This report is part of the “Harnessing Data for Democratic Development in South and Southeast Asia” (D4DAsia) initiative, which critically examines how data governance is evolving across the region, including both formal frameworks and informal norms. In the Philippines, the absence of a comprehensively organized legal or policy framework has resulted in a patchwork of approaches shaped by sector-specific laws, presidential directives, and administrative regulations. In recent decades, policies have emerged in response to growing data use, such as updates to intellectual property laws aligned with international practices and the enactment of personal data protection legislation addressing cross-border data processing. Despite recent developments, the Philippines still lacks a unified data governance framework. The only broad measure is the 2016 presidential ordinance on public access to government data. 
This report is part of the “Harnessing Data for Democratic Development in South and Southeast Asia” (D4DAsia) initiative, which critically examines how data governance is evolving across the region, including both formal frameworks and informal norms. In the Philippines, the absence of a comprehensively organized legal or policy framework has resulted in a patchwork of approaches shaped by sector-specific laws, presidential directives, and administrative regulations. In recent decades, policies have emerged in response to growing data use, such as updates to intellectual property laws aligned with international practices and the enactment of personal data protection legislation addressing cross-border data processing. Despite recent developments, the Philippines still lacks a unified data governance framework. The only broad measure is the 2016 presidential ordinance on public access to government data. 
The Forum on Data Governance in Thailand, held on Tuesday, August 5, 2025, at the Sigma Room (6th floor), Pullman King Power Bangkok, brought together experts from government agencies, academia, and private organizations to exchange their knowledge, perspectives, and experiences on data policymaking and the design of data governance systems in Thailand. The forum was hosted by LIRNEasia (an independent think tank working across the Asia Pacific), in collaboration with the Department of International Studies at Hankuk University of Foreign Studies (Republic of Korea), Privacy Thailand, and the Institute of Public Policy Studies (IPPS), Thailand. Funding support was provided by the International Development Research Centre (a Crown Corporation of the Government of Canada). The Forum explored the inherent tensions that arise in governing data in light of competing interests and policy objectives – that of collecting, storing, using and sharing data to support development and growth objectives, and of protecting privacy and other human rights that are vital but can be violated through the release of data. LIRNEasia and affiliated researchers explored such tensions as well as the practical ways these tensions are resolved across seven countries – Thailand, India, Indonesia, Sri Lanka, Nepal, Pakistan and the Philippines. 
This report is part of the “Harnessing Data for Democratic Development in South and Southeast Asia” (D4DAsia) initiative. The project seeks to critically examine how data governance is evolving across the region, with attention to both formal frameworks and informal norms. In the case of Thailand, this means analysing how state, corporate, and civil society actors shape the production, access, and use of data in ways that either enable or constrain democratic values. Thailand stands at a pivotal moment in its digital transformation journey, where the governance of data is increasingly central to questions of rights, development, and democratic accountability. As data becomes ever more embedded in public services, commerce, and civic life, the structures that govern its use, such as laws, policies, practices and technologies, have profound implications for inclusive and equitable development. 
This report is part of the Data for Development project which aims, inter alia, to create and mobilize new knowledge about tensions, gaps, and the evolution of the data governance ecosystem taking into account formal and informal policies and practices. This regional synthesis report explores the intricate web of data governance systems and their potential to contribute to more democratic and inclusive societies. It examines the tensions that arise between various data-related policies, such as personal data protection, competition law, open data initiatives, cybersecurity measures, and AI and innovation strategies. While developed countries may have mechanisms to address these conflicts, many nations in South and Southeast Asia face significant hurdles in creating and implementing effective data governance frameworks. The report seeks to uncover the unique challenges faced by countries in the region, including opaque policy-making processes, limited stakeholder participation, and policies that may not always align with local contexts or implementation capacities. 
Aslam Hayat (Senior Policy Fellow LIRNEasia, Country Researcher for Pakistan), and Pranesh Prakash (Policy Fellow LIRNEasia, Co-Principal Investigator), drew on research carried out under LIRNEasia’s ‘Harnessing Data for Democratic Development in South and Southeast Asia’ project to discuss aspects of data governance in Pakistan and other countries. This was part of a forum hosted by the Sustainable Development Policy Institute (SDPI) in Pakistan, under the theme, “Public-Private Dialogue (PPD) on Data Governance in Pakistan.” The forum brought together key voices from government, academia, civil society, and the private sector in Pakistan, and was held on 23 April 2025. Aslam Hayat highlighted key findings from the research carried out in Pakistan, outlining the data governance framework in the country, identifying policy gaps and good practices. Pranesh Prakash gave an overview of the research carried out by the Harnessing Data for Democratic Development project, and discussed concepts related to data governance, privacy, and open standards. 
LIRNEasia participated in RightsCon 2025, the world’s largest gathering of digital rights leaders, held in Taipei and online from February 24 to 27, 2025. The event brought together business leaders, policymakers, human rights advocates, technologists, and academics to address the intersection of human rights and technology. As digital landscapes evolve, discussions at RightsCon focused on pressing issues such as data governance, AI regulation, and the future of work—topics that LIRNEasia’s CEO Helani Galpaya, and our Data, Algorithm, and Policy Team Lead Merl Chandana tackled in their panel contributions. Their insights highlighted the challenges facing the Global South and provided actionable strategies for policy and regulatory frameworks. “Information Ecosystems and Troubled Democracy: What Global Research Tells Us” CEO Helani Galpaya participated in two panels. 
සම්පූර්ණයෙන්ම ඩිජිටල්කරණය කරන ලද රජයේ ගෙවීම් පද්ධතියක් රජය, බදු ගෙවන්නන්, සහ බැංකු වැනි මූල්ය ආයතන ඇතුළු සැමට ජයග්රහණයක් වන්නේ මන්දැයි LIRNEasia සභාපති මහාචාර්ය රොහාන් සමරජීව මහතා The Leaderහි පළවූ ඔහුගේ නවතම සිංහල ලිපියේ පැහැදිලි කර ඇත. සම්පූර්ණ ලිපිය කියවන්න. The article has been published under Prof. Samarajiva’s column in the Daily Mirror in English. You can read the English version as well if you prefer. 
In an insightful 50-minute discussion, Principal Presidential Advisor on Digital Economy Dr. Hans Wijayasuriya sat down with LIRNEasia Chair Prof. Rohan Samarajiva to share his insights on the key priorities and challenges in shaping the nation’s digital transformation. From bridging the country’s digital skills gap and fostering a thriving innovation ecosystem to implementing effective policy reforms, the conversation explores the steps needed to propel Sri Lanka into a competitive position on the global digital stage. Both experts bring a wealth of experience in technology, telecom, and policy, offering a thought-provoking dialogue on what it takes to drive meaningful change. 
Artificial intelligence (AI) offers significant potential to enhance public services and drive innovation within Sri Lanka’s public sector. At the AI Asia Summit 2024 in Colombo, Merl Chandana, Research Manager and head of the Data, Algorithms, and Policy (DAP) team at LIRNEasia, shared insights on how the government can harness AI effectively and responsibly. Speaking on a panel titled “AI for National Economic Growth and Innovation: enhancing services and driving efficiency,” Merl outlined key considerations for adopting AI in ways that truly benefit citizens. Practical steps for AI adoption in public services Merl emphasized that while AI offers vast possibilities, public sector adoption must be both strategic and phased. After highlighting a few ongoing AI pilot initiatives in Sri Lanka’s public sector, he noted that these projects often begin with a strong data foundation and empowered decision-makers with deep expertise in their fields. 
With the digital world becoming increasingly intertwined with our daily lives, from studying and working to shopping, the digital economy has seen significant growth. In the global digital landscape, data often flows across borders for various transactions, meaning that data generated in one country may be stored and processed in another. This movement of data across international borders isn’t just a technical matter—it’s a major driver of economic development, innovation, international trade, and social progress. However, these cross-border data flows have raised concerns about privacy, security, and data protection. One major worry is data localisation rules, which insist on keeping data within a country’s borders. 
In a significant move towards modernising archival governance and promoting data accessibility, a committee appointed by the Ministry of Buddhasasana, Religious, and Cultural Affairs, has been working on revising the National Archives Law No. 48 of 1973. Chaired by Nigel Nugawela, Archivist, the committee includes experts such as LIRNEasia Chair Prof. Rohan Samarajiva — who is also a former Chairman of the Information and Communication Technology Agency (ICTA). The draft text, which will act as the basis for a National Archives and Records Management Bill, was presented to the subject Minister Vidura Wickremanayake last week. 
In the ever-evolving landscape of data-driven progress, the promise of harnessing private sector data to achieve Sustainable Development Goals (SDGs) is crucial. However, it has become evident that the road to effective public-private data partnerships in the Global South is laden with challenges. LIRNEasia together with CEPEI recently held a roundtable discussion at the 18th International Governance Forum (IGF) in Kyoto, Japan, on October 9, 2023 with the participation of a diverse panel of stakeholders from Africa, Asia, Latin America, the Caribbean, and the Middle East, who discussed many areas, including the private sector’s role in the data revolution, policy and practical challenges, and methods to overcome them. The session was moderated by LIRNEasia CEO, Helani Galpaya. The panelists included: 1. 
Get ready to be immersed in the forefront of digital discourse as the 18th annual Internet Governance Forum (IGF) 2023 unfolds in Kyoto, Japan from 8 to 12 October, under the theme The Internet We Want – Empowering All People. LIRNEasia will host two sessions featuring experts from the Global South, along with LIRNEasia CEO, Helani Galpaya, Senior Research Manager, Gayani Hurulle, and Senior Researcher, Isuru Samaratunga. Helani will participate at two additional sessions. Here’s a sneak peek at the sessions; scroll down to find out how to register to attend in person or online. 1: Public-Private Data Partnerships in the Global South (Session #308) Zoom registration link (IGF 2023 Room 3) Session page This round table discussion will explore how the private sector is contributing to the data revolution toward achieving the SDGs, and the key policy and practice challenges faced by stakeholders in attempting to build data partnerships in this regard. 
A new Draft Bill on Online Safety was recently published in the Gazette of 15th September (issued on 19th September). As stated, the objectives of the Bill are to ‘to establish an online Safety Commission; to make provisions to prohibit online communication of certain statements of fact in Sri Lanka; prevent the use of online accounts and inauthentic online accounts for prohibited purposes; make provisions to identify and declare online locations used for prohibited purposes in Sri Lanka; and to suppress the financing and other support of communication of false statements of fact.’ Many provisions of the new Bill appear to be modelled on Singapore’s Protection from Online Falsehoods and Manipulation Act (POFMA). However, there are significant differences. In the following sections we highlight some of the differences, based on an initial reading of the two documents.
On May 23rd 2019, the Government of Sri Lanka posted the Draft Cyber Security Bill on the SL CERT website and invited public comments/input. LIRNEasia submitted comments in response to the SL CERT’s request. Our written comments submitted on 5th June 2019 are available through the link below Comments on the Cyber Security Bill – Sri Lanka 2019 Subsequently in August 2023, the Government of Sri Lanka posted an updated version of the Cyber Security Bill and invited public comments. LIRNEasia once again submitted written comments on 18th August 2023, which can be accessed here. Comments on the Cyber Security Bill – Sri Lanka 2023 The report below analyses the extent to which the input submitted by LIRNEasia in 2019 has been taken into account in the updated (August 2023) version of the proposed Bill
LIRNEasia submitted a response to the Ministry of Technology’s invitation to comment on the Cyber Security Bill uploaded to the website of Sri Lanka CERT in August 2023 (www.cert.gov.lk). The submission addresses specific concerns related to the requirement for accreditation of Cyber Security service providers, the composition of the Cyber Security Regulatory Authority and the definition of the term Critical National Information Infrastructure.