This report on data protection in South Korea is part of the “Harnessing Data for Democratic Development in South and Southeast Asia” (D4DAsia) project, which aims, inter alia, to create and mobilize new knowledge about the tensions, gaps, and evolution of the data governance ecosystem, taking into account both formal and informal policies and practices. This report presents a focused case study of South Korea’s evolving data protection framework and its efforts to balance strong privacy protections with data-driven innovation 
This report on data protection in South Korea is part of the “Harnessing Data for Democratic Development in South and Southeast Asia” (D4DAsia) project, which aims, inter alia, to create and mobilize new knowledge about the tensions, gaps, and evolution of the data governance ecosystem, taking into account both formal and informal policies and practices. This report presents a focused case study of South Korea’s evolving data protection framework and its efforts to balance strong privacy protections with data-driven innovation 
This report on data governance in Nepal is part of the “Harnessing Data for Democratic Development in South and Southeast Asia” (D4DAsia) project, which aims, inter alia, to create and mobilize new knowledge about the tensions, gaps, and evolution of the data governance ecosystem, taking into account both formal and informal policies and practices. The report provides an overview of Nepal’s constitutional and governance framework and examines the laws, policies, and institutional arrangements that shape the collection, processing, storage, access, and sharing of data. 
This report on data governance in India is part of the “Harnessing Data for Democratic Development in South and Southeast Asia” (D4DAsia) project, which aims, inter alia, to create and mobilize new knowledge about the tensions, gaps, and evolution of the data governance ecosystem, taking into account both formal and informal policies and practices. The report provides an overview of India’s constitutional and governance framework and examines the laws and policies that shape the collection, processing, storage, access, and sharing of data. 
This report on data governance in Pakistan is part of the “Harnessing Data for Democratic Development in South and Southeast Asia” (D4DAsia) project, which aims, inter alia, to create and mobilize new knowledge about the tensions, gaps, and evolution of the data governance ecosystem, taking into account both formal and informal policies and practices. This report is also part of a broader comparative effort that includes case studies from India, Indonesia, Nepal, South Korea, Thailand, and the Philippines. The report provides an overview of Pakistan’s constitutional and governance framework and analyses the laws and policies that structure the collection, processing, storage, and sharing of data. The report also undertakes a detailed examination of key legislative instruments, including the draft Personal Data Protection Bill and the Right of Access to Information Act, assessing both their strengths and shortcomings. It explores institutional capacity constraints, fragmentation across regulatory frameworks, and procedural gaps in policy development that affect coherence and implementation. 
As societies become increasingly reliant on digital systems, safeguarding information infrastructure is paramount for economic stability, public safety, and national security. LIRNEasia has been closely analysing Sri Lanka’s evolving cybersecurity policy landscape and was recently invited to participate in a closed-door dialogue between diplomats and policymakers to evaluate the country’s cybersecurity policy. This blog post distils the key high-level takeaways from that discussion. It reviews Sri Lanka’s current cybersecurity landscape, highlights relevant international good practices, and proposes four policy considerations for strengthening the country’s cybersecurity framework. 
The 26th Meeting of the South Asian Telecommunications Regulators’ Council (SATRC-26) was held from 5–7 November 2025 in Islamabad, Pakistan. Muhammad Aslam Hayat, Senior Policy Fellow at LIRNEasia and Pakistan country researcher, presented key findings from the Harnessing Data for Democratic Development in South and Southeast Asia (D4D Asia) project during the session on “Sharing Best Practices and Regulatory Experiences by SATRC Members and Industry.” 
The Indonesia Report launch and policy dialogue on “Indonesia’s Strategy for Safeguarding Cross-Border Personal Data Transfers to the United States Without Compromising Sovereignty or Data Protection” took place on 28 October 2025 at Hotel Ashley, Wahid Hasyim, Central Jakarta. The event was organized by LIRNEasia, together with Northbound Strategies (Indonesia), with funding support from the International Development Research Centre (a Crown corporation of the Government of Canada). This timely discussion brought together policymakers, industry leaders, and researchers to examine how Indonesia can enable cross-border data flows while maintaining the principles of digital sovereignty and compliance with the Personal Data Protection (PDP) Law. The event was conducted in both English and Bahasa Indonesia to ensure inclusive participation. The dialogue opened with a keynote address by Alfreno K. 
“Untangling Data Governance – Sri Lanka’s Way Forward” was held on 13 November 2024 in Colombo, Sri Lanka. The event formed part of the Harnessing Data for Democratic Development in South and Southeast Asia (D4D Asia) project, with funding support from the International Development Research Centre (IDRC), a Crown corporation of the Government of Canada. 
This report on data governance in Sri Lanka is part of the “Harnessing Data for Democratic Development in South and Southeast Asia” (D4DAsia) project, which aims, inter alia, to create and mobilize new knowledge about the tensions, gaps, and evolution of the data governance ecosystem, taking into account both formal and informal policies and practices. This report is also part of a broader comparative effort that includes case studies from India, Indonesia, Nepal, South Korea, Thailand, and the Philippines. The report provides contextual information about Sri Lanka’s constitutional and governance framework and discusses laws and policies that promote openness or access to data, as well as those that facilitate interoperability or cross-border data transfers. It also examines the opposite; laws, policies, and practices that restrict openness or access to data. The report emphasizes the significance of data governance in shaping Sri Lanka’s digital future. 
This report on data governance in Indonesia is part of the “Harnessing Data for Democratic Development in South and Southeast Asia” (D4DAsia) project, which aims, inter alia, to create and mobilize new knowledge about the tensions, gaps, and evolution of the data governance ecosystem, taking into account both formal and informal policies and practices. Indonesia’s data governance system has developed significantly over the past two decades, evolving from fragmented initiatives across ministries into a more coordinated national framework that emphasizes transparency, interoperability, and digital transformation. The foundation lies in the 1945 Constitution, which guarantees citizens the right to obtain information and the protection of personal data. These constitutional principles have been operationalized through a series of laws and regulations introduced since the Reformasi era following 1998. This study examines how the overall governance environment shapes Indonesia’s approach to data openness, privacy, and access, balancing constitutional guarantees, executive authority, judicial oversight, and sectoral regulation in the broader quest to develop a trusted, rights-based, and innovation-friendly data ecosystem. 
In August 2025, the Secretary of the Ministry of Justice and National Integration issued a public notice calling on all stakeholders to submit observations, comments, recommendations, and suggestions on amending the Online Safety Act, No. 09 of 2024, and the proposed amendments gazetted on July 31, 2024. In response, LIRNEasia submitted following comments, drafted by Professor Rohan Samarajiva, Founder and Chair of LIRNEasia. The comments emphasize that the framers of the Act had failed to grasp the unique and novel characteristics of social media, particularly in relation to the viral dissemination of content, limitations on freedom of expression, the vagueness of several offences defined under the Act, and the importance of aligning with existing laws where possible. 
The Forum on Data Governance in the Philippines was held on Friday, September 12, 2025, at Serenade II, Westin Manila. The event highlighted how data can drive development and serve as an effective policy-making instrument for advancing democratic and inclusive governance in the Philippines. The forum was organized by LIRNEasia in collaboration with Disini Law (Philippines) and Digital Freedom Network (Philippines), with funding support from the International Development Research Centre (a Crown corporation of the Government of Canada). It brought together experts from government agencies, academia, and the private sector to share perspectives and experiences on data policymaking and governance frameworks. Discussions centered on two recent publications under the Data for Democratic Development in South and Southeast Asia initiative: the Philippines Country Report and the Regional Synthesis Report. 
This report is part of the “Harnessing Data for Democratic Development in South and Southeast Asia” (D4DAsia) initiative, which critically examines how data governance is evolving across the region, including both formal frameworks and informal norms. In the Philippines, the absence of a comprehensively organized legal or policy framework has resulted in a patchwork of approaches shaped by sector-specific laws, presidential directives, and administrative regulations. In recent decades, policies have emerged in response to growing data use, such as updates to intellectual property laws aligned with international practices and the enactment of personal data protection legislation addressing cross-border data processing. Despite recent developments, the Philippines still lacks a unified data governance framework. The only broad measure is the 2016 presidential ordinance on public access to government data. 
The Forum on Data Governance in Thailand, held on Tuesday, August 5, 2025, at the Sigma Room (6th floor), Pullman King Power Bangkok, brought together experts from government agencies, academia, and private organizations to exchange their knowledge, perspectives, and experiences on data policymaking and the design of data governance systems in Thailand. The forum was hosted by LIRNEasia (an independent think tank working across the Asia Pacific), in collaboration with the Department of International Studies at Hankuk University of Foreign Studies (Republic of Korea), Privacy Thailand, and the Institute of Public Policy Studies (IPPS), Thailand. Funding support was provided by the International Development Research Centre (a Crown Corporation of the Government of Canada). The Forum explored the inherent tensions that arise in governing data in light of competing interests and policy objectives – that of collecting, storing, using and sharing data to support development and growth objectives, and of protecting privacy and other human rights that are vital but can be violated through the release of data. LIRNEasia and affiliated researchers explored such tensions as well as the practical ways these tensions are resolved across seven countries – Thailand, India, Indonesia, Sri Lanka, Nepal, Pakistan and the Philippines. 
This report is part of the “Harnessing Data for Democratic Development in South and Southeast Asia” (D4DAsia) initiative. The project seeks to critically examine how data governance is evolving across the region, with attention to both formal frameworks and informal norms. In the case of Thailand, this means analysing how state, corporate, and civil society actors shape the production, access, and use of data in ways that either enable or constrain democratic values. Thailand stands at a pivotal moment in its digital transformation journey, where the governance of data is increasingly central to questions of rights, development, and democratic accountability. As data becomes ever more embedded in public services, commerce, and civic life, the structures that govern its use, such as laws, policies, practices and technologies, have profound implications for inclusive and equitable development. 
This report is part of the Data for Development project which aims, inter alia, to create and mobilize new knowledge about tensions, gaps, and the evolution of the data governance ecosystem taking into account formal and informal policies and practices. This regional synthesis report explores the intricate web of data governance systems and their potential to contribute to more democratic and inclusive societies. It examines the tensions that arise between various data-related policies, such as personal data protection, competition law, open data initiatives, cybersecurity measures, and AI and innovation strategies. While developed countries may have mechanisms to address these conflicts, many nations in South and Southeast Asia face significant hurdles in creating and implementing effective data governance frameworks. The report seeks to uncover the unique challenges faced by countries in the region, including opaque policy-making processes, limited stakeholder participation, and policies that may not always align with local contexts or implementation capacities.