On 15 October 2025, the Asian Development Bank’s Serendipity Knowledge Program (SKOP) hosted a high-level event on Digital Transformation, Cybersecurity, and Data Protection for Digital Economy Development in Sri Lanka. Professor Rohan Samarajiva, Chair of LIRNEasia, participated as a panelist in the discussion on the need for a security-first and privacy-respecting culture from schools to workplaces, including government institutions. The other panelists were Shariffah Rashidah binti Syed Othman (Commissioner of Personal Data Protection, Department of Personal Data Protection, Ministry of Digital, Malaysia), Rajeeva Bandaranaike (Chairman, Data Protection Agency, Sri Lanka), and Avanthi Colombage (Country Manager, Visa Sri Lanka). The panel, moderated by Antonio Zaballos (Director of the Digital Sector at ADB), explored challenges, opportunities, and priorities in creating a resilient digital economy. The SKOP event provided a platform to share international best practices and innovative solutions, advancing dialogue on a secure and trusted digital economy in Sri Lanka. 
On 15 October 2025, the Asian Development Bank’s Serendipity Knowledge Program (SKOP) hosted a high-level event on Digital Transformation, Cybersecurity, and Data Protection for Digital Economy Development in Sri Lanka. Professor Rohan Samarajiva, Chair of LIRNEasia, participated as a panelist in the discussion on the need for a security-first and privacy-respecting culture from schools to workplaces, including government institutions. The other panelists were Shariffah Rashidah binti Syed Othman (Commissioner of Personal Data Protection, Department of Personal Data Protection, Ministry of Digital, Malaysia), Rajeeva Bandaranaike (Chairman, Data Protection Agency, Sri Lanka), and Avanthi Colombage (Country Manager, Visa Sri Lanka). The panel, moderated by Antonio Zaballos (Director of the Digital Sector at ADB), explored challenges, opportunities, and priorities in creating a resilient digital economy. The SKOP event provided a platform to share international best practices and innovative solutions, advancing dialogue on a secure and trusted digital economy in Sri Lanka. 
The Forum on Data Governance in the Philippines was held on Friday, September 12, 2025, at Serenade II, Westin Manila. The event highlighted how data can drive development and serve as an effective policy-making instrument for advancing democratic and inclusive governance in the Philippines. The forum was organized by LIRNEasia in collaboration with Disini Law (Philippines) and Digital Freedom Network (Philippines), with funding support from the International Development Research Centre (a Crown corporation of the Government of Canada). It brought together experts from government agencies, academia, and the private sector to share perspectives and experiences on data policymaking and governance frameworks. Discussions centered on two recent publications under the Data for Democratic Development in South and Southeast Asia initiative: the Philippines Country Report and the Regional Synthesis Report. 
The Forum on Data Governance in Thailand, held on Tuesday, August 5, 2025, at the Sigma Room (6th floor), Pullman King Power Bangkok, brought together experts from government agencies, academia, and private organizations to exchange their knowledge, perspectives, and experiences on data policymaking and the design of data governance systems in Thailand. The forum was hosted by LIRNEasia (an independent think tank working across the Asia Pacific), in collaboration with the Department of International Studies at Hankuk University of Foreign Studies (Republic of Korea), Privacy Thailand, and the Institute of Public Policy Studies (IPPS), Thailand. Funding support was provided by the International Development Research Centre (a Crown Corporation of the Government of Canada). The Forum explored the inherent tensions that arise in governing data in light of competing interests and policy objectives – that of collecting, storing, using and sharing data to support development and growth objectives, and of protecting privacy and other human rights that are vital but can be violated through the release of data. LIRNEasia and affiliated researchers explored such tensions as well as the practical ways these tensions are resolved across seven countries – Thailand, India, Indonesia, Sri Lanka, Nepal, Pakistan and the Philippines. 
The ‘Harnessing Data for Democratic Development in South and Southeast Asia’ project currently being implemented by LIRNEasia is focused on data policy ecosystems in South and Southeast Asia taking into account both formal and informal policy and practice. The project also aims to expend the community of practice of Asian Data for Development practitioners and enhance the capacity of actors to participate in policy making processes and evidence-based policy influence related to data. Data governance ecosystems are made up of policies, laws, practices, behaviours and technologies that govern data. Ideally, a data governance system protects rights, enables innovation, improves transparency, and ultimately brings about democratic, inclusive governance. There are many existing and new such policies, laws and practices and tensions can arise when balancing conflicting needs.
Key considerations and recommendations for public health officials in developing wearable contact tracing solutions during COVID-19
I find myself a little defensive when I bring up the needs to access data quickly for policy-relevant research in gatherings dominated by fans of GDPR. Does not stop me, but I keep wondering what they think of me. But reading Siddhartha Mukherjee, a doctor deeply engaged in the fight against COVID-19 makes me feel much better.the System designers and lawyers have forgotten the original purpose of healthcare records: to help cure the patient. Finally, we need to acknowledge that our E.
A research paper exploring an alternative approach to address the concern of privacy in sharing big data datasets by generating privacy-preserving artificial call detail records (CDRs) in accordance with the desired macro features of the dataset.
The draft National Digital Policy proposes a target of 70% of internet users by 2025, an undeniably ambitious target. The target – pulled out of thin air as though it may seem – is actually based on a time series forecast using ITU statistics from 2000-2017. The forecast was computed using a statistical software called Tableau, which considers exponential smoothing and seasonality. The lower and upper levels were based on 95% confidence intervals. The chart below shows that the upper limit that can be achieved is 74% by 2025 if accelerated efforts are made to drive internet adoption and smartphone use in Sri Lanka.
Helani Galpaya was one of the keynote speakers at a GIZ-organized event in Berlin, Germany on the 14th of June 2018.
Much of the discussion on privacy is premised on the implicit imposition of a private-property model on data or information that is subject to control/consent. This could have worked when all we were dealing with were relatively simple data like a social security number or an address. But the really interesting data are transaction-generated data (TGD). These necessarily involve more than one person. How can I give or not give consent to the use of my TGD, when multiple entities have been involved in its production?
Privacy is a subjective thing. Some of it is from the inside of the individual; some is social. It’s not immutable. It’s not the same across societies. Now after Yudhanjaya’s reflection on the Chinese social credit system, we are more interested than ever in what is going on in China.
I have been a fan of Daniel Solove’s approach to privacy, where he foregrounds actual harms suffered by individuals rather than derive remedies from abstract principles. I have often said that the informed-consent model is of zero value when people find that their personally identifiable information stored by an organization has been stolen. The US Federal Trade Commission has called for comments on informational harms or injuries. I am tempted to respond. Would if there were 28 hours in a day.
Governments should not be flying blind. Now the tools of big data are available to reduce their ignorance. But we will not be able to use big data effectively if the narrative is dominated by utopian hype and dystopian scare mongering. For that we need effective, fit-for-purpose public public policy and regulation for big data (including algorithms), not remnants of 1970s thinking such as informed consent and strict purpose specification. For example, the above shibboleths do not provide any remedy for the real harms of lack of security of data storage.
Linnet Taylor correctly points out that US case law does not have applicability outside the US. However, the third-party doctrine set out in the Smith v Maryland case differentiated between transaction-generated data on a telecom network and the content of what was communicated. Now there’s likely to be a different governing precedent, for those under US law: The Supreme Court agreed on Monday to decide whether the government needs a warrant to obtain information from cellphone companies showing their customers’ locations. The Supreme Court has limited the government’s ability to use GPS devices to track suspects’ movements, and it has required a warrant to search cellphones. The new case, Carpenter v.
The second panel was on digital rights and multistakeholderism. I did not think there can be much debate about a Rorschach inkblot so I devoted only one slide to it and made some passing comments, which still managed to elicit some response from the people who live under the protection of the concept. Digital rights was where the robust exchange occurred. Not because of the relatively uncontroversial issue of governments being prevented from arbitrarily shutting down the Internet and the underlying telecom networks that I proposed. But it was because one of the panelists proposed the wholesale importation of the European data protection regime and rights such as the “right to be forgotten.
I’ve been working on privacy since 1991. I guess when one has been engaged with a subject deeply, one escapes the bubble effect: that of believing that one particular issue/value is paramount. But I interact with many people now, who seem to think that privacy is a paramount value even if some of the “safeguards” they want to put in place would basically make it impossible to use big data for the public good. Humans understand through analogical reasoning. So perhaps understanding about what we want to do with big data for the public good can be understood by this analogy with medical research using leftover materials from medical procedures?