The Indonesia Report launch and policy dialogue on “Indonesia’s Strategy for Safeguarding Cross-Border Personal Data Transfers to the United States Without Compromising Sovereignty or Data Protection” took place on 28 October 2025 at Hotel Ashley, Wahid Hasyim, Central Jakarta. The event was organized by LIRNEasia, together with Northbound Strategies (Indonesia), with funding support from the International Development Research Centre (a Crown corporation of the Government of Canada). This timely discussion brought together policymakers, industry leaders, and researchers to examine how Indonesia can enable cross-border data flows while maintaining the principles of digital sovereignty and compliance with the Personal Data Protection (PDP) Law. The event was conducted in both English and Bahasa Indonesia to ensure inclusive participation. The dialogue opened with a keynote address by Alfreno K. 
The Indonesia Report launch and policy dialogue on “Indonesia’s Strategy for Safeguarding Cross-Border Personal Data Transfers to the United States Without Compromising Sovereignty or Data Protection” took place on 28 October 2025 at Hotel Ashley, Wahid Hasyim, Central Jakarta. The event was organized by LIRNEasia, together with Northbound Strategies (Indonesia), with funding support from the International Development Research Centre (a Crown corporation of the Government of Canada). This timely discussion brought together policymakers, industry leaders, and researchers to examine how Indonesia can enable cross-border data flows while maintaining the principles of digital sovereignty and compliance with the Personal Data Protection (PDP) Law. The event was conducted in both English and Bahasa Indonesia to ensure inclusive participation. The dialogue opened with a keynote address by Alfreno K. 
“Untangling Data Governance – Sri Lanka’s Way Forward” was held on 13 November 2024 in Colombo, Sri Lanka. The event formed part of the Harnessing Data for Democratic Development in South and Southeast Asia (D4D Asia) project, with funding support from the International Development Research Centre (IDRC), a Crown corporation of the Government of Canada. 
This report on data governance in Sri Lanka is part of the “Harnessing Data for Democratic Development in South and Southeast Asia” (D4DAsia) project, which aims, inter alia, to create and mobilize new knowledge about the tensions, gaps, and evolution of the data governance ecosystem, taking into account both formal and informal policies and practices. This report is also part of a broader comparative effort that includes case studies from India, Indonesia, Nepal, South Korea, Thailand, and the Philippines. The report provides contextual information about Sri Lanka’s constitutional and governance framework and discusses laws and policies that promote openness or access to data, as well as those that facilitate interoperability or cross-border data transfers. It also examines the opposite; laws, policies, and practices that restrict openness or access to data. The report emphasizes the significance of data governance in shaping Sri Lanka’s digital future. 
In August 2025, the Secretary of the Ministry of Justice and National Integration issued a public notice calling on all stakeholders to submit observations, comments, recommendations, and suggestions on amending the Online Safety Act, No. 09 of 2024, and the proposed amendments gazetted on July 31, 2024. In response, LIRNEasia submitted following comments, drafted by Professor Rohan Samarajiva, Founder and Chair of LIRNEasia. The comments emphasize that the framers of the Act had failed to grasp the unique and novel characteristics of social media, particularly in relation to the viral dissemination of content, limitations on freedom of expression, the vagueness of several offences defined under the Act, and the importance of aligning with existing laws where possible. 
The Forum on Data Governance in the Philippines was held on Friday, September 12, 2025, at Serenade II, Westin Manila. The event highlighted how data can drive development and serve as an effective policy-making instrument for advancing democratic and inclusive governance in the Philippines. The forum was organized by LIRNEasia in collaboration with Disini Law (Philippines) and Digital Freedom Network (Philippines), with funding support from the International Development Research Centre (a Crown corporation of the Government of Canada). It brought together experts from government agencies, academia, and the private sector to share perspectives and experiences on data policymaking and governance frameworks. Discussions centered on two recent publications under the Data for Democratic Development in South and Southeast Asia initiative: the Philippines Country Report and the Regional Synthesis Report. 
This report is part of the “Harnessing Data for Democratic Development in South and Southeast Asia” (D4DAsia) initiative, which critically examines how data governance is evolving across the region, including both formal frameworks and informal norms. In the Philippines, the absence of a comprehensively organized legal or policy framework has resulted in a patchwork of approaches shaped by sector-specific laws, presidential directives, and administrative regulations. In recent decades, policies have emerged in response to growing data use, such as updates to intellectual property laws aligned with international practices and the enactment of personal data protection legislation addressing cross-border data processing. Despite recent developments, the Philippines still lacks a unified data governance framework. The only broad measure is the 2016 presidential ordinance on public access to government data. 
The Forum on Data Governance in Thailand, held on Tuesday, August 5, 2025, at the Sigma Room (6th floor), Pullman King Power Bangkok, brought together experts from government agencies, academia, and private organizations to exchange their knowledge, perspectives, and experiences on data policymaking and the design of data governance systems in Thailand. The forum was hosted by LIRNEasia (an independent think tank working across the Asia Pacific), in collaboration with the Department of International Studies at Hankuk University of Foreign Studies (Republic of Korea), Privacy Thailand, and the Institute of Public Policy Studies (IPPS), Thailand. Funding support was provided by the International Development Research Centre (a Crown Corporation of the Government of Canada). The Forum explored the inherent tensions that arise in governing data in light of competing interests and policy objectives – that of collecting, storing, using and sharing data to support development and growth objectives, and of protecting privacy and other human rights that are vital but can be violated through the release of data. LIRNEasia and affiliated researchers explored such tensions as well as the practical ways these tensions are resolved across seven countries – Thailand, India, Indonesia, Sri Lanka, Nepal, Pakistan and the Philippines. 
This report is part of the “Harnessing Data for Democratic Development in South and Southeast Asia” (D4DAsia) initiative. The project seeks to critically examine how data governance is evolving across the region, with attention to both formal frameworks and informal norms. In the case of Thailand, this means analysing how state, corporate, and civil society actors shape the production, access, and use of data in ways that either enable or constrain democratic values. Thailand stands at a pivotal moment in its digital transformation journey, where the governance of data is increasingly central to questions of rights, development, and democratic accountability. As data becomes ever more embedded in public services, commerce, and civic life, the structures that govern its use, such as laws, policies, practices and technologies, have profound implications for inclusive and equitable development. 
This report is part of the Data for Development project which aims, inter alia, to create and mobilize new knowledge about tensions, gaps, and the evolution of the data governance ecosystem taking into account formal and informal policies and practices. This regional synthesis report explores the intricate web of data governance systems and their potential to contribute to more democratic and inclusive societies. It examines the tensions that arise between various data-related policies, such as personal data protection, competition law, open data initiatives, cybersecurity measures, and AI and innovation strategies. While developed countries may have mechanisms to address these conflicts, many nations in South and Southeast Asia face significant hurdles in creating and implementing effective data governance frameworks. The report seeks to uncover the unique challenges faced by countries in the region, including opaque policy-making processes, limited stakeholder participation, and policies that may not always align with local contexts or implementation capacities. 
Aslam Hayat (Senior Policy Fellow LIRNEasia, Country Researcher for Pakistan), and Pranesh Prakash (Policy Fellow LIRNEasia, Co-Principal Investigator), drew on research carried out under LIRNEasia’s ‘Harnessing Data for Democratic Development in South and Southeast Asia’ project to discuss aspects of data governance in Pakistan and other countries. This was part of a forum hosted by the Sustainable Development Policy Institute (SDPI) in Pakistan, under the theme, “Public-Private Dialogue (PPD) on Data Governance in Pakistan.” The forum brought together key voices from government, academia, civil society, and the private sector in Pakistan, and was held on 23 April 2025. Aslam Hayat highlighted key findings from the research carried out in Pakistan, outlining the data governance framework in the country, identifying policy gaps and good practices. Pranesh Prakash gave an overview of the research carried out by the Harnessing Data for Democratic Development project, and discussed concepts related to data governance, privacy, and open standards. 
Now that the fate of the “online safety” bill is in the hands of the many petitioners (45) and the three-judge bench that is looking at its constitutionality, we can look at the big picture of what the government is trying to do with this draconian legislation. It appears that even the committee that was formed in 2021 to advise on it has distanced itself from the final text. LIRNEasia Chair, Rohan Samarajiva gave a talk on this at the CMR-Nepal Journalism Academy in Kathmandu on 19 October 2023. The slides can be viewed below.
On May 23rd 2019, the Government of Sri Lanka posted the Draft Cyber Security Bill on the SL CERT website and invited public comments/input. LIRNEasia submitted comments in response to the SL CERT’s request. Our written comments submitted on 5th June 2019 are available through the link below Comments on the Cyber Security Bill – Sri Lanka 2019 Subsequently in August 2023, the Government of Sri Lanka posted an updated version of the Cyber Security Bill and invited public comments. LIRNEasia once again submitted written comments on 18th August 2023, which can be accessed here. Comments on the Cyber Security Bill – Sri Lanka 2023 The report below analyses the extent to which the input submitted by LIRNEasia in 2019 has been taken into account in the updated (August 2023) version of the proposed Bill
LIRNEasia submitted a response to the Ministry of Technology’s invitation to comment on the Cyber Security Bill uploaded to the website of Sri Lanka CERT in August 2023 (www.cert.gov.lk). The submission addresses specific concerns related to the requirement for accreditation of Cyber Security service providers, the composition of the Cyber Security Regulatory Authority and the definition of the term Critical National Information Infrastructure.
This report is to evaluate the impact of interventions (written comments on the draft bill during the stakeholder consultation) by LIRNEasia on the Personal Data Protection Act, No. 9 of 2022, which was passed by the Parliament of Sri Lanka on 9th of March 2022. The report also provides details of media coverage of LIRNEasia interventions on the Act.
LIRNEasia comments on the proposed Cyber Security Bill for Sri Lanka - 2019