As a follow-up to the earlier paper on "Baseline Technical Measures for Data Privacy IN the Cloud", I'm glad to present the second paper in this data privacy in the cloud series, which focuses on applying the principle-based methodology, with the output on the earlier paper to validate the baseline measures against the newly published Indonesia personal data protection law. The paper is now available at the Asia Cloud Computing Association (ACCA) web site. Like to acknowledge the collaborative supports rendered by Ivy Young and Augustine Tobing of Amazon Web Services in helping to validate the analysis and results discussed in the paper, and ACCA for the review and publication. Below is the abstract of the paper.

Abstract

In our previous work[1], we discuss several limitations in current data privacy management standards and guidelines. Those limitations affect the design and implementation of cloud-based applications to ensure data privacy. To address the limitations, we introduced a principle-based methodology (PBM1) that derives 31 technical measures applicable for achieving the shared objectives of 19 common privacy principles from two privacy frameworks and three privacy laws from Asia Pacific and Europe [2-6]. The 19 principles are grouped into five categories, reflecting their broader, shared goals. 

In this paper, we test the applicability of our principle-based methodology and three primary outputs[1] from [1] beyond those privacy laws and frameworks previously discussed. We focus on Indonesia’s recently enacted Personal Data Protection Law (ID PDPL)[7]. As we aim to help systems designers, architects, and data privacy compliance stakeholders to use our approach effectively, we offer guidance on using the methodology to confirm the baseline technical measures and pinpoint any additional measures that may be needed for cloud data privacy. This helps adapt to current, new, or future industry-specific and national regulations in the various global markets where they operate.

[1] The three primary outputs from 1.       Kang, M.-C., C.-H. Chi, and K.-Y. Lam, Baseline Technical Measures for Data Privacy IN the Cloud, in Thought Leadership. 2023, Asia Cloud Computing Association: https://asiacloudcomputing.org/research/resources/. are (1) the list of 19 common privacy principles, (2) the five categories of shared objectives of the 19 privacy principles, and (3) the 31 baseline technical measures.