Privacy Law at Myanmar
Myanmar's data protection landscape is governed by a combination of laws and regulations, with significant developments occurring in recent years.
📜 Key Legislation
1. Electronic Transactions Law (ETL) – Amended in 2021
The ETL now includes provisions under Chapter 10 titled "Protection of Personal Information." Key requirements include
Data Management: Entities must systematically store, protect, and manage personal data based on its type and security level
Consent: Personal data cannot be disclosed, modified, or used for purposes beyond the original intent without the individual's consent
Data Retention: Personal data should be destroyed or deleted after the designated retention period expires
2. Law Protecting the Privacy and Security of Citizens (2017)
This law was amended in February 2021 to grant the government broad surveillance powers, including
Search and Seizure: Authorities can enter residences without civilian witnesses for searches and arrests
Extended Detention: The law allows for extended detention without judicial oversight.
3. Cyber Security Law (Enacted in 2025)
The Cyber Security Law imposes stringent controls on digital platforms and communication services, including
Data Retention: Service providers must retain user data for up to three years and disclose it to authorities upon request
Content Regulation: Platforms are required to prevent and remove "disinformation" and "rumours," with penalties for non-compliance
🛡️ Enforcement and Penalties
Violations of data protection laws can result in:
Administrative Penalties Fines up to MMK 100 million for severe breaches, and up to MMK 50 million for unauthorized data processing.
Criminal Penalties Imprisonment for up to three years, fines up to MMK 10 million, or both, for unauthorized data disclosure or misuse.
⚠️ Privacy Concerns
The current legal framework raises significant privacy concerns, including:
Surveillance Broad surveillance powers granted to authorities under the amended Privacy Law and Cyber Security Law.
Data Retention Mandatory data retention requirements that may infringe on individuals' privacy right.
Lack of Oversight Absence of an independent data protection authority to oversee compliance and address grievance.
📌 Summary
Myanmar's data protection regime is characterized by a mix of laws that impose strict data management requirements on entities while granting extensive surveillance powers to the government, The absence of an independent regulatory authority and the broad scope of government surveillance raise significant privacy concerns.
RELATED Blog
0 comments