With the publication of ASEAN Digital Master Plan 2025 (ADM 2025), the member states of the Association of Southeast Asian Nations (ASEAN) have made efforts to promote the digitization of the region. In this process of digital transformation, data is essential because each interaction in the digital world it produces and depends on data.
Realizing the importance of data, Southeast Asian countries have stepped up their efforts to develop their own data governance strategies. For example, Thailand, SingaporeY Indonesia have enacted comprehensive data protection legislation. Vietnam it also aims to reveal its full data privacy law by 2024.
However, even though digitization works with data flows, several ASEAN member states have increasingly restricted cross-border data flows and even enacted data localization requirements. For example, Vietnam requires foreign technology and telecommunications companies to store user data domestically. In addition to requiring that all public sector data be stored in Indonesia, Indonesia it also requires the localization of data in certain sectors, such as the financial sector. Despite Thailand and the Philippines have not explicitly addressed data localization, a broader interpretation of their data privacy laws may allow data localization to be covered. Cambodia It is also reportedly about to issue data localization requirements soon.
This article points out that the spread of data localization regulations among Southeast Asian countries is mainly due to their common concerns about national security and digital sovereignty. Restrictions on cross-border data flows may not necessarily impede the digitization process; rather, they could be a double-edged sword for the region.
Although the data protection efforts of Many Southeast Asian countries resemble the European Union’s General Data Protection Regulation (GDPR), their reasons for imposing restrictions on international data transfers differ from those of the EU. the EU treats data privacy as an essential part of human rights and restricts cross-border data transfers on this basis. Unlike the EU, Southeast Asian countries view the data through the lens of statehood rather than the perspective of individual rights. They argue that the right to control and maintain data generated in their countries and owned by their citizens is crucial to national security and state sovereignty.
For example, Johnny G plaque, Indonesia’s information and communication technology minister has unequivocally stated that data control is a matter of national sovereignty. During the Indonesian Independence Day celebration, he also argued that maintaining digital and data sovereignty and preventing the creation of a digital colony was critical to strengthening and maintaining Indonesian independence. Similarly, Mohammad Mentek of from malaysia The Ministry of Communications and Multimedia also indicated that preserving data sovereignty is an important objective for its country to develop existing legal and policy frameworks on data. By structuring your data governance, Vietnam it has also placed the protection of national sovereignty at the forefront of its priorities. To enhance your Internet sovereignty, Vietnam has enacted laws to ensure that the Vietnamese people’s data remains under its control.
Southeast Asia has become one of the regions with the highest faster expansion of data centers. As of this month, there are a total of 195 data centers in Southeast Asia. Recent market studies of Arizona shows that the region’s data center market was worth $8.71 billion in 2021 and is projected to reach $12.34 billion by 2027. Additionally, Southeast Asia will soon overtake North America as the larger region for co-location data centers around the world.
This rapid expansion is attributed in part to restrictions on the free flow of data across national borders. For example, the introduction of the data localization law has been a major driving factor behind the rapid development of Vietnamese data center market. Similarly, the increased demand for on-premises data centers in Indonesia it is also the result of government data localization requirements.
Importantly, the proliferation of data centers in Southeast Asia speed up the digitization process of the region. As essential components of IT infrastructure, data centers play a key role in digital transformation. These facilities constitute the physical space spine of digital life. With the increasing support of data centers, people living in Southeast Asia are likely to enjoy faster and more reliable Internet connections. technological innovation will be further encouraged, and business in the region it will be easier for them to interconnect, migrate to the cloud and digitize their processes and services.
While restricting cross-border data flows drives data center growth, which can promote digitization, these data localization regulations and requirements may otherwise impede the region’s ability to achieve its digitization goal. . Cross-border data flows are the lifeblood of a digital economy. In particular, because any rules and regulations that limit cross-border data flows are considered key barriers to digital trade, could also impede ASEAN’s transition to a digital economy. Furthermore, regulations that limit international data flows also prevent ASEAN from becoming a digital society. The Internet of Things (IoT) is considered to be the Foundation of a digital society, as it enables the digitization of almost every aspect of daily life, from education and entertainment to healthcare and transportation. Given that the rules that restrict international data flows undermine the deployment of IoT, may also inevitably slow down the digital transformation of Southeast Asia.
ASEAN has committed to establishing a digital economy and society across the region by 2025. Although Southeast Asian countries have increased their efforts to regulate data, which is seen as the new oil in today’s world, many of them prefer to restrict the free flow of data across their national borders. Furthermore, since limitations on international data transfers are the result of national security and state sovereignty concerns, it is more difficult for Southeast Asian countries to compromise and relax the rules. While the rules are currently a double-edged sword for the digitization of the region, they will inevitably present more challenges than opportunities in the future.