Table of Contents

The emergence of a deep-seated, multidimensional strategic competition between the United States and China has led many to argue that the world is fracturing into two spheres—a Sinocentric order and a U.S.-centric one. One result of this fragmentation, some suggest, could be that Beijing sets the terms of data and internet governance and technology standards in Asian countries and beyond.1 As the world moves into the next phase of the digital transformation, what was once viewed as a purely commercial and technological competition is increasingly being framed as an existential geopolitical one.

The fact is, however, that the United States and China are not the world’s only major digital players. There has been a proliferation of policy and regulatory models in recent years, and international internet governance is up for grabs as countries, from India to Japan to South Korea, experiment, innovate, and share their policy experiences and practices, successes, and failures.

Data governance is one critical area of contention because it is increasingly central to next-generation industries and the future of rulemaking in the global economy. Countries such as South Korea (hereinafter Korea) and India have developed distinctive national approaches to data governance. Neither country aims to imitate or adopt wholly American, much less Chinese, data policies and practices. They, too, have the potential to drive debates about technology business models and regulatory frameworks.

Korea, in particular, is a digital pacesetter because it is perhaps the world’s most connected country. Korea’s internet access, according to the Pew Research Center,2 reached a staggering 96 percent of adults in 2018, and the country boasts the world’s highest 4G telecommunications availability and highest fixed broadband upload speed, according to a recently published connectivity index.3

Much has already been learned from Korean experiences with technology. Korean consumer electronics companies, such as LG Electronics and Samsung, have grown quickly to become household names around the world. In many areas, from manufacturing to business services, the rest of the world has seen the results of Korean approaches to policy and regulation. Indeed, precisely because Korea is such a wired country, much can be learned by examining those policies and regulations in more detail.

Unfortunately, Korea’s digital policies are still not widely known, in part because little has been written in English about Korea’s distinctive frameworks, standards, and models. In most countries, policymakers tend to look to the United States, Europe, or China for templates as they craft their own digital policies and regulations. Yet Korea has over the past two decades pioneered important approaches to data governance while accumulating a body of experience with best practices—and sometimes not-so-best practices that it has had to tweak, amend, or replace. These experiences provide useful lessons.

Evan A. Feigenbaum
Evan A. Feigenbaum is vice president for studies at the Carnegie Endowment for International Peace, where he oversees research in Washington, Beijing, and New Delhi on a dynamic region encompassing both East Asia and South Asia.
More >

This volume digs deeply into what we call “the Korean way with data.” It explores in detail Korea’s distinctive experiences, successes, failures, and recalibrations. Above all, it aims to address the question of what can and should be learned from innovative Korean policies and practices. The chapters in this study highlight the elements of distinctively Korean approaches, establishing a firm foundation on which to compare and contrast what is emerging there with other countries’ experiences and choices.

Korean approaches have demonstrated that persistence, a consistent vision, and innovative policy frameworks can shape a promising digital future. For more than twenty years, policymakers in Seoul have done much to build out national broadband networks and spur the use of digital technologies.

And yet for all of Korea’s successes, much work remains to be done if Seoul is to address three critical challenges:

  • Intensive commitment to online government, banking, and healthcare services requires an online authentication ecosystem that Korea has struggled to create.
  • Intensive digitalization across industries and society makes Korea susceptible to cyber threats and disruptions; several governments and cyber-hacktivist groups have regularly targeted Korea, and will, no doubt, continue to do so.
  • Intensive dependence on cross-border flows of goods, capital, people, and technology in one of the world’s most trade-dependent economies requires a data regulatory framework that meshes with those of Korea’s principal economic partners.

In Korea, as in almost every country, competing ministries with competing priorities often prevent consensus on how best to design policies for the internet and the cloud. This can lead to what could be referred to as “multiple-policy disorder,” a pathology that leads to confusion among both technology companies and technology users.

The three chapters in this volume illustrate how the Korean government has tried to craft coherent and consistent policies in three important areas related to data:

  • developing effective online authentication systems for protecting data and information technology (IT) systems;
  • dealing with cyber threats and improving data resilience; and
  • facilitating the free flow of data internationally while protecting the privacy of Korean citizens.

In each case, Korean policies have evolved by trial and error. Different approaches have been tried. When found to be inadequate, more workable approaches were found.

In all three of these areas, executive leadership from the Korean president’s office helped to overcome inertia and compel ministries to work together. Further refinement and clarification of policies is needed, especially in the area of data localization rules. But, taken together, the resulting frameworks constitute a Korean way with data that could have broad resonance for countries that are also struggling to address these three issues.

Data-Enabled Online Authentication

The first chapter by Jang GyeHyun and Lim Jong-in of Korea University focuses on online authentication and data access, which are essential for improving cybersecurity. An easy-to-use online authentication ecosystem could provide secure access to e-government services, online banking, and healthcare services—all areas where Korea has excelled. And better authentication could go a long way toward making phishing, spamming, disinformation, malicious hacking, and insider cyber theft more difficult and less profitable.

The authors detail a process of trial and error and persistent experimentation with various online authentication initiatives in Korea over the last twenty years. Initial efforts based on the Resident Registration Number resulted in widespread sharing and disclosure of sensitive, personally identifiable information (PII) and had to be shut down. An alternative, I-PIN Korea, was developed fifteen years ago, but could only be implemented using Microsoft’s ActiveX technology, limiting its usefulness. In both cases, it again took intervention by the president himself to stop both efforts and push for better alternatives.

Michael R. Nelson
Mike Nelson is a senior fellow in the Carnegie Endowment’s Technology and International Affairs Program, which studies the implications of emerging technologies, including digital technologies, biotechnology, and artificial intelligence.

That yields a straightforward lesson: even in an advanced economy like Korea’s, presidential leadership can be the prerequisite of progress. It would have taken much longer for the Korean government officials involved in these efforts to admit that changes were needed without the president’s intervention.

What resulted, however, was an effort to provide a wider, more flexible range of online authentication approaches: In 2012, the Korean government authorized three mobile network operators to provide authentication services. Five years later, the Korea Communications Commission designated seven major credit card companies as new identity-verification agencies. The solutions they have deployed, which have been much more widely adopted and used than earlier government-led approaches, have facilitated e-commerce, e-government, and mobile applications in Korea.

One conclusion is that the Korean government recognized earlier than almost any other government in the world that e-mail and social media platforms could facilitate defamation, fraud, and doxing. It also recognized that better online authentication could reduce these serious and growing problems. In July 2007, a real-name system was launched to prevent anonymous posts on popular internet websites. This led to complaints by privacy and free speech advocates and a lawsuit claiming that the law was not consistent with the Korean Constitution. What is more, because the law could not be enforced on foreign websites like YouTube, Korean domestic websites argued that the law disadvantaged them. Ultimately, in August 2012, the Constitutional Court ruled this law unconstitutional.

This raucous Korean debate over real-name authentication provides a valuable lesson on the need to design online authentication schemes that can meet the need to improve cybersecurity and data access control while respecting the need of internet users and corporations to protect their private information. Unfortunately, in the Korean case, advocates for privacy and civil liberties were not very involved in designing the specifications and policies for online authentication.

So, as Korea and other countries continue to refine their approaches to authentication, they will need to consider how systems and procedures might enable citizens to verify what they are but without providing details on who they are. This might mean that internet users can protect their privacy by using a pseudonym or by sharing personal information with a trusted third party: this could verify that particular user’s attributes, such as age, income, and nationality, without revealing who they are. A number of cryptographic techniques, including homomorphic encryption, are making such privacy-enhancing techniques more practical and secure.

Another lesson of the Korean experience with schemes for online authentication is that the most successful ones will be those that leverage the infrastructure and business relationships of the private sector, including mobile companies and credit card companies. Developing a system solely for a few government applications is unlikely to be very successful, since not many citizens interact with their government on a weekly or monthly basis. If, on the other hand, governments accept the authentication tools that their citizens are already using for online banking or e-commerce, users are more likely to adopt and trust them. And if these private sector–based approaches are being used in more than one country, the potential applications (and economies of scale) will be much larger.

This is another reason that the latest Korean approach could position the country as a champion of better authentication around the world. Estonia and India, which have invested both money and political capital in their national authentication systems, have demonstrated the benefits that effective online authentication can provide. But their government-led approaches are less likely to lead to third countries embracing their approaches as national, much less global, models. As Jang and Lim note, governments that fail to find international partners will suffer from the so-called Galapagos syndrome because their approach to online authentication will not be interoperable with those used by other countries. If governments cannot overcome this challenge, their citizens might need to rely instead upon authentication services provided by global companies like Apple, Facebook, and Google.

Korea also provides an important set of lessons for the United States. Unlike Korea, Washington has been unable to develop a coherent strategy for online authentication despite trying for more than ten years. The National Strategy for Trusted Identity in Cyberspace (NSTIC) announced by former president Barack Obama’s administration in 2011 engaged the full range of stakeholders but failed to agree on how to address such key questions as how to protect users’ privacy; how to leverage private sector solutions; and how to avoid narrow solutions and ensure interoperability and flexibility?4 The good news is that the U.S. Department of Commerce’s National Institute of Standards and Technology is working to build on the work of NSTIC.5 As the United States undertakes this and other cybersecurity efforts, it would do well to learn from Korea’s experience.

Data Resilience

The second chapter by So Jeong Kim and Sunha Bae of Korea’s National Security Research Institute describes in detail how the Korean government has designed a management structure for defining and coordinating cybersecurity policy and improving the resilience of Korean government and corporate information and communications technology (ICT) systems. The chapter documents how the many cyber attacks targeting South Korea over the last twenty years—often originating in North Korea—have triggered a number of narrow policy responses.

But this reactive approach resulted in a patchwork of initiatives rather than the development and implementation of a comprehensive strategy to reduce the number and severity of attacks. So, in 2019, Korea finally adopted a full-blown National Cybersecurity Strategy and an implementation plan.

Today, responsibility for cyber defense is split between the National Cyber Security Center under Korea’s National Intelligence Service (for government and public sector data) and the Ministry of Science and Information and Communications Technology (for private sector data). In addition, several agencies run their own response systems, such as the one at the Ministry of National Defense for the military sector’s data. Successful implementation of this plan will depend critically on the National Security Council under the Office of the President. It must serve as the control tower for policy coordination across the government and between the public and private sectors.

Yet that is no simple task. It will require a multistakeholder approach that reflects not just the needs of the ministries and offices involved but also addresses the diverse and distinctive needs of Korean companies and Korean citizens. Policies that provide multiple solutions that are flexible, affordable, and easy-to-use will work far better than the kind of one-size-fits-all approaches that some other countries have tried. Korea may well show the way.

The authors of this chapter cite recent surveys showing that Korean businesses and government agencies have accelerated efforts to secure their IT systems, protect against denial-of-service attacks, and install systems to back up data and facilitate recovery after an attack. Over the last few years, this has successfully reduced the amount of damage caused by cyber attacks despite a steady increase in the number of attacks. One approach that other countries might wish to emulate, then, are Korean regulations that require data backup systems. This effort is supported by Korean policies pushing for more use of cloud storage, particularly in the public sector through Korea’s Cloud Service Assurance Program, which parallels U.S. government programs like FedRAMP, the Federal Risk and Authorization Management Program.

Data Localization and Privacy

The third chapter by Nohyoung Park of Korea University Law School examines Korean approaches to data protection and data localization, and especially the framework of laws and treaties that Korean policymakers, legislators, bureaucrats, and negotiators have painstakingly assembled over the last two decades. These related issues—protection and localization—are among the thorniest digital policy issues that national governments everywhere are trying to address. And no country has yet found an approach that works for its citizens and businesses and is also both interoperable and consistent with data policies of other countries. The different, often poorly defined and inconsistently applied rules resulting from the Chinese and Indian approaches to localization and the European Union’s General Data Protection Regulation (GDPR) indicate how much work remains to be done.

This is a high bar to clear, but it is especially important for Korea—a country that is incredibly dependent on trade and cross-border economic flows of goods, capital, people, technology, and data—to do so. Despite some slippage during the coronavirus pandemic, Korea’s trade dependency index (the total trade volume proportion of gross domestic product) still came in at a whopping 63.51 percent in 2020, according to the Korean Statistical Information Service run by Statistics Korea of the Ministry of Economics and Finance.6

As a major trading partner with China, the United States, the European Union, and Japan, Korea has a particularly difficult task. Korean firms are exposed to a variety of emerging global data laws, including the different ways European nations are choosing to enforce the GDPR, as well as the California Consumer Privacy Act (CCPA) and the new Indian data protection law, among others. And they must deal, too, with especially tight controls over the regulation of data in China, the country’s largest trading partner.

Yet this is where Korea’s opportunity lies: Korea has the potential to be a model for all of its trading partners and to shape and harmonize policies for cross-border data flows. If Korea can find ways to demonstrate that it has effective data protection measures, Korean firms can earn the trust of both Koreans and foreign companies, which might then be willing to team up with Korean partners. With new advancements in artificial intelligence, machine learning, the Internet of Things, robotics, and bioinformatics, the free flow of data across international borders will become even more important. For Korea to be well-positioned to capture these innovation opportunities, it needs to actively build on its experiences by helping to shape the evolving global regime on cross-border data flows and access.

Park’s chapter lays bare the very real tensions between Korean citizens’ desire for privacy—reflected in the strong Korean data protection laws—and the desire of Korean businesses to take advantage of non-Korean online tools and services and partner with foreign companies. There is also a tension between Korean privacy laws, on the one hand, and, on the other, the desire of both the Foreign Ministry and the Office of the President to be able to sign onto several bilateral and multilateral treaties that impose tight limits on how national law can enforce its data localization requirements. One result has been complaints from the United States—its second-largest export partner after China,7 and second-largest source of foreign direct investment (FDI) stock after Japan8—that Korea is not living up to some of its treaty commitments to allow data from Korea to be exported, especially in the case of sensitive data, such as map data.

The coronavirus pandemic has highlighted the benefits of sharing and analyzing both health data and geolocation data. From Taiwan and China to Korea and Israel,9 major economies have used geolocation data from cellphones for coronavirus-related contact tracing. Data on who has and has not been vaccinated or infected has likewise helped to assess the utility of different types of vaccines and different protection measures.

Park’s chapter traces how Korea enacted the Personal Information Protection Act (PIPA) in 2011, which applies to the processing of personal information in both the private and public sectors. This was followed by the so-called Network Act—the Act on Promotion of Information and Communications Network Utilization and Information Protection—which applies to the protection of personal information processed by information and communications service providers. The most recent data protection legislation, Korea’s so-called three data laws amendments, were adopted in January 2020, combining the data protection provisions of both of these acts into PIPA.

Park explains how implementation of Korean privacy laws can limit the export of data to countries judged to have less rigorous data protection laws than Korea. An additional constraint on cross-border data transfers is the desire for reciprocal treatment of data. If foreign countries do not allow transfer of their citizens’ data to Korea, then Korea may, in turn, block transfer of Koreans’ data to those countries to pressure them to lift their data localization requirements.

The collision of these different policy goals will necessitate some new thinking—and perhaps new business models and new technologies.10 But Korea has seen a high-level push to find ways to maximize the potential of data and emerging technologies, such as machine learning and location-based services. This crystallized in President Moon Jae-in’s June 2020 announcement of what he calls the Digital New Deal to promote expansion and new uses of Korea’s DNA—data, network, and artificial intelligence—ecosystem.11 Still, the Digital New Deal’s ambitious goals to harness digital data for improving health, safety, government services, and business will only be achievable with more consistent and effective data protection regulations and more clear-cut data localization policies.

Korean Policymaking as a Model?

A willingness to shift course after a process of trial and error is not the only reason that Korea has succeeded. The country has also done well with the deployment of specific technologies.

One example is Korea’s rollout of broadband internet over the last thirty years. Here again, Seoul made digital policy a presidential priority. And this involvement by the Blue House made a huge difference. Other world leaders, including U.S. President Joe Biden, have, in the last year or two, accelerated broadband development by making it a priority for their administrations.

Executive leadership at the topmost ranks of government was also important to Korean success because bold-thinking politicians can help to drive or at least entrench broad and consistent political support for a strategic goal. Korea did this by, for example, forging ahead with the ambitious goal of building a national fiber optic network to serve all Korean citizens.

As both the World Bank and,12 more recently, the Electronic Frontier Foundation,13 have explained, the result of Korea’s push for broadband has been to achieve some of the highest internet penetration in the world and, until a few years ago, low costs per megabit for connectivity. The key to this effort was a decision in 1999 to spur competition among the two telecommunications companies that dominated the Korean network business then. What resulted was a vibrant market with four major players and several smaller ones. And the resulting competition and innovation, when combined with state funding for government networks and subsidies for rural broadband, led to one of the fastest and earliest buildouts of fixed broadband networks in the world. Today, Korean companies are among the world leaders in 5G wireless broadband.

Many challenges remain when it comes to Korea’s digital policies. Since early 2016, the Korean telecommunications regulator responded to lobbying from the three largest network services providers, who argued that they were bearing more than their fair share of carrying internet traffic than the smaller networks with whom they interconnected.14 The rapid growth of video streaming services like Netflix had led to a rapid increase in traffic and necessitated more investment in network infrastructure. So, a complex (and frequently revised) internet interconnection fee structure has been imposed,15 which favors the three largest Korean network service providers at the expense of smaller players.16

The idea of government-mandated interconnection fees runs counter to the norm in almost every other country in the world where there is a competitive broadband market. In those countries, we have seen a preference for negotiated contracts between networks. Recently, Netflix, which has challenged the fees, was sued by the Seoul-based SK Broadband in a Korean court. The court found Netflix liable for unpaid fees that could amount to more than $85 million per year.17 This may seem like an arcane dispute between telecommunications companies, yet the fact that the Korean government explicitly favors just three such companies will result in less vigorous competition and less investment. Most importantly, several innovative new online services, such as certain content distribution network and cloud computing services, are not being offered in Korea because of the dramatic increase in networking costs resulting from these new fees. In an afterword at the end of this volume, Kyung Sin “KS” Park and Michael R. Nelson explain in detail the possible adverse consequences of these Korean efforts to impose interconnection fees.

This is an example of where Korean experiences may have gone awry. It is also an area ripe for the kind of digital leadership by Korea’s president that has been such a necessary ingredient of success in the past. From both a political and policy standpoint, such leadership is needed so that Korean internet users and digital innovators are given priority over the interests of just three companies.

These are the choices and trade-offs that face democracies. Korea’s democracy, much like the United States, has struggled with other shared challenges, not least how to contain the damage done by disinformation.18 North Korea has used the internet to deliver disinformation and propaganda to South Korea. But disinformation and rumors generated by South Koreans themselves are also having a major impact, especially on Korean politics.19 For example, Korean internet companies have aggressively blocked websites that spread rumors and bogus news stories. But free speech advocates in Korea (and elsewhere) have fought against government efforts that could limit discourse online.

Korea has the opportunity to find new approaches, perhaps by using the kinds of authentication technologies that Jang and Lim outline in their chapter to validate social media accounts associated with real people while spotting phony accounts used to amplify posts containing disinformation. Of special concern are so-called deep fakes—deceptive images and video created by machine learning algorithms.20 Companies like Microsoft and Adobe are hard at work on new approaches to verifying the authenticity and provenance of online content.21

Another, even thornier, digital issue that is ripe for Korean leadership is encryption. For more than twenty-five years, the governments of major democracies have struggled to craft policies that would enable the use of strong encryption to protect ICT systems and the data they contain while dealing with the threat from criminals and adversaries who use encryption to conceal their activities. This is made difficult because of the very different priorities of the law enforcement and intelligence agencies that want easy and inexpensive access to data, on the one hand, and the agencies responsible for data protection and cybersecurity, on the other.22 There has been little public debate over encryption policy in Korea but there is a clear understanding of how encryption is an essential tool for protecting privacy. In fact, Korea’s Personal Information Protection Act explicitly encourages companies to use encryption to protect sensitive data.

Korea in the Geopolitical Storm

One reason Korean leadership could be so important is that the bifurcation of the world into a Sinosphere or an American sphere would not serve the interests of most countries.

For decades, technology policies have been shaped by two competing approaches: models that empower individual users and innovators (particularly at start-ups) and respect human rights and models designed to give governments more control over what technologies develop, how they are deployed, and which companies profit most (usually large incumbents and national champions).

To some extent, the United States today views itself as the champion of the former. China, by contrast, has both practiced and increasingly argued for elements of the latter.

But many countries, even well-established democracies, are developing a hybrid approach. From Europe to Asia, many democratic governments rely on industrial policies and promote national champion firms. They are taking a strategic approach to the development of technology and the governance of domestic and cross-border data access and transfers, and sometimes disagree on the best path forward.

On data governance, in particular, there has been no putative American-led “Team Democracy” vs. a Chinese-led “Team Autocracy.” Indeed, when former Japanese prime minister Abe Shinzo tried to push forward a cross-border data initiative at the 2019 Osaka G20—the so-called Osaka track,23 which Abe’s government based on a concept of “data free flow with trust” (DFFT)24—India and Indonesia, two prominent G20 democracies that Washington views as key like-minded partners in Asia, refused to sign up.25

Ironically, for all their ideological and strategic differences, Beijing and Washington are approaching the region in similar ways. Both have framed the competition over global rules in increasingly stark terms. Each is suspicious of any regulatory ideas developed by the other. Each is encouraging third countries to accept its preferred norms, standards, and rules. And each has framed the technology challenge, including over data flows, in geopolitical, not just commercial, terms. Each has sometimes coerced others to forestall closer integration with its rival.

Korea could offer a third way—one that relies on practices and experiences developed and incubated in a successful democracy that has also carved out an important role for the state and sought a balance between public and private interests and state and market-based approaches.

The intensifying battle between Beijing and Washington is leading to trade disputes, restrictions on foreign investment, and, increasingly, wholesale bans on the use of foreign web services and apps. Yet as this Carnegie volume clearly demonstrates, countries like Korea have pioneered their own unique approaches to technology governance and regulation.

It is important to highlight these alternative models—and to compare and contrast their distinctive features. The chapters in this volume demonstrate that the future will be much more complex than a battle between U.S.- and China-centric approaches.


1 Debby Wu, Henry Hoenig, and Hannah Dormido, “Who’s Winning the Tech Cold War? A China vs. U.S. Scoreboard,” Bloomberg, June 19, 2019,; DealBook, “Inside the New Tech Cold War,” New York Times, October 1, 2020,; Adam Segal, “The Coming Tech Cold War With China,” Foreign Affairs, September 9, 2021,; Stu Woo, “The U.S. vs. China: The High Cost of the Technology Cold War,” Wall Street Journal, October 22, 2020,; and Robert D. Kaplan, “A New Cold War Has Begun,” Foreign Policy, January 7, 2019,

2 Jacob Poushter, Caldwell Bishop, and Hanyu Chwe, “Social Media Use Continues to Rise in Developing Countries but Plateaus Across Developed Ones,” Pew Research Center, June 19, 2018,

3 Ryan Daws, “Research: These Countries Are the ‘Most Connected’ in the World,” Telecoms Tech News, July 6, 2021,

4 White House, “National Strategy for Trusted Identities in Cyberspace: Enhancing Online Choice, Efficiency, Security, and Privacy,” April 2011,

5 National Institute of Standards and Technology, “Identity & Access Management,” U.S. Department of Commerce, accessed July 2021,

6 Bae Hyunjung, “South Korea's Trade Dependency Slips in 2019 Amid Sluggish Reports,” Korea Herald, October 18, 2020,

7 World Integrated Trade Solution, “Country Snapshot: Republic of Korea,” World Bank, accessed July 2021,

8 Santander, “South Korea: Foreign Investment,” accessed July 2021,

9 Human Rights Watch, “Mobile Location Data and Covid-19: Q&A,” May 13, 2020,

10 Alex Pentland, Alexander Lipton, and Thomas Hardjono, eds., “Building the New Economy,” MITP Works in Progress, accessed July 2021,

11 Born2Global Centre, “Ministry of Science and ICT Rolls out Digital New Deal to Leap Forward Into a New Economy Beyond COVID-19,” PR Newswire, June 15, 2021,

12 Ovum Consulting, “Broadband Policy Development in the Republic of Korea: A Report for the Global Information and Communications Technologies Department of the World Bank,” October 2009,

13 Ernesto Falcon, “Why Is South Korea a Global Broadband Leader?,” Electronic Frontier Foundation, March 16, 2020,

14 “South Korea’s Network Infrastructure May Be State of the Art, but the Country’s ‘Pay to Play’ Regime for Delivering Traffic Is an Unprecedented Threat to the Free and Open Internet,” Open Net Korea, September 17, 2020,

15 Michael Kende and David Abecassis, “IP Interconnection on the Internet: a White Paper,” Analysys Mason, May 21, 2020,

16 Kyung Sin “KS” Park, “The World’s Only Attempt to Legislate ‘Network Use Fees’ Will Further Damage Consumers – the Illusion of Charging ‘Delivery Fees’ on the Internet Will Disincentivize Investment in Network Expansion,” Open Net Korea, May 11, 2021,

17 Song Su-hyun, “[News Focus] Netflix’s Net Neutrality Logic Loses Ground in Korea,” Korea Herald, June 28, 2021,

18 Casey Corcoran, Bo Julie Crowley, and Raina Davis, “Disinformation Threat Watch the Disinformation Landscape in East Asia and Implications for US Policy,” Belfer Center for Science and International Affairs, 2019,

19 Choe Sang-hun, “South Korea Declares War on ‘Fake News,’ Worrying Government Critics,” New York Times, October 2, 2018,

20 Charlotte Stanton, “How Should Countries Tackle Deepfakes?,” Carnegie Endowment for International Peace, January 28, 2019,

21 Eric Horvitz, “A Promising Step Forward on Disinformation,” Microsoft on the Issues, February 22, 2021,

22 Encryption Working Group, “Cyber Policy Initiative: Encryption Working Group,” Carnegie Endowment for International Peace, accessed July 2021,

23 Digital Watch, “The G20 Osaka Track Raises Controversy,” July 1, 2019,

24 World Economic Forum, “Data Free Flow With Trust (DFFT): Paths Towards Free and Trusted Data Flows,” June 2020,

25 Scroll Staff, “G20 Summit: India Does Not Sign Osaka Declaration on Cross-Border Data Flow,” Scroll India, June 29, 2019,