The Waikato Data Privacy Matrix

Abstract

Data privacy is an expected right of most citizens around the world, but there are many legislative challenges within boundary-less cloud computing and World Wide Web environments. Despite its importance, there is limited research around data privacy law gaps and alignment; the legal side of the security ecosystem seems to be in a constant effort to catch-up. There are recent issues showing a lack of alignment that caused some confusion. An example of this is the `right to be forgotten' case in 2014 that involved a Spanish man and Google Spain. He requested the removal of a link to an article about an auction of his foreclosed home, for a debt that he had subsequently paid. However, misalignment of data privacy laws caused further complications to the case. This thesis introduces the Waikato Data Privacy Matrix, our global project for alignment of data privacy laws, by focusing on Asia Pacific data privacy laws and its relationships with the European Union and the United States. While much alignment work is already done for the European Union and United States, there is a lack of research on Asia Pacific alignment within its region and across other regions. The Waikato Data Privacy Matrix also suggests potential solutions to address some of the issues that may occur when a breach of data privacy occurs, in order to ensure an individual has their data privacy protected across the boundaries within the Web. With the increase in data processing and storage across different jurisdictions and regions (e.g. cloud computing services with servers in several countries), the Waikato Data Privacy Matrix empowers businesses using or providing cloud services to understand the different data privacy requirements across the globe - paving the way for increased cloud adoption and usage.