanced regulatory framework for online marketplaces.
The report was presented by Access Partnership during the online event, “E-commerce in Latin America: Maximising equitable growth and the potential of retail post-Covid-19”, which took place on 10 December 2021.
Intermodal Transport Data Sharing Programme (Sep 2021)FairTechInstitute
This was a year-long project conducted in Hong Kong to support evidence-based policymaking, supporting good data governance, green smart cities, and strong data security and protection. The project developed a Proof-of-Concept to demonstrate a trusted data sharing mechanism - Data Trust 1.0 - could be implemented to allow transport operators and service providers to share limited amounts of data for the purposes of limited-scope, mode-specific research e.g. research which asks "how many people cycle to work between 8-9am?"
While this research was conducted for transport operators, the Data Trust 1.0 model is applicable across all sectors. Funding was provided by the Hong Kong Innovation and Technology Commission, and supported generously by sponsors Daimler, MTR, Thales, and Via.
The ASEAN Data Protection Index 2020 uses seven Principles of Personal Data Protection in the ASEAN Framework on Data Protection 2016 to assess the level of data protection across various economies. This is the first index to use the ASEAN Framework on Data Protection as a best practice guideline, where the assessment of a positive data protection policy posture by a country would be one which promotes the free flow of data across borders.
Unlocking Pakistan's digital potential: The economic opportunities of digital...FairTechInstitute
There is a significant economic prize attached to accelerating Pakistan’s digital transformation. AlphaBeta’s study (commissioned by Google) finds that digital technologies can unlock PKR9.7 trillion (USD 59.7 billion) worth of annual economic value in Pakistan by 2030.
Key messages from the research include: there is a significant economic prize attached to accelerating Pakistan’s digital transformation; there are three areas of action required for Pakistan to fully capture its digital opportunity; and through its programmes and products, Google is making contributions to Pakistan’s digital transformation journey and supports benefits to businesses, consumers, and the broader society.
Regulating for a Digital Economy: Understanding the Importance of Cross-Borde...accacloud
Cross-border data access, usage, and exchange are essential to economic growth in the digital age. Every sector—including manufacturing, services, agriculture, and retail—relies on data and on the global flow of that data. Whether directly, or by indirectly taking advantage of global-scale data infrastructure such as cloud computing, global connectivity has enabled cross-border economic activity, allowing individuals, startups, and small businesses to participate in global markets. However, while the economic and trade opportunity from connectivity and data flows are significant, governments are increasingly introducing measures which restrict data flows—data localization measures.
This report reviews the various mechanisms by which governments are attempting to manage their digital economy. It covers the issues of data localization and data residency, clarifies cross-border data flow restrictions by developing a typology of data localization mechanisms like privacy, cybersecurity, law enforcement, digital protectionism, and levelling the playing field for businesses.
Sponsored by the Asia Cloud Computing Association, this report was independently researched and published by the Brookings Institution and TRPC Pte Ltd.
For more information, visit us at http://www.asiacloudcomputing.org
Report on Cloud Data Regulations 2014: A contribution on how to reduce the co...accacloud
The purpose of this paper is to contribute to, and help drive the formation of, policies concerning cloud computing in Asia. The paper addresses the increasing complexities surrounding the transfer of data between jurisdictions, and the problems this poses for operators, such as carriers, remittance service providers, social networks, Internet and e-commerce companies, offering legitimate cross-border data transfer services.
This paper builds on original research developed by the ACCA in 2013 as part of a broader and ongoing study on Data Sovereignty throughout the Asia Pacific. It argues that law makers and regulators should balance their efforts to protect personal data privacy and data in key sectors, such as banking and health services, with solutions that facilitate and therefore lower the cost of data transfers under all reasonable circumstances.
For more information, visit us at asiacloudcomputing.org
2018 Cross-Border Data Flows: A Review of the Regulatory Enablers, Blockers, ...accacloud
Access to data represents a huge potential in terms of potential economic growth and social enablement opportunities. It is not surprising then, that many governments are setting forth ‘digital economy’ agendas, including policy and regulatory frameworks, to ensure they maximize participation and opportunity. However, such a cross-cutting agenda is not without its challenges. Regulations put in place to enable or protect one part of the economy can damage growth in neighboring sectors or industries, often unintentionally. This research report takes an investigative look at the way five Asian economies—India, Indonesia, Japan, the Philippines, and Vietnam—are aggressively transitioning to more digitally enabled economies.
For more information, visit http://www.asiacloudcomputing.org
SMEs in Asia Pacific: The Market for Cloud Computing - Case Studies of 14 mar...accacloud
Small and medium-sized enterprises represent well over 90% of all businesses in Asia, and across the 14 markets under review they employ some 1.02 billion people and contribute around $10.9 trillion directly into the economies in which are based (49.1% of total GDP for the region.) They also spend significantly as a group on ICT.
Cloud computing – and cloud computing technology – has the potential to be the ‘great leveller’ for both SMEs and developing economies. This is because cloud offers the prospect of both the access to enterprise grade tools on a pay-per-use basis making them immediately accessible and affordable, and the ability to scale up and down such access as required (elasticity of use). In other words, upfront capex requirements go down substantially.
What are their challenges to using cloud? How can this technology be made more available to SMEs, so that they can harness its power for digital transformation? This report reviews 14 markets' SME industry, and establishes market size, characteristics, and identifies industries most likely to undergo digital transformation.
For more information, visit http://www.asiacloudcomputing.org
The World Economic Forum has recently launched The Global Information Technology Report 2013.
In this presentation we have tried to put some important find outs from the same report and few other news and information from global media.
Digitalizing Government Flow And Process Through E Governance Portals And Web...SlideTeam
E governance this Digitalizing government flow and process through e governance portals and website PowerPoint presentation is useful for government officers to provide details about the Implantation of digital smartness in government activities. This PPT presentation covers how the government can provide customer services and Maximizing the effectiveness of information and communication technology ICT initiatives within governance. This PowerPoint presentation template covers contact company business overviews such as firms background, financial statement, business factsheets, Management Team that Providing E-Governance Solution, Milestones Achieved by our Company, and many more other details about the company. PPT also includes the key highlights of the tender such as tender name, date, value, eligibility criteria, and project details. Here we have covered website designing requirements by the client along with the timeline, milestones, time for completion, and penalty for delay. This presentation focuses on IT Solutions enabling seamless and secure interactions between governments and citizens and the support these interactions through powerful government IT applications and a robust infrastructure. It also covers some of the projects in government to citizens services such as automated driving test and labor market information system along with a list of the government solutions for delivering IT solutions by uniting information, processes, people, and technology for achieving good governance. It also includes roll out services for e governance with its description and what we will do in each service and roll out a team that provides 360 degree assistance to governments by offering advanced apps, resources, and manpower for their implementation. It also covers a description of the web portal and mobile application services and Government to Customer Payment Service that gives a seamless experience to the citizens. This PowerPoint presentation template covers a detailed gap analysis of the government process which needs to be digitalized. It also covers E governance solution phases, the objectives of e governance such as providing value management, E Governance Workstream Strategies, and many more. At last, it covers support services, technology services, and consulting services along with services budget, website development timeline, and budget. It also includes an e governance marketing plan, marketing timeline, e governance digital engagement budget, analytics dashboard to assess the government portal and websites through some key performance indicators. Download our 100 percent editable and customizable template which is also compatible with google slides. https://bit.ly/2RWIbGS
IoT Implementation Technology Regulation and Business Perspective.pptxSatriyo Dharmanto
General Lecture at University of Pelita Harapan (UPH) Indonesia. Talk about IoT Implementations Technology, Regulation and Business Model Perspectives. Use Case at Kupang East Nusa Tenggara Indonesia
This document brings together a set
of latest data points and publicly
available information relevant for
Platforms & Applications Industry.
We are very excited to share this
content and believe that readers will
benefit from this periodic publication
immensely
LightCastle Partners - Digital Commerce in Bangladesh : Policies & PossibilitiesLightCastle Partners
Despite the pandemic, Bangladesh, till Sep 2020, has clocked a GDP growth rate of 5.2% (ADB, 2020) - one of the highest in Asia.
Digital transactions are growing faster than ever. The first three quarters of 2020 saw a total od USD 65 billion+ digital transactions, where 72% of the transactions were dominated by MFS banking. With 96 million registered MFS users and USD 202 million daily MFS transactions, digital transactions can unlock new potentials of the digital commerce industry.
The eCommerce market (including f-commerce) has grown at a steady pace to USD 2.1 billion in 2020. The market holds the potential to become USD 3 billion by 2023 and can create around five lakh jobs in digital commerce industry.
Can the Digital Commerce Industry become a critical driving force of the future economy of Bangladesh?
LightCastle Partners presents "Digital Commerce in Bangladesh: Policies & Possibilities"
Top 5 ICT issues identified by iCIO for Indonesia to address to in order to better drive economic growth. Presented to Minister of Information nd Communications. Detailed report and recommendations are available.
How will the #tech industry change in 2018? My team shares our predictions for how edge computing for the IoT, China’s growing tech sector, the IPO market and more will shape the industry this year:
How will the #tech industry change in 2018? My team shares our predictions for how edge computing, enterprise bots, China’s growing tech sector, a robust IPO market, and more will shape the industry this year. Original post: https://goo.gl/pks6C6
The Chinese government has set ambitious goals in its big data industry development to foster new economic drivers. One of these goals is e.g. to increase the annual sales of China’s big data industry (including related goods and services) to RMB 1 trillion by 2020 from an estimated RMB 280 billion in 2015. This report examines the Chinese big data industry and its innovators along with possible future opportunities and implications that China's expanding big data industry could entail for Finland.
EU Data Market study. Presentation at NESSI Summit 2014 IDC & Open EvidenceKasia Szkuta
The study aims to define, assess and measure the European data economy as well as build a genuine stakeholders’ ecosystem. Find us on http://datalandscape.eu and @eudatalandscape
A Roadmap for CrossBorder Data Flows: Future-Proofing Readiness and Cooperati...Peerasak C.
The World Economic Forum partnered with the Bahrain Economic Development Board and a Steering Committee-led project community of organizations from around the world to co-design the Roadmap for Cross-Border Data Flows, with the aim of identifying best-practice policies that both promote innovation in data-intensive technologies and enable data collaboration at the regional and international levels.
Creating effective policy on cross-border data flows is a priority for any nation that critically depends on its interactions with the rest of the world through the free flow of capital, goods, knowledge and people. Now more than ever, cross-border data flows are key predicates for countries and regions that wish to compete in the Fourth Industrial Revolution and thrive in the post COVID-19 era.
Despite this reality, we are witnessing a proliferation of policies around the world that restrict the movement of data across borders, which is posing a serious threat to the global digital economy, and to the ability of nations to maximize the economic and social benefits of data-reliant technologies such as artificial intelligence (AI) and blockchain.
We hope that countries wishing to engage in cross-border data sharing can feel confident in using the Roadmap as a guide for designing robust respective domestic policies that retain a fine balance between the benefits and risks of data flows.
Developed with Forum for the Future, an international sustainability non-profit organization, and based on our own interviews and executive survey, Vision 2030: A connected future highlights the opportunities that experts and business leaders see for IoT, data and connectivity to create a sustainable future.
The report outlines a future vision for IoT driven connectivity and highlights the barriers that need to be overcome to realize this vision and concludes with recommended next steps.
Report on Cloud Data Regulations 2014: A contribution on how to reduce the co...accacloud
The purpose of this paper is to contribute to, and help drive the formation of, policies concerning cloud computing in Asia. The paper addresses the increasing complexities surrounding the transfer of data between jurisdictions, and the problems this poses for operators, such as carriers, remittance service providers, social networks, Internet and e-commerce companies, offering legitimate cross-border data transfer services.
This paper builds on original research developed by the ACCA in 2013 as part of a broader and ongoing study on Data Sovereignty throughout the Asia Pacific. It argues that law makers and regulators should balance their efforts to protect personal data privacy and data in key sectors, such as banking and health services, with solutions that facilitate and therefore lower the cost of data transfers under all reasonable circumstances.
For more information, visit us at asiacloudcomputing.org
2018 Cross-Border Data Flows: A Review of the Regulatory Enablers, Blockers, ...accacloud
Access to data represents a huge potential in terms of potential economic growth and social enablement opportunities. It is not surprising then, that many governments are setting forth ‘digital economy’ agendas, including policy and regulatory frameworks, to ensure they maximize participation and opportunity. However, such a cross-cutting agenda is not without its challenges. Regulations put in place to enable or protect one part of the economy can damage growth in neighboring sectors or industries, often unintentionally. This research report takes an investigative look at the way five Asian economies—India, Indonesia, Japan, the Philippines, and Vietnam—are aggressively transitioning to more digitally enabled economies.
For more information, visit http://www.asiacloudcomputing.org
SMEs in Asia Pacific: The Market for Cloud Computing - Case Studies of 14 mar...accacloud
Small and medium-sized enterprises represent well over 90% of all businesses in Asia, and across the 14 markets under review they employ some 1.02 billion people and contribute around $10.9 trillion directly into the economies in which are based (49.1% of total GDP for the region.) They also spend significantly as a group on ICT.
Cloud computing – and cloud computing technology – has the potential to be the ‘great leveller’ for both SMEs and developing economies. This is because cloud offers the prospect of both the access to enterprise grade tools on a pay-per-use basis making them immediately accessible and affordable, and the ability to scale up and down such access as required (elasticity of use). In other words, upfront capex requirements go down substantially.
What are their challenges to using cloud? How can this technology be made more available to SMEs, so that they can harness its power for digital transformation? This report reviews 14 markets' SME industry, and establishes market size, characteristics, and identifies industries most likely to undergo digital transformation.
For more information, visit http://www.asiacloudcomputing.org
The World Economic Forum has recently launched The Global Information Technology Report 2013.
In this presentation we have tried to put some important find outs from the same report and few other news and information from global media.
Digitalizing Government Flow And Process Through E Governance Portals And Web...SlideTeam
E governance this Digitalizing government flow and process through e governance portals and website PowerPoint presentation is useful for government officers to provide details about the Implantation of digital smartness in government activities. This PPT presentation covers how the government can provide customer services and Maximizing the effectiveness of information and communication technology ICT initiatives within governance. This PowerPoint presentation template covers contact company business overviews such as firms background, financial statement, business factsheets, Management Team that Providing E-Governance Solution, Milestones Achieved by our Company, and many more other details about the company. PPT also includes the key highlights of the tender such as tender name, date, value, eligibility criteria, and project details. Here we have covered website designing requirements by the client along with the timeline, milestones, time for completion, and penalty for delay. This presentation focuses on IT Solutions enabling seamless and secure interactions between governments and citizens and the support these interactions through powerful government IT applications and a robust infrastructure. It also covers some of the projects in government to citizens services such as automated driving test and labor market information system along with a list of the government solutions for delivering IT solutions by uniting information, processes, people, and technology for achieving good governance. It also includes roll out services for e governance with its description and what we will do in each service and roll out a team that provides 360 degree assistance to governments by offering advanced apps, resources, and manpower for their implementation. It also covers a description of the web portal and mobile application services and Government to Customer Payment Service that gives a seamless experience to the citizens. This PowerPoint presentation template covers a detailed gap analysis of the government process which needs to be digitalized. It also covers E governance solution phases, the objectives of e governance such as providing value management, E Governance Workstream Strategies, and many more. At last, it covers support services, technology services, and consulting services along with services budget, website development timeline, and budget. It also includes an e governance marketing plan, marketing timeline, e governance digital engagement budget, analytics dashboard to assess the government portal and websites through some key performance indicators. Download our 100 percent editable and customizable template which is also compatible with google slides. https://bit.ly/2RWIbGS
IoT Implementation Technology Regulation and Business Perspective.pptxSatriyo Dharmanto
General Lecture at University of Pelita Harapan (UPH) Indonesia. Talk about IoT Implementations Technology, Regulation and Business Model Perspectives. Use Case at Kupang East Nusa Tenggara Indonesia
This document brings together a set
of latest data points and publicly
available information relevant for
Platforms & Applications Industry.
We are very excited to share this
content and believe that readers will
benefit from this periodic publication
immensely
LightCastle Partners - Digital Commerce in Bangladesh : Policies & PossibilitiesLightCastle Partners
Despite the pandemic, Bangladesh, till Sep 2020, has clocked a GDP growth rate of 5.2% (ADB, 2020) - one of the highest in Asia.
Digital transactions are growing faster than ever. The first three quarters of 2020 saw a total od USD 65 billion+ digital transactions, where 72% of the transactions were dominated by MFS banking. With 96 million registered MFS users and USD 202 million daily MFS transactions, digital transactions can unlock new potentials of the digital commerce industry.
The eCommerce market (including f-commerce) has grown at a steady pace to USD 2.1 billion in 2020. The market holds the potential to become USD 3 billion by 2023 and can create around five lakh jobs in digital commerce industry.
Can the Digital Commerce Industry become a critical driving force of the future economy of Bangladesh?
LightCastle Partners presents "Digital Commerce in Bangladesh: Policies & Possibilities"
Top 5 ICT issues identified by iCIO for Indonesia to address to in order to better drive economic growth. Presented to Minister of Information nd Communications. Detailed report and recommendations are available.
How will the #tech industry change in 2018? My team shares our predictions for how edge computing for the IoT, China’s growing tech sector, the IPO market and more will shape the industry this year:
How will the #tech industry change in 2018? My team shares our predictions for how edge computing, enterprise bots, China’s growing tech sector, a robust IPO market, and more will shape the industry this year. Original post: https://goo.gl/pks6C6
The Chinese government has set ambitious goals in its big data industry development to foster new economic drivers. One of these goals is e.g. to increase the annual sales of China’s big data industry (including related goods and services) to RMB 1 trillion by 2020 from an estimated RMB 280 billion in 2015. This report examines the Chinese big data industry and its innovators along with possible future opportunities and implications that China's expanding big data industry could entail for Finland.
EU Data Market study. Presentation at NESSI Summit 2014 IDC & Open EvidenceKasia Szkuta
The study aims to define, assess and measure the European data economy as well as build a genuine stakeholders’ ecosystem. Find us on http://datalandscape.eu and @eudatalandscape
A Roadmap for CrossBorder Data Flows: Future-Proofing Readiness and Cooperati...Peerasak C.
The World Economic Forum partnered with the Bahrain Economic Development Board and a Steering Committee-led project community of organizations from around the world to co-design the Roadmap for Cross-Border Data Flows, with the aim of identifying best-practice policies that both promote innovation in data-intensive technologies and enable data collaboration at the regional and international levels.
Creating effective policy on cross-border data flows is a priority for any nation that critically depends on its interactions with the rest of the world through the free flow of capital, goods, knowledge and people. Now more than ever, cross-border data flows are key predicates for countries and regions that wish to compete in the Fourth Industrial Revolution and thrive in the post COVID-19 era.
Despite this reality, we are witnessing a proliferation of policies around the world that restrict the movement of data across borders, which is posing a serious threat to the global digital economy, and to the ability of nations to maximize the economic and social benefits of data-reliant technologies such as artificial intelligence (AI) and blockchain.
We hope that countries wishing to engage in cross-border data sharing can feel confident in using the Roadmap as a guide for designing robust respective domestic policies that retain a fine balance between the benefits and risks of data flows.
Developed with Forum for the Future, an international sustainability non-profit organization, and based on our own interviews and executive survey, Vision 2030: A connected future highlights the opportunities that experts and business leaders see for IoT, data and connectivity to create a sustainable future.
The report outlines a future vision for IoT driven connectivity and highlights the barriers that need to be overcome to realize this vision and concludes with recommended next steps.
Developed with Forum for the Future, an international sustainability non-profit organization, and based on our own interviews and executive survey, Vision 2030: A connected future highlights the opportunities that experts and business leaders see for IoT, data and connectivity to create a sustainable future.
The report outlines a future vision for IoT driven connectivity and highlights the barriers that need to be overcome to realize this vision and concludes with recommended next steps.
This study presents a pathway for fostering regional digital trade integration through
South-South and Triangular cooperation. Our main study goals include answering the
following questions:
» What are the challenges faced in the digital trade sector of Afghanistan, Pakistan
and Sri Lanka? How can these be overcome through various cooperative models?
» How can inclusive regional and free trade agreements help to overcome barriers
and enable digital trade integration?
» What can Small and Medium Enterprises (SMEs) dealing with digital trade-related
products learn from literature on South-South and Triangular cooperation?
Suggested citation:
Ahmed, V. and Javed, M. Digital Trade Integration: South-South and Triangular
Cooperation in South Asia (unpublished). South-South Idea Paper Series, United Nations
Office for South-South Cooperation (UNOSSC),Washington D.C.New York, 2022.
The COVID-19 pandemic and subsequent lockdowns forced many insurers to accelerate the transition to digital business models. In many countries, this transition has been remarkably successful, however, the crisis also highlighted the critical role played by national regulatory frameworks in both hindering and facilitating the shift to digitalisation in the insurance industry. COVID-19 lockdowns highlighted the critical role of national regulatory frameworks in both hindering and facilitating the shift to digitalisation in the insurance industry. Digitalisation is not a goal in itself, but provides insurers and their customers with benefits that are particularly useful in situations where in-person interactions cannot take place, played out in its fullest form during the COVID-19-induced lockdowns. Digitalisation drives an increase in speed and efficiency, irrespective of where the customer is located, and promises improved customer service and satisfaction.
Digital and Green Transformation for Developing Economies.docxDr. Monideep Dey
Recently, several international development organizations and civil society have focused their efforts to assist developing economies in a green and digital transformation. A green transformation is necessary to address Climate Action (SDG 13). Digital transformation has been identified as key to development and to addresses several SDGs. Sustainability concepts are to be a fundamental part of the digital transformation. It is recognized that it is essential to ensure the new technologies in the digital, biological and physical worlds are adopted to remain human-centered and serve society and the planet as a whole for the prosperity of all. Society can thus promote economic development and solve social problems simultaneously. This paper discusses the elements of a green and digital transformation, initiatives currently underway by international development organizations, civil society and developing economies, and progress to date toward the common goals established in the SDGs.
Cloud Readiness Index 2012 by the Asia Cloud Computing Associationaccacloud
The Cloud Readiness Index 2012 is the second iteration of this index. The CRI was designed to track the development of the necessary infrastructure and enabling environment
for cloud computing across leading Asian economies. By mapping the conditions required for successful implementation, the Asia Cloud Computing Association (ACCA) aims to identify potential bottlenecks that could slow adoption and limit the ability of Asian economies to take advantage of the cloud computing future. The Index also serves to help identify critical gaps to be addressed in the form of policy, legal and commercial cloud drivers.
For more information, visit us at http://www.asiacloudcomputing.org
Embracing Digital Convergence amid Regulatory-Driven OverhaulsCognizant
Facing a wave of regulatory changes, including EU's General Data Protection Regulation (GDPR), banks and other financial institutions are wise to coordinate regulatory implementation with digital transformation to deliver value throughout their ecosystem.
Data Centers - Striving Within A Narrow Range - Research Report - MCG - May 2...pchutichetpong
M Capital Group (“MCG”) expects to see demand and the changing evolution of supply, facilitated through institutional investment rotation out of offices and into work from home (“WFH”), while the ever-expanding need for data storage as global internet usage expands, with experts predicting 5.3 billion users by 2023. These market factors will be underpinned by technological changes, such as progressing cloud services and edge sites, allowing the industry to see strong expected annual growth of 13% over the next 4 years.
Whilst competitive headwinds remain, represented through the recent second bankruptcy filing of Sungard, which blames “COVID-19 and other macroeconomic trends including delayed customer spending decisions, insourcing and reductions in IT spending, energy inflation and reduction in demand for certain services”, the industry has seen key adjustments, where MCG believes that engineering cost management and technological innovation will be paramount to success.
MCG reports that the more favorable market conditions expected over the next few years, helped by the winding down of pandemic restrictions and a hybrid working environment will be driving market momentum forward. The continuous injection of capital by alternative investment firms, as well as the growing infrastructural investment from cloud service providers and social media companies, whose revenues are expected to grow over 3.6x larger by value in 2026, will likely help propel center provision and innovation. These factors paint a promising picture for the industry players that offset rising input costs and adapt to new technologies.
According to M Capital Group: “Specifically, the long-term cost-saving opportunities available from the rise of remote managing will likely aid value growth for the industry. Through margin optimization and further availability of capital for reinvestment, strong players will maintain their competitive foothold, while weaker players exit the market to balance supply and demand.”
Digital trade is increasing rapidly throughout the world whereas digital platforms and Coronavirus have further enhanced the importance of the digital economy and digital trade. Countries are focusing on promoting digital trade and integration through various measures including free trade agreements and bilateral negotiations. This study examined digital trade as defined by WTO E-commerce work and USITC. The study included the items that come under the definition of digital trade and examined the digital trade volume of Pakistan from 2010-2020 through three-step methodology. This includes the identification of digital trade items based on Harmonized System at a six-digit level, examining trade volume for digital goods, and identification of top ten export and import items along with top ten markets for digital trade. Favorable government policies and measures have helped Pakistan in promoting digital trade flows. However, there is a need to develop information and communication technology infrastructure in Pakistan to flourish trading activities. Furthermore, Pakistan has to reduce the fiscal and trade barriers such as rules and regulations for foreign investment in digital space, data and information costs, and ensure online security and data protection to promote digital trade integration.
by Asif Javed & Vaqar Ahmed
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
3. The Covid-19 pandemic has accelerated the digitisation of the economy,
underscoring the importance of data utilisation and data flows to economic recovery
and growth. The constant, real-time movement of data across international borders
that underpins global economic activity facilitates the movement of goods, services,
and finance, and plays an essential role in driving emerging technologies such as
artificial intelligence (AI), blockchain and the Internet-of-Things (IoT). As countries
implemented physical shutdowns and social distancing measures, the access to
digital tools, services, and infrastructure – which rely on the seamless movement of
data – were fundamental in helping to sustain social and economic activity.
Commissioned by Salesforce and prepared by Access Partnership, this report is
the second edition of the Cross-Border Data Flows Index (CBDFI) which was first
presented in 2019. The Index quantifies and evaluates eight regulatory dimensions
that serve to either restrict or enhance the volume and variety of cross-border data
flows for G20 economies. For this 2021 edition of the report, Singapore has been
added to the original economies covered. It has created a conducive policy and
regulatory environment for the development of its digital economy. Experiences
from Singapore can be leveraged to enable seamless flow of data across borders.
The report recommends long-term measures to build trust and confidence as well
as short-term initiatives that will deliver immediate results in offering clarity on
data transfer mechanisms. Overall, the CBDFI finds that:
• Data-related policies and regulations of G20 economies are increasing in
restrictiveness, the introduction of the notion of data sovereignty, and there
is greater divergence on data transfer requirements. For businesses, these
barriers raise regulatory complexity, resulting in more uncertainty, less
transparency, and higher costs.
• On-going digitalisation of economies means that cross-border data flows will
play a pre-eminent role in restoring economic growth and recovery.
• Approaches that encourage regulatory cooperation and alignment will build
trust and confidence in cross-border data transfers.
The emergence of data sovereignty
Data sovereignty refers to the jurisdictional control or legal authority that can be
asserted over data because its physical location is within jurisdictional boundaries,
unlike data residency, which refers to the physical location of where data is stored.
Data sovereignty provides the government with the means to prevent unvetted
access by foreign contractors, and entities to sensitive government data, whereas
data residency does not.
The global regime for the regulation of cross-border data flows remains highly
fragmented, and there is an increase in data sovereignty requirements. Across the
G20, data-related policies of some G20 economies have become more inward-
looking, prioritising the retention of data within borders. Recent policies and
regulations in G20 economies risk undermining cross-border flows, ranging from
highly restrictive data localisation mandates to policy statements about placing
limits on the movement of data. At the same time, among G20 economies,
the divergence in the requirements for cross-border transfers of personal data
appears to be increasing, even as digital consumption has skyrocketed through
the pandemic.
Cross-border data flow restrictions, as well as the variance in transfer requirements
together can form formidable barriers for businesses.
1. Executive Summary
3
Data transfers have contributed:
$2.8 trillion
to global Gross
Domestic Product
(GDP)
growing
45 times
every ten years1
60%
of global GDP will be
digitised by 20222
4. Cross-border data flows can contribute to economic recovery
The correlation analysis between total CBDFI scores and key economic indicators
has shown a strong positive association between cross-border data flows, and
economic growth, competitiveness, and opportunity. These findings are also
supported by other research that shows that the data flows create greater
economic growth and opportunity. The World Trade Organisation (WTO)
estimates that by 2030, global trade will rise 34 percent through the use of
digital technologies.4
E-commerce platforms involved in cross-border transfers
are estimated to have reduced the cost to local firms of distance in trade by
60 percent.5
At the country-level, Japan has once again topped the CBDFI with a total score of
38. This highlights that among G20 economies, it provides the strongest policy
and regulatory framework for optimising cross-border data flows, while also
providing sufficient privacy protections. It is followed by United Kingdom (score of
36), which has adopted an open a forward-looking approach in enabling cross-
border flows of data and also protection of personal data. Singapore (34) and
European Union (32) follow which has relatively comprehensive data-transfer
frameworks in place, but growing emphasis on EU’s ‘digital sovereignty’ has
contributed to business uncertainty. At the other end of the CBDFI scorecard are
important economies such as India (13), China (9) and Russia (6). Among them,
China has implemented the most stringent data transfer restrictions, and India is
also expected to pass legislation that could restrict data flows.
Data flows require regulatory cooperation and trust
Given the size and relevance of the G20, global recovery hinges on its ability to
revive economic growth, and provide a leadership role in building long-term
resilience. Based on the on-going digitalisation of economies, cross-borders
transfers will play a crucial role in turbo-charging economic recovery. This makes
it imperative and urgent for G20 economies to come together and lead efforts to
enable the free flow of data across borders.
The first edition of this report had recommended maintaining multilateral
discussions on mechanisms to reduce cross-border data barriers and increase
cooperation. This is one area where significant progress has been made. The
Joint Statement Initiative (JSI) on Electronic Commerce was launched in 2019
to develop rules on trade-related aspects of e-commerce.6
Co-convened by
Singapore, Australia and Japan, the JSI has 86 World Trade Organisation (WTO)
members, representing over 90 percent of global trade. It has had a promising
start. In December 2020, it announced the development of a consolidated text to
form the basis of negotiations in 2021, and has highlighted that provisions which
enable and promote the flow of data are key to a meaningful outcome.7
4
The G20 economies account for nearly:
80%
of the world’s GDP
75%
of global trade
contracted
4.1%
during the COVID-19
pandemic.3
Given the on-going digitalisation of economies, cross-border
transfers will play a crucial role in turbo-charging economic recovery.
5. Recommendations
This report goes further to recommend measures that G20 economies can adopt
and facilitate in building regulatory cooperation and trust. It outlines long-term
approaches that address the drivers of restrictions on cross-border data transfers
and seek to encourage innovation, as well as short-to-medium term initiatives that
will deliver immediate results in providing clarity on data transfer mechanisms.
The key recommendations are to:
Promote convergence and interoperability
in privacy laws
Governments should reduce the variance in privacy regulations by
basing them on international standards, such as the OECD Privacy
Principles and APEC Privacy Framework. Cross-border transfer
mechanisms such as certifications and data transfer agreements can
deliver immediate results.
Expand bilateral and multilateral agreements
to further facilitate data
Bilateral or multilateral agreements with clear rules on how to
provide access to information needed for supervision or law
enforcement can enhance trust and confidence among countries.
Make trusted data sharing frameworks the default
Embedding trust in international data transfers through robust
data protection provisions, cybersecurity and data classification
frameworks, will enable secure and seamless data flows.
Encourage innovation through forward-looking
policies and regulations
Policy and regulatory landscape must adapt to and encourage rapid
technological innovations that are addressing concerns driving data
sovereignty, and facilitating cross-border data flows.
Enable digitisation of businesses and
government services
Government policies directed at helping digitise public and private
sector will further enable their growth, subject to having settings that
enable free flow of data in their jurisdiction.
5
6. The Cross-Border Data Flows Index (CBDFI) provides a quantitative measure of
G20 economies’ approach to cross border data flows, allowing comparisons to
be drawn between the effectiveness of their specific strategies. It examines the
impact of regulations and provisions governing cross border flows across eight
key dimensions:
1.
Data localisation requirements, which can limit the import and export of
foreign-sourced data-processing and data-storage services;
2. Explicit provisions allowing for international or extraterritorial transfers of
personal data;
3.
Existence of specific mechanisms by which personal data is allowed to be
transferred, subject to conditions;
4.
Presence of a data classification framework which enables cross-border data
flows (distinct from an “official secrets act”);
5. Consent requirements for the cross-border collection, storage, and
dissemination of personal data;
6.
Participation in the EU’s General Data Protection Regulation (GDPR)
regime, or meeting GDPR adequacy requirements;
7.
Participation in the APEC Cross-Border Privacy Rules (CBPR) or similar
regional system, promoting an accountability rather than an adequacy system;
8.
Whether a government has offered indications of being favourably or
unfavourably positioned on supporting cross-border data flows.
Appendix I provides details on the scoring mechanism for each of
these dimensions.
2. Cross-Border Data Flows Index
2.1
Key Findings
Restrictions on cross-border data flows are rising
Across the G20, data-related policies are both complex and fragmented. In the
two years since the first Data Beyond Borders Report, these policies have in many
cases become more inward looking, prioritising issues of data sovereignty and the
retention of data within borders.
While data flow restrictions are more pronounced in centrally-controlled markets,
they are expanding to market economies as well, such as the EU. Box 1 below
gives an overview of some recent policies and regulations in G20 economies
ranging from highly restrictive data localisation mandates to policy statements
about placing limits on the movement of data.
Restrictions on cross-border flows are still said to be chiefly driven by concerns
about the security of data, ostensibly to ensure that its protection is not
undermined by transfers to jurisdictions which may not offer the same safeguards,
or that may limit timely access to data by law enforcement authorities.
6
7. The European Union (EU) has advanced the idea of ‘digital
sovereignty’, with growing calls across the European Commission
(EC) and Member States for data to be stored and processed in the
EU. GAIA-X, a federated and secure data infrastructure, is being incubated by
the EU, and may accompany stricter localisation and licensing requirements.
The Schrems II decision has invalidated the EU-US Privacy Shield, making
the US a non-adequate country for transfer and storage of EU personal data.
The proposed Data Government Act (DGA) introduces rules for international
transfers of protected data held by the public sector.8
The United States (US) has a patchwork of state privacy laws,
following the introduction of the California Consumer Privacy Act
(CCPA). Numerous states have implemented or are implementing
similar data privacy and security laws including Virginia, Washington, Texas,
Massachusetts, and New York, creating more complexity in rules governing
data transfers. Additionally, extensive restrictions on cross-border mergers and
acquisitions, as well as procurement of telecommunications equipment and
services have created some uncertainty for businesses.
China has announced several laws and policies that could impede
the ability of foreign businesses to transfer data into and out of
China.9
The Cybersecurity Law of the People’s Republic of China,
the September 2020 Guiding Opinions on Implementing the Cybersecurity
Classified Protection Scheme (CCPS), and CII Protection Scheme include
specific data transfer restrictions. The Personal Information Protection Law
similarly restricts the transfer of certain data outside of China. The Data
Security Law (DSL) to come into force in September 2021, also has broad
extraterritorial powers if data activities of overseas entities harm China’s
national security or public interests.
India already has sector-specific data localisation requirements in
place, and could pass the Personal Data Protection Bill (PDP Bill) in
2021. The Bill includes requirements to localise critical data, maintain
copies of sensitive data in India, and is unclear on the scope and definition of
critical data and sensitive data.
Indonesia issued GR71 on the Operation of Electronic Systems and
Transactions (GR71) in 2019,10
which restricts storage and processing
of public sector data to Indonesia. While it does not place the same
restriction on private sector data, it gives sectoral regulators scope to define
sector-specific requirements. Bank Indonesia (BI) and Otoritas Jasa Keuangan
(OJK), for example, have continued with existing localisation requirements
on financial sector data. The e-commerce regulation, GR80, also states that
personal data can only be transferred to jurisdictions that offer the same
or higher levels of protection as Indonesia, as determined by the Minister
of Trade.
Brazil enforced the General Data Protection Law (LGPD) in August
2020, yet the newly established National Data Protection Authority
(ANPD) has yet to become operational, creating legal uncertainty
about cross-border transfer mechanisms.
Another bill proposing data localisation
requirements has been introduced in
the Brazilian House of Representatives
in September 2020.
Box 1: Cross-border data flow restrictions in G20 economies (2019-2021)
7
8. Diversity in cross-border data flow requirements is increasing
Across the G20, privacy laws11
have a high degree of variance in the requirements
for cross-border transfers of personal data and, as our data demonstrates, this
appears to be increasing, even as digital consumption has skyrocketed through the
pandemic. This heterogeneity of requirements adds to regulatory complexity and
uncertainty, resulting in less transparency, as well as less clarity on rules.
Consent is central to overseas data transfers in the majority of G20 economies.
However, there are key differences in how consent requirements work and are
implemented across countries. For example, opt-in consent is not required in
Australia. Organisations must however, inform the individual that the same degree
of protection provided under the Privacy Act will no longer apply after data has
been transferred, and advise on the potential consequences of their consent
being withdrawn.12
In South Korea, on the other hand, opt-in consent is required.
Organisations must inform the individual of the identity of the recipient, the
purpose for which the recipient will use the data, the particulars of the personal
data provided, the period for which the recipient will retain and use the personal
data, and the fact that the individual is free not to give consent.13
In other
countries, such as China and India, consent alone is not adequate ground for data
transfer for certain categories of data, with other conditions (such as approval by
public authority) applying as well.14
International cooperation on data flows has shown
limited progress
Many G20 economies have made a number of commitments to foster the
development of their digital economies, and promote cross-border data flows. At
the 2019 G20 Summit, Japan’s Prime Minister Shinzo Abe launched the ‘Osaka
Track’. The initiative aims to enhance cross-border data flows with protections
for personal information, intellectual property, and cybersecurity. The Osaka
Track follows the concept of ‘Data Free Flow with Trust’ that calls for the creation
of international regulations which will enable the free movement of data across
borders. The G20 Digital Economy Ministers Declaration in June 2020 also
recognised the importance of ‘cross-border flow of data, information, ideas and
knowledge for higher productivity, greater innovation, and improved sustainable
development’, while acknowledging that the protection of privacy and personal
data were key concerns.15
While these commitments indicate an interest in promoting cross-border flows,
there is little tangible progress in either reducing localisation mandates, or aligning
regulations to support interoperability.
Commitments towards the free flow of data and prohibition of data localisation
made in FTAs show more promise. The Comprehensive and Progressive
Agreement for Trans-Pacific Partnership (CPTPP), United States-Mexico-Canada
agreement (USMCA), US-Japan Digital Trade Agreement, Singapore-Chile-NZ
Digital Economy Partnership Agreement (DEPA), and Singapore-Australia Digital
Economy Agreement (SADEA) all include provisions to not restrict cross-border
transfers of information, including personal information, by electronic means.
They also prohibit the use or location of computing facilities as a condition
for conducting business. Exceptions are however added, whereby parties can
place restrictions, to achieve ‘legitimate public policy objectives’. The recently
signed Regional Comprehensive Economic Partnership (RCEP) also covers
commitments on cross-border data flows, but with additional exceptions. For
instance, on the location of computing facilities, it adds that the ‘necessity behind
the implementation of such legitimate public policy shall be decided by the
implementing party’.
8
9. Across the G20 there is a diversity of policy and regulatory approaches towards
cross-border data flows. As shown in Figure 1 below, the average score is 24
but more restrictive laws and policy measures have been introduced (or are
forthcoming) since the first CBDFI in 2019. Some economies such as Indonesia
and South Korea continue to have restrictions on international data transfers,
but have made incremental progress through adoption of data protection good
practices, guidelines on interpretation of laws, and international commitments to
enhance cooperation with other countries.
Mexico
26pts
2019 #12, 21pts
#12
Argentina
22pts
2019 #15, 17pts
#13
UK
36pts
2019 #3,
34pts
#2
Germany
30pts
2019 #7,
30pts
#7
European
Union
32pts
2019 #3,
34pts
#4
USA
30pts
2019 #2, 35pts
#7
Canada
31pts
2019 #6, 31pts
#6
Russia
6pts
2019 #20, 4pts
#21
China
9pts
2019 #18,
10pts
#20
Japan
38pts
2019 #1,
38pts
#1
Indonesia
17pts
2019 #19,
9pts
#15
South
Korea
29pts
2019 #10,
24pts
#11
Italy
32pts
2019 #5,
32pts
#4
France
30pts
2019 #7,
30pts
#7
Turkey
16pts
2019 #13,
18pts
#16
Brazil
22pts
2019 #11, 22pts
#13
South Africa
13pts
2019 #13, 18pts
#17
Australia
30pts
2019 #7, 30pts
#7
Saudia Arabia
12pts
2019 #17, 14pts
#19
Singapore
34pts
#3
India
13pts
2019 #15, 17pts
#17
2.2
Scores and
Rankings
Figure 1: Total CBDFI Scores of G20 Economies and Singapore
9
Leaders Trailblazers
Potentials
Consistent Performers
New in 2021
10. Leaders and trailblazers – have least restrictions on
cross-border transfers
Japan (38) leads the G20 economies in the CBDFI rankings, followed by UK (36),
Singapore (34), EU and Italy (tied at 32), and Canada (31). These economies have
clear and consistent regulatory frameworks that enable cross-border data flows
and offer strong data protection safeguards.
Japan has limited restrictions on cross-border transfers, and the Act on the
Protection of Personal Information (APPI) provides clarity on data transfer
provisions and mechanisms. In May 2021, it introduced amendments
to the APPI to consolidate three laws related to personal data protection that will
streamline data sharing between the central and local governments, and private
sector. The Personal Information Protection Commission (PPC) has also been
elevated to become the sole data protection authority. It is a participant of the APEC
CBPR and in 2019, after introducing reforms to the APPI, it was granted an adequacy
decision under GDPR for private sector organisations. It also simultaneously granted
the EU a whitelist status based on the APPI. With the G20 Presidency in 2019, Japan
advocated for cross-border data flows with the concept of ‘Data Free Flow with
Trust’ and launched the Osaka Track, an international framework that promotes
inter-government cooperation to enhance openness and trust in cross-border data
flows. It has also committed to the free flow of information and prohibition of data
localisation in the CPTPP and the US-Japan digital trade agreement.
The EU-UK Trade and Cooperation Agreement (TCA) was applied
provisionally from 1st January 2021, and entered into force on 1st May
2021.16
Apart from commitments in areas such as trade in goods and
services, digital trade, intellectual property, and law enforcement it provided a
bridging mechanism and allowed cross-border transfers of personal data from the
EU to the UK, on the condition that the UK would not change its data protection
legislation. On 28th June 2021, the European Commission adopted the adequacy
decision for the transfers of personal data to the UK. The adequacy agreement
will run for four years after which it will be subject to review and extension if UK
maintains comparable privacy standards and level of data protection.17
The mutual
adequacy arrangement with Japan has not been affected by Brexit. In October
2019, it also signed the Bilateral Data Access Agreement with the US to allow law
enforcement organisations access to digital evidence held by technology service
providers located in their respective countries. This agreement has allowed both
countries to bypass existing Mutual Legal Assistance Treaties (MLAT) processes,
but agencies are limited to requesting data of only their own residents.
In the EU, the Free Flow of Non-Personal Data Regulation18
and
the European Strategy for Data19
have been adopted in May 2019
and February 2020, respectively. The EC continues to promote
cross-border data flows and prohibits Member States from imposing data
localisation restrictions.
Canada’s current policy and regulatory frameworks enable cross-border
data flows.It has also made commitments in the USMCA to promote the
free flow of data, and prohibit localisation mandates. In 2019, however,
the Office of the Privacy Commissioner (OPC) reversed its long-standing position
regarding cross-border transfers of personal data and launched a consultation
proposing that organisations obtain consent when transferring personal
information to third parties. Though no amendments were made to the 2009
Guidelines for Processing Personal Data Across Borders, there remains a strong
interest in strengthening safeguards for cross-border transfers. The government has
also proposed amendments to the Personal Information Protection and Electronic
Documents Act (PIPEDA). Canada should ensure that proposed amendments to
the legislation do not hamper cross-border flows and increase compliance costs
of businesses.
10
11. Consistent performers – place certain limitations on
cross-border transfers
France, Germany, US and Australia (tied at 30), and South Korea (29) are all in the
middle of the pack. They are open to cross-border data flows, but impose certain
conditions on cross-border transfers of data.
In France and Germany, there has been growing emphasis on digital
sovereignty and “[limiting] dependency on infrastructures and services
located outside of Europe”20
In 2019, the two countries launched the
GAIA-X project to link cloud service providers across Europe, followed by
a joint statement highlighting the importance of “strengthening Europe’s
competitiveness in the global digital market”.21
Policy discussions in both countries
have increasingly focused on limiting cross-border transfers of EU citizen data, for
instance a report commissioned by the French Minister of Economy and Finance has
recommended data localisation requirements to be imposed on payments data.22
The invalidation of the EU-US Privacy Shield has rendered the US a non-
adequate country for transatlantic data transfers. This has had a significant
impact on EU-US data transfers as many organisations now need to rely
on other transfer mechanisms. In addition, the growing number of state privacy
laws are contributing to legal complexity for data transfers. The US is however a
participant of the APEC CBPR, and has made strong commitments to international
data transfers (including financial information) in the USMCA and the US-Japan
digital trade agreements.
In Australia, the Privacy Act details cross-border data transfer provisions
and mechanisms. While there are no overarching restrictions, certain
sector-specific limitations are placed on data flows. It has also made
trade commitments to the free flow of data under the CPTPP, SADEA, and the
Indonesia-Australia Comprehensive Economic Partnership Agreement (CEPA).
Australian parliament passed the Telecommunications Legislation Amendment
(International Production Orders) Bill 2020, to establish a framework for its
enforcement agencies to access certain data held by communications providers
outside of Australia for law enforcement and national security purposes. The Bill
paves the way for a reciprocal cross-border data access regime with the United
States under the CLOUD Act and provides an alternative to the MLAT process.23
Potentials – have strict restrictions on cross-border transfers
At the lower end are Indonesia (17), India (13) and China (9). They each have strict
data localisation requirements, but have the potential to make more gains, given
the size of their economies.
Indonesia has shown notable progress in enhancing its privacy regime.
With the introduction of GR71, localisation requirements for the private
sector were lifted, although public sector data must only be managed,
stored, and processed in-country. Even as data flow barriers have been reduced,
sectoral regulators have been allowed to maintain data localisation mandates.
The draft e-commerce regulation, GR80, also contains provisions that limit cross-
border personal data transfer to third countries deemed having the same level of
personal data standards and protection as Indonesia, which will be determined
by the Ministry of Trade. As part of the Indonesia-Australia CEPA, it has made
commitments to enabling cross-border data flows.
India has multiple sector-specific data localisation requirements, and
the draft PDP Bill (expected to be passed in Parliament in 2021), also
contains restrictions on cross-border transfers. Under the Bill, sensitive
personal data may be transferred outside India for the purpose of processing, but
will continue to be stored in-country. Critical personal data, which has not been
defined, can only be processed in India. In recent years, the government has
taken a strong position against cross-border data transfers, and the inadequacy of
existing international frameworks in addressing concerns about data access.
In China, the Cybersecurity Law (CSL) requires operators to store personal
information and important data generated from critical information
infrastructures (CII) within the country. The Data Security Law (DSL) and
the Measures for Security Assessment for Cross-Border Personal Data Transfer also
contain provisions on data localisation. The Draft Personal Information Protection
Law (PIPL) stipulates the conditions under which organisations will be permitted
to access and transfer personal data outside of China, it also extends the data
localisation obligations from operators of CII to personal information processors
who process personal information in a volume that reach the threshold specified
by the Cyberspace Administration of China (CAC), by mandating a security
assessment. The finalisation of the PIPL will further limit interoperability with other
regulatory regimes.
11
12. Table 1: Correlation between CBDFI Scores and selected economic indicators
GDP
per capita
GDP growth FDI, net inflows
Ease of Doing
Business Index
Unemployment
Rate
Employment
Ratio
FDI Confidence
Index
Global
Competitiveness
Index
Economic
Freedom Index
Strong Insignificant Insignificant Insignificant Insignificant Insignificant Insignificant Strong Strong
It estimates that the negative impact on GDP of a country would range from
0.7 percent to 1.1 percent if these requirements were imposed across all sectors of
the economy.24
On the other hand, econometric modeling conducted by McKinsey has estimated
that data flows alone could directly raise world GDP by 3 percent. For G20
economies, the benefits arising from unrestricted data flows could amount to
USD2.93 trillion by 2025.25
Table 1 below shows a correlation analysis between the overall CBDFI scores
and key economic indicators to evaluate the potential economic impact of
cross-border data flows on G20 economies. The selected indicators include:
1. GDP per capita;
2. GDP growth;
3. Foreign Direct Investment (FDI), net inflows;
4. The World Bank’s Ease of Doing Business Index;
5. Unemployment rates;
6. Employment to total population ratio;
7. AT Kearney’s FDI Confidence Index;
8. The World Economic Forum (WEF)’s Global Competitiveness Index (GCI) and
9. Heritage Foundation’s Index of Economic Freedom
The results indicate that CBDFI scores are positively correlated with GDP per
capita, the Global Competitiveness Index (GCI) and the Index of Economic
Freedom (all statistically significant at the 0.01 level). Therefore, there is a positive
association between an enabling regulatory environment for cross-border data
flows and economic growth, competitiveness, and opportunity.
Given the wide ranging impact of cross-border data flows on the growth of various
economic sectors including finance, health, e-commerce, and education, it can be
challenging to comprehensively assess the economic value generated by global
data flows, as well as the cost of imposing restrictions on them.
The European Centre for International Political Economy (ECIPE) has attempted to
quantify the losses resulting from data localisation policies in six G20 economies.
2.3
Correlation
Analysis
12
13. The CBDFI has shown that lower trust between countries has resulted in stringent
data transfer requirements, as well as outright data localisation restrictions. The
country-to-country variance in technical requirements for data transfers is adding
to the regulatory complexity for businesses.
Given these observations and the current economic climate, we make five
recommendations to enable cross-border data flows.
Promote convergence and interoperability
in privacy laws
Across the G20, regulatory diversity presents a significant challenge in the effective
transfer of data across borders. Governments should aim to reduce the variance
in privacy laws, which will support businesses, and foster greater cooperation and
trust amongst countries. Regulations based on international standards, such as
the OECD Privacy Principles and APEC Privacy Framework can significantly reduce
the heterogeneity in data transfer provisions.26
This is a long-term goal that G20
governments must work towards.
In the short-term, G20 economies must cooperate in establishing mechanisms
that imitate this convergence and enable cross-border transfers, without requiring
amendments to laws (which is a lengthier process). These include:
i
Certifications based on international standards: Businesses can utilise
certifications based on standards as mechanisms for cross-border transfers.
These may include regional or international standards such as APEC CBPR and
ISO/IEC 27000.27
International standards will be more cost effective as they will
offer global coverage and limit the need to get multiple different certifications.
National privacy authorities can provide guidance on attaining certifications.
ii
Data transfer agreements: Businesses can be guided and supported in
establishing data transfer agreements, and what key elements to include in
them. Ongoing regional developments such as the ASEAN Model Contractual
Clauses on Cross-Border Data Flows (MCC) can be leveraged, as they provide
template contractual terms and conditions that can be included in binding
legal agreements between businesses engaged in cross-border transfers.
Expand bilateral and multilateral agreements to further
facilitate data
Restrictions on cross-border data transfers are driven chiefly by concerns about
getting timely access to data for regulatory supervision or law enforcement
purposes. G20 economies can address this concern by strengthening trust among
regulatory authorities that they will have access to information needed to perform
their functions. These could take the form of bilateral or multilateral agreements.
With greater trust and confidence, data localisation requirements where access to
data is a concern can be minimised.
International agreements to facilitate regulatory access to data across borders
already exist. The UK and the US have signed a Bilateral Data Access Agreement
to allow law enforcement agencies access to data held by technology service
providers located in these countries. Agreements such as this can be used as
building blocks for greater cooperation between other G20 economies. Several
G20 economies have also made commitments in Free Trade Agreements (FTAs)
to promote the free flow of data and limit data localisations measures. Of these,
USMCA and the US-Japan Digital Trade Agreement contain explicit provisions for
access to financial information.
Financial regulators may also come together through bilateral agreements that
commit to financial institutions transferring data across borders. Singapore’s
Monetary Authority of Singapore (MAS) for instance, jointly issued a statement
with the US Treasury in February 2020 to oppose measures that impose data
localisation requirements on financial service suppliers.28
In November 2020,
it issued a similar statement with the Central Bank of Philippines (BSP), to
promote data connectivity, without restrictions on the location of data storage
and processing.29
Another example is Singapore led initiatives in the ASEAN Data Management
Framework (DMF) and ASEAN Model Contractual Clauses (MCCs) for Cross Border
Data Flows, to help with the free flow of data among ASEAN economies.
3. Recommendations
13
14. Make trusted data sharing frameworks
the default
G20 governments should prioritise making trusted data sharing frameworks the
default. In today’s digitally driven global economy, businesses depend on seamless
and uninterrupted data flows across national borders. As such, a policy in favour of
secure cross-border data sharing should be seen as not only pro-economic growth
but pro-innovation, critical in the post-Covid-19 recovery environment.
Trusted data sharing will not increase government or business risks and
vulnerabilities if robust provisions and frameworks (both data protection and
cybersecurity) are established and aligned across countries. On the contrary,
imposing data localisation requirements increases the cost for all stakeholders,
especially if the focus is on localisation rather than protection:
• Data localisation requirements also severely compromise the ability of
regulatory authorities and businesses to detect and monitor fraud, money
laundering, and terrorism financing activities. Limiting the flow of data across
borders makes the process of detecting suspicious activities more complex.
An elemental component of establishing data sharing as the default is the use
of data classification frameworks. While recognising that many countries in the
G20 have yet to institute a risk-based data classification framework and should
focus on doing so, governments must aim to go beyond meeting this foundational
requirement for domestic purposes such as national security. Governments
should review the purpose of their data classification frameworks and ensure that
it not only aligns with but is leveraged upon in its larger data privacy regulations
and policies to facilitate cross-border data sharing.
Encourage innovation through forward-looking
policies and regulations
Digital technologies are constantly transforming. For instance, new and alternative
models (such as federated learning and data trusts) that unlock siloed data, data
learnings or algorithms across borders have the potential to address concerns
driving data sovereignty and facilitate cross-border data flows.30
The policy and regulatory landscape of G20 economies must therefore, be
agile, to adapt to, as well as encourage these technological innovations. This can
be done through sandboxes, and testbeds, as well as self-regulation and co-
regulation initiatives that include greater participation of industry stakeholders and
citizens. By following such approaches, governments would also be adopting the
most sustainable approach, one that will ensure that digital economies (national,
regional, and inter-regional) remain robust for the future.
Enable digitisation of businesses and
government services
Governments are undertaking digital transformation efforts to streamline internal
processes, and broaden and expand the provision of public services. Citizens’
expectations of government are also rising – they expect high quality services that
are reliable, convenient, and fast, and for governments to protect their privacy.
Nearly two-thirds of customers expect digital government services to perform at
the standard of leading private companies, if not better.31
Similarly, businesses
are increasing investments in digital technologies and tools that cover all aspects
of their business whether it be e-payments; marketplaces; payroll management;
e-invoicing; marketing; and Customer Relationship Management (CRM).
The pandemic has accelerated the pace of these digitisation efforts. However,
success hinges upon conducive regulatory environments that allow the free flow of
data across borders. Digital technologies and tools rely on data that may be stored
and processed in different locations around the globe. For businesses, they allow
participation in international trade, and being part of global value chains (GVCs).
Small and medium-sized (SME) businesses that account for nearly 90 percent of all
businesses are then able to access national and international markets.32
Government policies to support digital transformation efforts of both the public
and private sector must be accompanied by regulations that enable and facilitate
international data transfers. Restrictions on the other hand, increase costs in terms
of the time and resources spent in navigating rules and ensuring compliance, as
well as the missed business opportunities.
14
15. 4. Market Highlight: Singapore
Supported by strong data protection regulation and guidelines, the country has
taken an open and forward-looking approach in enabling the secure and seamless
flow of data across borders.
Measured on each of the eight dimensions of the CBDFI, it receives a score of 34
(Figure 2).
Figure 2: CBDFI Scores for Singapore
Data localisation requirements
Explicit provisions on cross-border transfers
Mechanisms to transfer personal data
Data classification framework
Consent/Notice requirements
Participation in the EU’s GDPR regime
Participation in the APEC’s CBPR system
Inclinations towards cross-border data flows
0 1 2 3 4 5 6
The following is a detailed overview of Singapore’s approach to cross-border
data flows:
Dimension 1: Data Localisation requirements
Singapore’s Personal Data Protection Act (PDPA) recognises the importance of
cross-border flow of data, and has not imposed any overarching data localisation
requirements. There are also no sectoral or targeted localisation requirements
impacting data flows.
Dimension 2: Explicit provisions on extraterritorial transfers
The PDPA includes explicit provisions for businesses transferring personal data
overseas. These provisions are meant to ensure that a comparable standard of
protection is provided to data, and it provides businesses clarity and certainty.
Dimension 3: Mechanisms to transfer personal data
across borders
Singapore has in place a clear mechanism that facilitates transfers of data,
providing transparent and consistent rules for businesses. According to the
PDPA, transferring organisations are required to take appropriate steps to
ascertain and ensure that the recipient of the personal data outside Singapore
is bound by legally enforceable obligation to provide a comparable standard
of protection to the transferred personal data.33
These obligations include the
local law of the country of destination, a contract, binding corporate rules, or any
other legally binding instrument. The PDPA has been amended by the PDPC to
include certification, including the APEC CBPR and PRP Systems as valid data
transfer mechanisms. In addition, Singapore has also encouraged certifications
based on international transfers. The 2019 Advisory Guidelines on Cloud
Services have noted that organisations processing personal data through CSPs
can transfer data to other countries, if the CSPs are certified against relevant
international standards.34
15
Singapore has a stellar track record in creating
the right policy and regulatory environment for the
development of the digital economy.
16. Singapore has also been a regional leader, initiating the ASEAN Data Management
Framework (DMF) and ASEAN Model Contractual Clauses (MCCs) for Cross Border
Data Flows. The DMF is a guide for businesses, particularly SMEs to implement a
data management system. This includes guidelines for data governance structures
and appropriate data protection safeguards depending on the underlying purpose
of the dataset of interest throughout its lifecycle. While MCCs are contractual
terms and conditions that may be included in the binding legal agreements
between businesses when transferring personal data to each other across borders.
Dimension 4: Data classification framework
While Singapore does not have a data classification framework specifically for
enabling cross-border data flows, the government introduced an Information
Sensitivity Framework (ISF) in 2018 to standardise the protection of sensitive data.
Public agencies are then able to apply consistent sensitivity categorisations to
data, which aids inter-agency data sharing and data analytics as well.35
Dimension 5: Consent/Notice requirements for the
international use of data
Consent requirements for transfer of personal data are a central feature of data
transfer regimes across the world.
Singapore recognises the full range of transfer mechanisms, ranging from
contracts and binding corporate rules to specified certification systems, including
consent. Obtaining consent is not necessary when relying on any of the other
permitted transfer mechanisms. But businesses that choose to rely on consent
for transferring personal data will also need to include a ‘reasonable summary in
writing of the extent to which the personal data to be transferred to that country
or territory will be protected to a standard comparable to the protection under
the PDPA’.36
This requirement is challenging, because in practice, in exception
of specifically identified transfers to a particular organisation, it is difficult for
businesses to provide such information in detail, given that each recipient will have
different ways of implementing the protection of personal data.37
Dimension 6: Participation in the EU’s GDPR regime
Singapore does not have the GDPR adequacy determination. Singapore’s PDPA
and the EU’s GDPR are comprehensive and contain similarities in personal and
extraterritorial scopes. In relation to cross-border transfers of personal data to
a third country, they both provide for restrictions and exceptions, and establish
legal ground and circumstances for lawful transfers.38
However, unlike the PDPA,
the GDPR provides for cross-border transfers made from a register, and allows
transfers carried out under international agreements for judicial cooperation.39
The
legislations will however be more closely aligned in the future. The Personal Data
Protection (Amendment) Act which took effect in February 2021, introduced a
number of key changes, including mandatory data breach notification40
and data
portability provisions.
16
17. Dimension 7: Participation in the APEC’s CBPR system
Singapore joined the APEC Cross-Border Privacy Rules (CBPR) System in 2018.
It has amended the Personal Data Protection Regulations 2014, to recognise the
CBPR certifications as modes of transfers of data overseas.41
CBPR is a government-backed data privacy certification that allows businesses
to demonstrate compliance with internationally recognised data privacy
protections.42
It bridges gaps between national laws and regulations, and
facilitates cross-border transfers. Currently, USA, Mexico, Japan, Canada,
Singapore, Korea, Australia, Taiwan, and the Philippines are participating in the
CBPR system.
Dimension 8: Inclinations towards allowing cross-border
data flows
Singapore is a strong advocate for cross-border data flows. It has negotiated two
Digital Economy Agreements (DEAs) – Digital Economy Partnership Agreement
(DEPA) – with Chile and New Zealand; and the Singapore-Australia Digital
Economy Agreement (SADEA). It has also launched negotiations with Korea on a
Singapore-Korea Digital Partnership Agreement (SKDPA).43
DEAs establish digital
economy collaborations and aid countries in developing international frameworks
for interoperability of standards and systems. Under the DEAs, Singapore has
committed to allowing data to flow freely across borders and prohibit localisation,
except for legitimate purposes such as personal data protection. Singapore is also
part of the CPTPP that aims to promote the free flow of data across borders, and
minimise data localisations requirements.
These agreements are in addition to other digital cooperation initiatives that
Singapore is a part of, including as the co-convener at WTO’s Joint Statement
Initiative on E-commerce (JSI). The JSI has made some progress since launching
in 2019, and has developed a consolidated text to form the basis of negotiations
in 2021. Provisions that enable and promote the flow of data are central to these
negotiations, and Singapore and Japan have also held information sessions
for negotiators and the private sector on data flows and localisation rules in
November 2020.44
Within the financial sector, the Monetary Authority of Singapore (MAS) has
adopted supportive measures that include bilateral agreements that seek to
ensure that financial services institutions can transfer data, including personal
data, across borders. The February 2020 US-Singapore joint statement on
Financial Services Data Connectivity, for example, opposes measures that impose
data localisation requirements on financial service suppliers.45
In November
2020, it issued a similar statement with the Central Bank of Philippines (BSP),
underscoring the importance of data connectivity, without restricting the location
of data storage and processing.46
17
18. Table 2: Scoring mechanisms for regulations impacting data flows
Questions on regulations impacting data flows Scoring mechanisms
1 Is there a data localisation requirement? No (except for “official secrets act” or similar) = 6
No overarching data local requirement, but certain sector-specific limitations = 4
Some strong sector-specific requirements that increase uncertainty = 2
Forthcoming (or rumoured / likely) = 1
Yes = 0
2 Are there explicit provisions allowing for international or extraterritorial transfers of
personal data / personally-identifiable data?
Yes (clearly enabling, and limited to no ambiguity) = 6
Yes, but some lack of clarity on certain types of personal data or some types of conditions = 4
Data residency requirements clearly or ambiguously appearing at times = 2
No (data residency is the clear default) = 0
3 Does the data protection law include a specific mechanism to transfer personal
data across borders subject to certain protections?
Yes = 6
Upcoming = 3
Limited = 2
No = 0
4 Is there a data classification framework in use for enabling cross-border data flows
(which is distinct from an “official secrets act” or similar)?
Explicit, clear, and published = 6
In use as part of a cloud first or similar framework = 4
In use by key government agencies and certain companies (but not published and perhaps not consistent) = 2
No = 0
5 Is there a consent or notice requirement for the collection, storage, or
dissemination of personal data internationally or extraterritorially?
Written (or equivalent) consent is required = 0
Yes, express consent requirements (freely given, specific, informed, and unambiguous) = 2
No consent requirements but notice needs to be given to data subjects = 4
No consent or notice requirements = 6
6 Is the country a participant of the EU’s GDPR regime or meets GDPR adequacy
requirements?
No = 0
Partial = 3
Yes = 6
7 Is the country a participant of the APEC’s CBPR or similar regional system
(promoting an accountability rather than an adequacy system)?
Yes = 6
In application or in process = 4
Contemplated = 2
No = 0
8 Are there public record indicators that the government is actively promoting cross-
border data flows beyond a clearly articulated data protection and data classification
framework (e.g., proactive use of MLATs, international data flow network sharing
participation, or clear and supportive policy statements from government leadership)?
Clear and binding legal or regulatory enablers = 6
Active use of existing frameworks such as MLATs = 4
Clear and supportive policy statement from very senior government representative (e.g., President, Central Bank Governor) = 2
No = 0
Source: Access Partnership Research
The Cross-Border Data Flows Index (CBDFI) provides a quantitative measure of G20
economies’ policy and regulatory approach to cross-border data flows.
Each of the G20 economies is scored on a scale from 0 to 6 for a total score of
48. Table 2 below provides details on the scoring mechanisms, as well as on the
assumptions that guided the scoring process.
The total economy score (with 48 being the maximum attainable score) is a
comparable indication of where G20 economies stand relative to one another.
A higher score indicates a more conducive environment for cross-border data flows.
Businesses relying on data transfers in these jurisdictions will encounter fewer barriers,
lower compliance costs and high degree of legal stability and certainty. On the contrary,
a lower score indicates the existence of restrictive and complex requirements that place
increased costs and complexity for businesses transferring data across borders.
Appendix I. Methodology
18
19. Table 3: Detailed CBDFI Scores for G20 Economies (out of 48)
Data Regulations / Requirements Argentina Australia Brazil Canada China European
Union
France Germany India Indonesia
Rank 13 7 13 6 20 4 7 7 17 15
1 Is there a data localisation requirement? 4 4 4 4 0 4 2 2 0 2
2 Are there explicit provisions allowing for international or extraterritorial
transfers of personal data / personally identifiable data?
4 6 4 4 4 6 6 6 4 4
3 Does the data protection law include a specific mechanism to transfer
personal data across borders subject to certain protections?
2 2 2 0 3 6 6 6 3 3
4 Is there a data classification framework in use for enabling cross-border
data flows (which is distinct from an “official secrets act” or similar)?
2 2 6 6 2 4 4 4 0 2
5 Is there a consent or notice requirement for the collection, storage, or
dissemination of personal data internationally or extraterritorially?
0 4 2 2 0 2 2 2 2 2
6 Is the country a participant of the EU’s GDPR regime or meets GDPR
adequacy requirements?
6 0 0 3 0 6 6 6 0 0
7 Is the country a participant of the APEC’s CBPR or similar regional
system (promoting an accountability rather than an adequacy system)?
0 6 0 6 0 0 0 0 2 0
8 Are there public record indicators that the government is actively
promoting cross-border data flows beyond a clearly articulated data
protection and data classification framework (e.g., proactive use of
MLATs, international data flow network sharing participation, or clear
and supportive policy statements from government leadership)?
4 6 4 6 0 4 4 4 2 4
Total 22 30 22 31 9 32 30 30 13 17
Appendix II. Country Scores
19
20. Table 3: Detailed CBDFI Scores for G20 Economies (out of 48) cont.
Data Regulations / Requirements Italy Japan Mexico Russia Saudia
Arabia
Singapore South
Africa
South
Korea
Turkey UK USA
Rank 4 1 12 21 19 3 17 11 16 2 7
1 Is there a data localisation requirement? 4 6 4 0 2 6 1 2 2 4 4
2 Are there explicit provisions allowing for international or extraterritorial
transfers of personal data / personally identifiable data?
6 6 4 2 2 6 6 4 4 6 4
3 Does the data protection law include a specific mechanism to transfer
personal data across borders subject to certain protections?
6 6 2 0 0 6 2 3 6 6 2
4 Is there a data classification framework in use for enabling cross-border
data flows (which is distinct from an “official secrets act” or similar)?
4 0 2 2 4 2 0 2 0 6 6
5 Is there a consent or notice requirement for the collection, storage, or
dissemination of personal data internationally or extraterritorially?
2 2 2 0 0 2 2 2 2 2 2
6 Is the country a participant of the EU’s GDPR regime or meets GDPR
adequacy requirements?
6 6 0 0 0 0 0 6 0 6 0
7 Is the country a participant of the APEC’s CBPR or similar regional
system (promoting an accountability rather than an adequacy system)?
0 6 6 0 2 6 0 6 0 0 6
8 Are there public record indicators that the government is actively
promoting cross-border data flows beyond a clearly articulated data
protection and data classification framework (e.g., proactive use of
MLATs, international data flow network sharing participation, or clear
and supportive policy statements from government leadership)?
4 6 6 2 2 6 2 4 2 6 6
Total 32 38 26 6 12 34 13 29 16 36 30
20
21. Table 4 below provides a detailed breakdown of the calculations used to determine the impact of cross-border data flows on economic performance.
Appendix III. Statistical Analysis
Table 4: Correlations between CBDFI and Selected Economic Indicators
GDP per capita GDP growth FDI net inflow Ease of Doing
Business Index Unemployment
Rate
Employment
Ratio FDI
confidence
Global
Competitiveness
Index
Index of
Economic
Freedom
CBDFI
Pearson Corr. .766** -.297 .234 .424 -.339 .250 .335 .678** .698**
Sig.
(2-tailed)
.000 .192 .308 .055 .133 .274 .288 .001 .000
N 21 21 21 21 21 21 12 21 21
Note: **: Correlation is significant at the 0.01 level (2-tailed)
N: G20 Economies, and Singapore
21
22. Table 5 compiles the eight indicators of economic growth, competitiveness and opportunity that were used to calculate the correlations.
Table 5: Selected Indicators used for Correlation Analysis
GDP per capita
(current US$),
2019
GDP annual
growth rate, 2019
Foreign direct
investment,
net inflows
(% of GDP)
Ease of Doing
Business Index
(score)
Unemployment,
total
(% of total
labour force)
Employment to
population ratio
FDI confidence
index
Global
Competitiveness
Index
Index of
Economic
Freedom
CBDFI
score
Argentina 9,912.30 -2.1 1.5 59 9.8 54.4 -- 57 53.1 22
Australia 55,060.30 2.2 2.9 81.2 5.2 62.6 1.98 79 82.6 28
Brazil 8,717.20 1.1 4 59.1 11.9 55.1 1.65 61 53.7 22
Canada 46,194.70 1.7 2.8 79.6 5.7 62 2.2 80 78.2 31
China 10,261.70 6.1 1.1 77.9 5.2 67.3 1.95 74 59.5 9
European
Union
34918.5 1.6 1.6 76.2 6.7 53.7 -- 72 70.9 32
France 40,493.90 1.5 1.9 76.8 8.4 50.7 2.09 79 66 30
Germany 46,445.20 0.6 1.9 79.7 3.1 60 2.15 82 73.5 30
India 2,099.60 4.2 1.8 71 5.3 45.4 -- 61 56.5 13
Indonesia 4,135.60 5 2.2 69.6 3.6 65.7 -- 65 67.2 17
Italy 33,228.20 0.3 1.5 72.9 10 44.9 1.94 72 63.8 32
Japan 40,246.90 0.7 0.7 78 2.4 60.6 2.14 82 73.3 38
Mexico 9,946.00 -0.1 2.3 72.4 3.5 58 -- 65 66 26
Russia 11,585.00 1.3 1.9 78.2 4.5 59.4 -- 67 61 6
Saudi Arabia 23,139.80 0.3 0.6 71.6 6 52.5 -- 70 62.4 12
Singapore 65,233.30 0.7 28.3 86.2 3.1 65.2 1.87 85 89.4 34
South Africa 6,001.40 0.2 1.3 67 28.5 39.5 -- 62 58.8 16
South Korea 31,846.20 2 0.6 84 3.7 61.2 1.72 80 74 29
Turkey 9,126.60 0.9 1.2 76.8 13.7 45.7 -- 62 64.4 16
United
Kingdom
42,330.10 1.5 0.7 83.5 3.7 60.9 2.06 81 79.3 33
United States 65,297.50 2.2 1.6 84 3.7 60.8 2.26 84 76.6 30
Sources:
GDP per capita (current US$), 2019, World Bank, https://data.worldbank.org/indicator/NY.GDP.PCAP.CD
GDP annual growth rate, 2019, World Bank, https://data.worldbank.org/indicator/NY.GDP.MKTP.KD.ZG
Foreign direct investment, net inflows (% of GDP), 2019, World Bank, https://data.worldbank.org/indicator/bx.klt.dinv.wd.gd.zs
Ease of doing business score, 2020, World Bank, www.doingbusiness.org/en/data/doing-business-score
Unemployment, total (% of total labour force), 2019, World Bank, https://data.worldbank.org/indicator/SL.UEM.TOTL.NE.ZS
Employment to population ratio, 2019, World Bank, https://data.worldbank.org/indicator/SL.EMP.TOTL.SP.NE.ZS
FDI Confidence Index 2020, AT Kearney, www.atkearney.com/foreign-direct-investment-confidence-index
Global Competitiveness Report 2019, WEF, http://www3.weforum.org/docs/WEF_TheGlobalCompetitivenessReport2019.pdf
2020 Index of Economic Freedom, heritage.org, https://www.heritage.org/index/ranking?version=633
22
23. Appendix IV. Abbreviations
AI Artificial Intelligence
APEC Asia-Pacific Economic Cooperation
ASEAN Association of South East Asian Nations
BI Bank Indonesia
BSP Central Bank of Philippines
CBDFI Cross Border Data Flow Index
CBPR Cross Border Privacy Rules (APEC)
CCPA California Consumer Privacy Act
CCPS Cybersecurity Classified Protection Scheme (China)
CEPA Indonesia-Australia Comprehensive Economic Partnership Agreement
CPTPP Comprehensive and Progressive Agreement for Trans-Pacific Partnership
CSPs Cloud Service Providers
DEPA Singapore-Chile-NZ Digital Economy Partnership Agreement
DMF Data Management Framework
EC European Commission
ECIPE European Centre for International Political Economy
EU European Union
FTAs Free Trade Agreements
FDI Foreign Direct Investment
G20 Group of Twenty
GDP Gross Domestic Product
GDPR General Data Protection Regulation
IoT Internet of Things
ISO International Organisation of Standardisation
MAS Monetary Authority of Singapore
MCC Model Contractual Clauses
MLATs Mutual Legal Assistance Treaties
OECD Organisation for Economic Cooperation and Development
OJK Otoritas Jasa Keuangan
SADEA Singapore-Australia Digital Economy Agreement
SKDPA Singapore-Korea Digital Partnership Agreement
USMCA United States-Mexico-Canada agreement
WEF World Economic Forum
WTO World Trade Organisation
23
24. Appendix V. References
1 Trade and Cross-Border Data Flows, OECD, 2019
2 FutureScape—Worldwide IT Industry 2019 Predictions, IDC, 2018
3
UN (2021) World Economic Situation Prospects, https://www.un.org/development/desa/dpad/wp-
content/uploads/sites/45/WESP2021_FullReport.pdf
4
Joshua P. Meltzer (2020) How APEC can address restrictions on cross-border data flows, https://app.glueup.
com/resources/protected/organization/895/event/29824/f4ede14f-b70e-45a4-84e4-098bc975a67b.pdf
5
Global Data Alliance (2020) Submission for National Trade Estimate on Foreign Trade Barriers, https://www.
globaldataalliance.org/downloads/10292020GDA2020NTESubmission.pdf
6
MTI (2019) Australia, Japan and Singapore welcome WTO electronic commerce negotiations, https://www.
mti.gov.sg/-/media/MTI/Newsroom/Press-Releases/2019/01/Australia-Japan-and-Singapore-welcome-
WTO-electronic-commerce-negotiations.pdf
7
METI (2020) Joint Statement Initiative on E-commerce: Co-Conveners Update, https://www.meti.go.jp/pre
ss/2020/12/20201215001/20201215001-1.pdf
8
Council of the European Union, Proposal for a Regulation of the European Parliament and of the Council
on European data governance (Data Governance Act), https://data.consilium.europa.eu/doc/document/
ST-6297-2021-INIT/en/pdf
9
Global Data Alliance (2020) Submission for National Trade Estimate on Foreign Trade Barriers, https://www.
globaldataalliance.org/downloads/10292020GDA2020NTESubmission.pdf
10 This replaced the highly contentious GR82.
11 Saudi Arabia does not have a specific national data protection regulation.
12
ABLI (2020) Comparative Review of Data Transfer Laws and Regulations in Asia, https://app.glueup.com/
resources/protected/organization/895/event/29824/9209bc06-f8e0-4aff-bc53-1f4cc8912d0d.PDF
13
Microsoft (2019) Strengthening Privacy Regulatory Coherence In Asia, https://www.microsoft.com/cms/
api/am/binary/RE4KiGz
14
ABLI (2020) Comparative Review of Data Transfer Laws and Regulations in Asia, https://app.glueup.com/
resources/protected/organization/895/event/29824/9209bc06-f8e0-4aff-bc53-1f4cc8912d0d.PDF
15
G20 Digital Economy Ministers Meeting 2020, http://www.g20.utoronto.ca/2020/2020-g20-digital-0722.
html#:~:text=Ministerial%20D-eclaration%3A%20G20%20Digital%20Economy%20Ministers%20
Meeting%2C%20July%2022%2C%202020text=Building%20on%20the%20achievements%20
and,the%2021st%20century%20for%20all
16
European Commission (2021) The EU-UK Trade and Corporation Agreement, https://ec.europa.eu/info/
relations-united-kingdom/eu-uk-trade-and-cooperation-agreement_en
17
European Commission (2021) Press Release - Data protection: Commission adopts adequacy decisions for
the UK, https://ec.europa.eu/commission/presscorner/detail/en/ip_21_3183
18 European Commission, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32018R1807
19
European Commission, https://ec.europa.eu/info/strategy/priorities-2019-2024/europe-fit-digital-age/
european-data-strategy
20
TechEu (2020) Europe’s pursuit of digital sovereignty could affect the future of the Internet, https://tech.
eu/-features/32780/europe-digital-sovereignty/
21
Telecom Paper (2020) Germany, France sign common paper to support European cloud infrastructure
Gaia-X, https://www.telecompaper.com/news/germany-france-sign-common-paper-to-support-european-
cloud-infrastructure-gaia-x--1327334
22
Lexology (2020) French report proposes payments data localisation requirements, https://www.lexology.
com/library-/detail.aspx?g=cdc2f545-70bb-4673-959d-c0be5f49c4ff
23
Telecommunications Legislation Amendment (International Production Orders) Bill 2020,
https://www.aph.gov.au/Parliamentary_Business/Bills_LEGislation/Bills_Search_Results/Result?bId=r6511
24
ECIPE (2014), The Costs of Data Localisation: A Friendly Fire on Economic Recovery, http://ecipe.org/
publications/dataloc
25
McKinsey Global Institute (2016), Digital globalization: The new era of global flows, www.mckinsey.com/
business-functions/digital-mckinsey/our-insights/digital-globalization-the-new-era-of-global-flows; GDP for
France, Germany and Italy have been excluded in the calculation to avoid double counting under EU areas.
26
Joshua P. Meltzer (2020) How APEC can address restrictions on cross-border data flows, https://ab46bb92-
a539-4d61-9a28-f77eb5f41c00.usrfiles.com/ugd/ab46bb_830a70b4f8dc4508a38d3e480ffa9cb2.pdf
27
Microsoft (2019) Strengthening Privacy Regulatory Coherence In Asia, https://www.microsoft.com/cms/
api/am/binary/RE4KiGz
28
U.S. Department of the Treasury, United States – Singapore Joint Statement on Financial Services Data
Connectivity, https://home.treasury.gov/news/press-releases/sm899
29
Monetary Authority of Singapore, Joint Statement of Intent on Data Connectivity between Bangko
Sentral ng Pilipinas and The Monetary Authority of Singapore, https://www.mas.gov.sg/news/media-
releases/2020/joint-statement-of-intent-on-data-connectivity-between-bsp-and-mas
30
WEF (2020) A Roadmap for Cross- Border Data Flows: Future-Proofing Readiness and Cooperation in the
New Data Economy, https://www.weforum.org/whitepapers/a-roadmap-for-crossborder-data-flows-future-
proofing-readiness-and-cooperation-in-the-new-data-economy
31
BCG Salesforce (2020) The Trust Imperative, https://www.salesforce.com/au/form/conf/pov-report/?lea
dcreated=trueredirect=trueDriverCampaignId=7010M000001z0DpQAIFormCampaignId=7010M000
001z0DuQAI
32
WTO (2016) World Trade Report, https://www.wto.org/english/res_e/publications_e/wtr16_e.htm
33
PDPC (2017) Advisory Guidelines on Key Concepts in the PDPA, https://www.pdpc.gov.sg/-/media/Files/
PDPC/PDF-Files/Advisory-Guidelines/the-transfer-limitation-obligation---ch-19-(270717).pdf
34
Microsoft (2019) Strengthening Privacy Regulatory Coherence In Asia, https://www.microsoft.com/cms/
api/am/binary/RE4KiGz
35
Smart Nation Public Sector Data Security Review Committee Report, https://www.smartnation.gov.sg/
docs/default-source/press-release-materials/annexes-to-the-psdsrc-final-report.pdf?sfvrsn=39ff3472_2
36
PDPC (2017) Advisory Guidelines on Key Concepts in the PDPA, https://www.pdpc.gov.sg/-/media/Files/
PDPC/PDF-Files/Advisory-Guidelines/the-transfer-limitation-obligation---ch-19-(270717).pdf
37
ABLI (2020) Comparative Review of Data Transfer Laws and Regulations in Asia, https://app.glueup.com/
resources/protected/organization/895/event/29824/9209bc06-f8e0-4aff-bc53-1f4cc8912d0d.PDF
38
Comparing privacy laws: GDPR v. Singapore’s PDPA, https://www.dataguidance.com/sites/default/files/
gdpr_v_singapore_final.pdf
39
Comparing privacy laws: GDPR v. Singapore’s PDPA, https://www.dataguidance.com/sites/default/files/
gdpr_v_singapore_final.pdf
40
In the GDPR, data controllers must notify supervisory authorities of data breaches. There is currently
no mandatory obligation to notify PDPC and/or affected individuals of data breaches. PDPC’s Guide to
Managing Data Breaches 2.0, issued on 22 May 2019, provides guidelines as to when an organisation is
required to notify the PDPC and/ or affected individuals about a data breach.
41
PDPC (2020) Singapore now recognises APEC CBPR and PRP Certifications Under PDPA, https://www.
pdpc.gov.sg/news-and-events/announcements/2020/06/singapore-now-recognises-apec-cbpr-and-prp-
certifications-under-pdpa
42
APEC (2019) What is the Cross-Border Privacy Rules System? https://www.apec.org/About-Us/About-
APEC/Fact-Sheets/What-is-the-Cross-Border-Privacy-Rules-System
43
MTI Digital Economy Agreements, https://www.mti.gov.sg/Improving-Trade/Digital-Economy-Agreements
44
METI (2020) Joint Statement Initiative on E-commerce: Co-Conveners Update, https://www.meti.go.jp/pre
ss/2020/12/20201215001/20201215001-1.pdf
45
U.S. Department of the Treasury, United States – Singapore Joint Statement on Financial Services Data
Connectivity, https://home.treasury.gov/news/press-releases/sm899
46
Monetary Authority of Singapore, Joint Statement of Intent on Data Connectivity between Bangko
Sentral ng Pilipinas and The Monetary Authority of Singapore, https://www.mas.gov.sg/news/media-
releases/2020/joint-statement-of-intent-on-data-connectivity-between-bsp-and-mas
24