The Peace and Security Monitor
The Indo-Pacific
Issue 5, June 2025
Key Takeways
• Asia’s rapid digital expansion, with China leading in Artificial Intelligence (AI), biometrics, and smart infrastructure, is making surveillance the default mode of governance. Privacy often gets sidelined, and the consequences for civil liberties are increasingly hard to ignore.
• China’s grip on regional tech is no accident. Policies like Made in China, 2025 push a state-first model that sidelines Western-style privacy rules and recasts data governance in its own image, setting up a clash not just of systems, but values.
• The privacy-surveillance trade-off isn’t just a domestic headache. With half the world’s population in Asia, and United States (US) tech giants drifting closer to Washington’s geopolitical script, the region risks becoming a digital powder keg. Tech rivalry, particularly over chips and AI, could easily spill into tariff wars and regulatory brinkmanship.
• India and Southeast Asian countries are stuck threading the needle of promoting digital innovation, enforcing privacy, and keeping the state happy. Some try harder than others, but across the board, enforcement is weak and often symbolic.
• Asia’s data future is still in play. The privacy laws mimic the General Data Protection Regulation (GDPR) in form if not function. But without real oversight, uneven rules, rising techno-nationalism, privacy often plays second fiddle to control. Asia’s data governance looks less like a unified front and more like patchwork under pressure.
The rise of AI, biometrics, and fifth-generation wireless technology (5G) in Asia, led by China, is reshaping privacy and surveillance. States are leveraging these technologies to enhance control, often at the expense of individual privacy rights. This shift is driven by geopolitical competition, with China’s state-centric techno-governance contrasting with rights-based approaches in countries like India and Singapore. Across Asia, varied data protection laws and surveillance practices reflect diverse national priorities. Civil society groups, such as India’s Internet Freedom Foundation and Malaysia’s Sinar Project, resist excessive surveillance, advocating for stronger data protection. Asia’s privacy future depends on balancing security and rights, potentially leading to fragmented or convergent data governance. Recent developments in 2024 and 2025 highlight the maturation of Asia’s privacy laws, with many countries enacting or strengthening legislation, while regional initiatives like the Association of Southeast Asian Nations (ASEAN) Digital Economy Framework Agreement aim to harmonise standards.
While Asia stands as a powerhouse of technological innovation, with China, India, and Southeast Asian nations spearheading advances in AI, biometrics, and 5G, this digital leap forward, however, fuels a surge in state-driven surveillance, often eroding individual privacy rights in the name of security. In 2024 and 2025, a wave of new data protection laws, inspired by global standards like Europe’s GDPR, signals Asia’s push to balance innovation with privacy. As civil society groups resist overreach and nations navigate geopolitical tensions, Asia’s digital evolution is redefining global data governance.
Technological and Geopolitical Landscape in Asia
Asia is undergoing a profound transformation in its technological and geopolitical landscape, driven by rapid advancements in digital technologies and shifting power dynamics. The region’s civic space, however, faces significant challenges, with 89% of Asia’s population living in countries rated as closed, repressed, or obstructed for civic freedoms, according to the CIVICUS Monitor. Meanwhile, technological advancements, such as China’s extensive surveillance systems and AI-driven tools, are increasingly deployed for repression, enabling states to monitor and control dissent, particularly in closed civic spaces like China and Myanmar.1
China’s technological ascent is underpinned by massive investments in AI, 5G networks, and big data analytics, positioning it as a leader in the Fourth Industrial Revolution.2 3 The Chinese government has prioritised technological self-reliance through initiatives like Made in China 2025, aiming to dominate key sectors such as semiconductors, AI, and robotics.4 For instance, DeepSeek, a Chinese AI model founded in 2023, represents a significant advancement through its open-source approach, fostering global developer collaboration while serving China’s national technological objectives.5
The expansion of US-based tech giants like Google, Facebook, and Amazon has significantly shaped Asia’s digital ecosystem, introducing advanced platforms and services. However, concerns over data sovereignty have driven countries like China and India to enforce local data storage and processing policies.2 For instance, China’s WeChat and India’s ShareChat serve as alternatives to Facebook, offering localised social networking, while Baidu and Alibaba’s Tmall provide search and e-commerce options rivalling Google and Amazon. China’s “dual circulation” strategy fosters self-reliance by promoting domestic tech innovation, evident in initiatives like Made in China 2025, which strengthens local firms.6 This shift forges new technological alliances, such as China’s partnerships with Southeast Asian nations through the Belt and Road Initiative’s digital infrastructure projects, redefining the Indo-Pacific’s tech landscape.
Indeed, digital infrastructure development is another critical aspect of Asia’s tech transformation.7 Countries are investing heavily in building smart cities, expanding broadband connectivity, and deploying 5G networks. China has rolled out an extensive 5G network, while India is advancing its Digital India initiative to enhance digital connectivity and services.8 These developments enhance economic productivity but also enable sophisticated surveillance and data collection, as seen in India’s Aadhaar system, where biometric data misuse has sparked significant privacy concerns.9
The interplay between technology and geopolitics in Asia is complex, with technology serving as both a tool for economic growth and a means of exerting political control.10 As states, particularly the US and China, compete for technological dominance,11 the delicate balance between privacy and surveillance intensifies, with significant implications for civil liberties and regional stability in Asia, home to over four billion people, or roughly 50% of the global population in 2025. The close alignment of US tech giants with the Trump administration heightens the risk of tech competition escalating into geopolitical tensions, potentially destabilizing the Indo-Pacific through trade disputes, tariff wars, and strategic tech export controls, as evidenced by ongoing US-China rivalry over semiconductors and AI.12
Case Studies: Varying Models of Techno-Governance
China: State-Centric Surveillance
China exemplifies a state-centric model of techno-governance, leveraging advanced technologies to maintain social order and political control. Its surveillance network includes over 700 million cameras by August 2023, with 40,000 in Xinjiang tracking Uyghurs via the Integrated Joint Operations Platform.13 14 China mandates foreign companies, like Apple, to store data locally and provide government access, reinforcing state control over information processing. This measure could protect citizens’ data in other nations if applied with privacy-first motives but in China prioritizes state interests. State-sponsored hacking groups like Weaver Ant and Mustang Panda deploy malware, such as those used to target India’s power grid in 2021 and steal intellectual property from Japanese firms, posing domestic and international cyber espionage threats.1516 Laws like the Cybersecurity Law (2017), Data Security Law (2021), and Personal Information Protection Law (PIPL, 2021) enable broad state access to data, with the Regulations on Network Data Security Management (effective January 1, 2025) imposing strict compliance for large datasets.17
Critics have highlighted privacy violations, notably during the COVID-19 pandemic, when health data from mobile apps and digital barcodes was used for mass tracking, raising concerns about excessive surveillance, forced isolation and lack of consent.18
India: Hybrid Models with Public-Private Partnerships
India employs a hybrid model of techno-governance through public-private partnerships, exemplified by the Aadhaar biometric identification system, covering over 1.3 billion citizens, and the Unified Payments Interface (UPI), where private companies provide payment infrastructure under government oversight.19 The Digital Personal Data Protection Act Rules seek to balance innovation and privacy. However, it faces criticism for provisions allowing government access to data for national security, which lack clear conditions, transparency, and accountability, potentially enabling unchecked surveillance.20 Civil society groups, notably the Internet Freedom Foundation, actively shapes governance by challenging overreach through litigation and advocating for stronger privacy safeguards. However, weak enforcement has led to breaches,21 such as the 2018 Aadhaar data leaks22 exposing personal details of millions, raising human rights concerns over privacy violations and exclusion from services like food rations due to authentication failures.
In India, the burgeoning digital economy leverages vast data for innovation, but weak enforcement mechanisms lead to breaches and misuse. The Open Network for Digital Commerce (ONDC) aims to create an inclusive digital economy, yet requires robust privacy safeguards.23
Southeast Asia: Diverse Approaches
Southeast Asia’s techno-governance models vary starkly, with ASEAN’s 2025 Digital Economy Framework Agreement seeking unified data standards.33 Singapore’s Personal Data Protection Act (PDPA), updated in 2024, enforces strict fines for breaches, like a SGD 54,000 penalty on a ferry operator, prioritising oversight over localisation.24 Vietnam’s Decree 53/2022/ND-CP mandates local data storage for telecom and e-commerce, curbing cross-border flows to bolster state control.25 Indonesia adopts protectionist stances, with Regulation No. 71/2019 mandating local data storage.26 Myanmar’s 2025 Cybersecurity Law enables mass surveillance by banning Virtual Private Networks (VPNs), crushing privacy and freedom of speech.27 These divergent approaches challenge ASEAN’s goal of cohesive regional data governance.
Political Economy of Data
The commodification of personal information, often termed the “new oil,” is central to Asia’s digital economy. In China, the Data Security Law (2021) positions data as a strategic asset for national security and economic growth, outpacing regulatory frameworks and raising human rights concerns as states prioritize technological dominance over privacy.28 Chinese tech giants like Alibaba and Tencent, mandated to share data with the government under laws like the Cybersecurity Law (2017), fuel both commercial innovation and state surveillance, amplifying privacy risks.2930 DeepSeek’s integration into China’s digital ecosystem highlights its potential to boost the Social Credit System by analysing massive datasets to monitor and shape citizen behaviour. This shows how fast-moving tech developments often skip safeguards, putting state control and global tech competition ahead of individual rights.31
Civil Society and Normative Resistance
Civil society organisations (CSOs) are crucial in advocating for digital rights and privacy in Asia, despite a shrinking civic space where 89% of the region’s population lives in countries with closed, repressed, or obstructed civic freedoms, per the CIVICUS Monitor.1 In India, the Internet Freedom Foundation uses Supreme Court petitions to challenge government overreach, such as Aadhaar data misuse.32 Malaysia’s Sinar Project33 monitors state surveillance, exposing tools like the Pegasus spyware used to target activists. Indonesia’s SAFENet34 supports digital rights defenders against online harassment, driving legislative progress like Singapore’s PDPA updates (2024) and Indonesia’s Personal Data Protection Law (2022), with strict penalties. Yet, new technologies enable repression, as seen in
Thailand’s use of the 2022 Ministerial Decree to censor online dissent35 and Myanmar’s 2025 Cybersecurity Law banning VPNs, stifling free expression36. Regional initiatives like the ASEAN Digital Economy Framework Agreement (2025)37 promote rights-based data governance, but enforcement gaps, such as Vietnam’s vague Decree 53/2022/ND-CP38 undermine progress.
Conclusion
This research highlights the profound impact of technological advancements on privacy and surveillance in Asia. China’s state-centric model, leveraging AI and biometrics, sets a precedent influencing regional practices, while India and Southeast Asian countries develop hybrid models balancing innovation and privacy. The commodification of data, intertwined with national security and global regulatory pressures, complicates the landscape. Civil society resistance and maturing privacy laws offer hope, but challenges such as enforcement gaps persist. Asia faces a critical juncture: its path toward fragmentation or a rights-based framework will shape global data politics. Balancing innovation, security, and privacy requires collaborative efforts from states, corporations, and civil society.
Policy Recommendations
• Asian countries should enact robust data protection laws aligned with GDPR but tailored to local contexts, prioritizing individual privacy while defining clear scope, transparent processes, and strict accountability mechanisms for security-related data access and oversight in national security exemptions.
• Enhance ASEAN collaboration to develop harmonised data governance frameworks, prioritising the 2025 Digital Economy Framework Agreement for cross-border data flows and privacy.
• States should bolster cybersecurity by investing in threat detection systems, conducting regular audits of critical infrastructure, and enforcing breach notification requirements, to protect critical infrastructure and personal data against cyber espionage and breaches.
• Encourage collaboration between governments, academia, and the private sector to develop privacy-enhancing technologies such as differential privacy, homomorphic encryption, and federated learning, along with secure data-sharing mechanisms like data clean rooms and trusted execution environments.
• Data protection authorities, in collaboration with civil society groups and educational institutions, should design and launch sustained public awareness campaigns on data rights and digital privacy. These campaigns should target students, workers, and vulnerable groups through schools, workplaces, and community outreach, using clear, accessible language. Authorities should focus on rights under national data laws and practical steps individuals can take to protect their information.
• Develop ethical guidelines for AI and biometric technologies to prevent misuse and ensure human rights compliance including privacy, freedom from discrimination, and the right to fair treatment.
Endnotes
CIVICUS, ‘Global Findings 2024’ (CIVICUS Monitor, 2024) https://monitor.civicus.org/ globalfindings_2024/ accessed 3 June 2025.
2 H Gu, ‘Data, Big Tech, and the New Concept of Sovereignty’ (2024) 29 Journal of Chinese Political Science 591 https://doi.org/10.1007/s11366-023- 09855-1 accessed 3 June 2025.
3 Robert D Atkinson, ‘China Is Rapidly Becoming a Leading Innovator in Advanced Industries’ (ITIF, 16 September 2024) https://itif.org/ publications/2024/09/16/china-is-rapidly becoming-a-leading-innovator-in-advanced industries/ accessed 3 June 2025.
4 ISDP, ‘Made in China 2025’ (ISDP, June 2018) https:// http://www.isdp.eu/publication/made-china-2025/ accessed 3 June 2025.
5 Kedar Bhasme, ‘DeepSeek AI: China’s Open-Source Challenge to Western Technological Dominance’ (2025) Issue 4 Indo-Pacific Peace and Security Monitor (March 2025) https://peacehumanity.org/
peace-and-security-monitor-the-indo-pacific issue-4-march-2025/ accessed 3 June 2025.
6 Frank Tang, ‘What is China’s Dual Circulation Economic Strategy and Why is it Important?’ (South China Morning Post, 19 November 2020) https:// http://www.scmp.com/economy/china-economy/ article/3110184/what-chinas-dual-circulation economic-strategy-and-why-it accessed 3 June 2025.
7 Yoonee Jeong and Christine Apikul, ‘Digital Technology: Evolution and Development in Asia’ (Asian Development Bank, 5 May 2025) https:// http://www.adb.org/sites/default/files/institutional document/1052731/adpr2025bn-digital technology-evolution-development-asia.pdf accessed 3 June 2025.
8 Telecom Review, ‘How Tech Investments are Accelerating Asia’s Digital Economy’ (8 July 2024) https://www.telecomreviewasia.com/news/ featured-articles/4382-how-tech-investments are-accelerating-asia-s-digital-economy/ accessed 3 June 2025.
9 AMLEGALS, ‘Data Privacy in the Context of Aadhaar and India’s Digital Identity Systems’ (16 October 2024) https://amlegals.com/data-privacy-in-the context-of-aadhaar-and-indias-digital-identity systems/ accessed 18 June 2025.
10 Dr Srinivasan Gopal Chari, ‘Power, Pixels and Politics: The Geopolitics of Emerging Technologies in the Digital Age’ (2025) 25(2) London Journal of Research in Humanities & Social Science https://
journalspress.com/LJRHSS_Volume25/Power Pixels-and-Politics-The-Geopolitics-of-Emerging Technologies-in-the-Digital-Age.pdf accessed 3 June 2025.
11 O D Sweidan, ‘The Geopolitics of Technology: Evidence from the Interaction between the United States and China’ (2024) 10(2) Russian Journal of Economics 130 https://doi.org/10.32609/j.
ruje.10.118505 accessed 3 June 2025.
12 Misha Glenny and Robert Muggah, ‘Big Tech Is a Tool of Trump’s Global Disruption’ (Foreign Policy, 3 June 2025) https://foreignpolicy.com/2025/06/03/ trump-big-tech-companies-silicon-valley-threat geopolitics-digital-sovereignty/ accessed 19 June 2025.
13 Voss, W. and Emmanuel Pernot-Leplay (2023) “China Data Flows and Power in the Era of Chinese Big Tech”, Northwestern Journal of International Law and Business, Vol. 44, Issue 2 (Winter 2024) https://scholarlycommons.law.northwestern.edu/
cgi/viewcontent.cgi?article=1896&context=njilb accessed 3 June 2025.
14 Chamila Liyanage, ‘Tyranny of City Brain: How China Implements Artificial Intelligence to Upgrade its Repressive Surveillance Regime’ (Fall 2024) 4(3) Journal of Illiberalism Studies 73 https://doi.
org/10.53483/XCQW3581 accessed 3 June 2025.
15 Ravie Lakshmanan, ‘Chinese Cyber Espionage Targets Telecom Operators in Asia Since 2021’ (The Hacker News, 20 June 2024) https://thehackernews. com/2024/06/chinese-cyber-espionage-targets telecom.html accessed 3 June 2025.
16 Jonathan Greig, ‘Chinese Hackers Spent Four Years Inside Asian Telco’s Networks’ (The Record, 25 March 2025) https://therecord.media/chinese hackers-spent-years-telco accessed 3 June 2025.
17 Giulia Interesse, ‘China Issues New Regulations on Network Data Security Management, Effective January 1, 2025’ (China Briefing, 2 October 2024) https://www.china-briefing.com/news/china
issues-new-regulations-on-network-data security-management-effective-january-1-2025/ accessed 3 June 2025.
18 Jun Liu and Hui Zhao, ‘Privacy Lost: Appropriating Surveillance Technology in China’s Fight Against COVID-19’ (2021) 64(6) Business Horizons 743 https:// doi.org/10.1016/j.bushor.2021.07.004 accessed 10 June 2025.
19 PIB Delhi, ‘Government of India Taking Measures to Enhance the Reach of Indian Digital Public Infrastructure’ (Press Information Bureau, 26 July 2024) https://www.pib.gov.in/PressReleasePage.
aspx?PRID=2037598 accessed 3 June 2025.
20 Rubayya Tasneem and Injila Muslim Zaidi, ‘The Draft Digital Personal Data Protection Rules: Surveillance for Surveillance’s Sake’ (Internet Freedom Foundation, 17 January 2025) https://internetfreedom.in/the
draft-digital-personal-data-protection-rules surveillance-for-surveillances-sake/ accessed 10 June 2025.
21 Sunainaa Chadha, ‘87% Indians Fear Data Breach, 50% Worried About Aadhaar Security: Survey’ (Business Standard, 4 March 2025) https://www.business-standard.com/finance/
personal-finance/87-indians-fear-data breach-50-worried-about-aadhaar-security survey-125030400164_1.html accessed 3 June 2025.
22 Yogesh Sapkale, ‘Aadhaar Data Breach Largest in the World, Says WEF’s Global Risk Report and Avast’
(Moneylife, 19 February 2019) https://www.moneylife. in/article/aadhaar-data-breach-largest-in the-world-says-wefs-global-risk-report-and avast/56384.html accessed 10 June 2025.
23 PIB Delhi, ‘Revolutionizing Digital Commerce: The ONDC Initiative’ (Press Information Bureau, 4 January 2025) https://www.pib.gov.in/PressReleasePage. aspx?PRID=2090097 accessed 3 June 2025.
24 Personal Data Protection Commission Singapore, ‘Breach of the Protection Obligation by Horizon Fast Ferry’ (2 August 2019) https://www.pdpc.gov.sg/ all-commissions-decisions/2019/08/breach-of the-protection-obligation-by-horizon-fast-ferry accessed 3 June 2025.
25 International Trade Administration, ‘Vietnam: Cybersecurity Data Localization Requirements’ (n.d.) https://www.trade.gov/market-intelligence/ vietnam-cybersecurity-data-localization requirements accessed 3 June 2025.
26 Jagamaya, ‘Understanding Indonesia’s PP 71/2019: What It Means for Your Data’ (22 April 2025) https:// jagamaya.com/understanding-indonesias-pp-71-
2019-what-it-means-for-your-data/ accessed 3 June 2025.
27 Andy Leck, ‘Myanmar: Cybersecurity Law Enacted on 1 January 2025’ (Baker McKenzie Connect On Tech, 28 March 2025) https://connectontech. bakermckenzie.com/myanmar-cybersecurity-law enacted-on-1-january-2025/ accessed 3 June 2025.
28 Alex He, ‘State-Centric Data Governance in China’ (Centre for International Governance Innovation, September 2023) CIGI Papers No 282 https:// http://www.cigionline.org/static/documents/no.282.pdf accessed 3 June 2025.
29 Annabelle Liang, ‘Chinese Internet Giants Hand Algorithm Data to Government’ (BBC News, 16 August 2022) https://www.bbc.com/news/ business-62544950 accessed 3 June 2025.
30 Liza Lin and Josh Chin, ‘China’s Tech Giants Have a Second Job: Helping Beijing Spy on Its People’ (The Wall Street Journal, 30 November 2017) https:// http://www.wsj.com/articles/chinas-tech-giants-have a-second-job-helping-the-government-see everything-1512056284 accessed 3 June 2025.
31 Jonathan Sumner, ‘The Great AI Race: China, Deepseek, and the Global Quest for Supremacy – and Its Risks’ (GRC World Forums, 18 February 2025) https://www.grcworldforums.com/risk-digital-eu/
uk/the-great-ai-race-china-deepseek-and-the global-quest-for-supremacy-and-its-risks/10037. article accessed 3 June 2025.
32 Joanne DCunha, ‘The Madras HC Allows Our Intervention in the Aadhaar and Social Media Linking Petition’ (Internet Freedom Foundation, 27 June 2019) https://internetfreedom.in/aadhaar-linking/ accessed 3 June 2025.
33 Sinar Project https://sinarproject.org/ accessed 3 June 2025.
34 Safenet Indonesia https://safenet.or.id/ accessed 3 June 2025.
35 Mong Palatino, ‘Thailand’s New Ministerial Decree Could Further Suppress Free Speech Online’ (Global Voices Advox, 14 January 2023) https:// advox.globalvoices.org/2023/01/14/thailands-new ministerial-decree-could-further-suppress-free speech-online/ accessed 3 June 2025.
36 Human Rights Myanmar, ‘Myanmar’s Cyber Law a Serious Threat to Privacy, Speech, and Security’ (Progressive Voice Myanmar, 13 January 2025) https://progressivevoicemyanmar.org/2025/01/13/
myanmars-cyber-law-a-serious-threat-to privacy-speech-and-security/ accessed 3 June 2025.
37 World Economic Forum, ‘Why ASEAN’s New Digital Economy Framework Agreement Is a Game Changer’ (26 May 2025) https://www.weforum. org/stories/2025/05/asean-digital-economy framework-agreement-a-gamechanger/ accessed 3 June 2025.
38 Freedom House, ‘Vietnam: Freedom on the Net – Key Developments, June 1, 2023 – May 31, 2024’ (2024) https://freedomhouse.org/country/ vietnam/freedom-net/2024 accessed 3 June 2025.