Update 8 March 2021: In the time since Telenor Group provided its objection to the proposed Cyber Security Bill, the military authorities have amended the existing Electronic Transaction Law. In that law, parts of the proposed Cyber Security Bill have been included, namely the chapter on protecting personal data, as well as some provisions in the chapter on offence and penalties. The amendments have passed without due process, and our previous concerns on these chapters remains.
Furthermore, other amendments have been made to existing laws in Myanmar. Parts of the Law Protecting Privacy and Security of Citizens were suspended, and changes were made to the Penal Code and Criminal Procedural Code, resulting in a weakening of rule of law.
As a corporate citizen, we are concerned that the amendments collectively broaden the powers awarded to the military authorities and reduce protection of civil liberties and human rights in the country. This is combined with lack of checks and balances from government, civil service and judiciary. None of the changes have undergone proper consultation with civil society, stakeholders or interest groups. Thus, there is good reason to question both the lack of due process as well as proportionality of introduced penalties.
Telenor Group calls for reinstatement of civil liberties and human rights protection and restoration of a sound legal framework in Myanmar with proportionality and proper checks and balances.
Telenor Group’s response to proposed Myanmar Cyber Security Bill
15 February 2021: In response to the authorities’ request for consultation, Telenor Group has raised several issues. Telenor Group is of the strong opinion that the Cyber Security Bill should not be passed as proposed.
The current, very short and limited, consultation has not allowed for the required dialogue on the proposed Cyber Security Bill. Given the broad scope of the proposed Bill and extensive powers that could significantly impact many, the proposed Bill should be properly consulted with a broad range of affected stakeholders (allowing public debate) and debated in Parliament to ensure that the law is fit for purpose and in line with the Constitution of Myanmar.
Telenor’s entry into Myanmar in 2013/14 was premised on binding commitments from the Myanmar authorities in relation to key regulations and laws that would update Myanmar’s telecom regulatory framework in line with international best practice, including respecting fundamental rights. This includes enacting an independent telecommunications regulator and putting in place a sound Lawful Intercept framework. We refer to our previous dialogue with the Ministry of Transport and Communications and the Post and Telecommunications Department setting forth our comments and suggestions to this effect. We are concerned that the proposed Bill does not progress relevant regulatory frameworks and law for a digital future, nor promotes and safeguards digital safety and rights.
Further, Myanmar has international obligations in relation to international agreements, treaties and international human rights law. These obligations include respect for rule of law and good governance, and respect for the protection of human rights and fundamental freedoms.
To this end, Telenor Group outlines four key principles in relation to the proposed Bill. We strongly object to the passing of the proposed Bill without addressing the concerns below:
- Human rights considerations: The proposed Bill must give due consideration to fundamental human rights such as freedom of speech and expression in Myanmar and personal privacy and security concerns to people in Myanmar.
- Applicability of the proposed Bill: Passing the proposed Bill during a state of emergency and granting such broad powers to a temporary administration is not appropriate.
- Execution of powers: There must be transparency, legal certainty, due process and clear criteria for the exercise of powers and interventions, independent administration and independent oversight under the proposed Bill.
- Scope of proposed Bill: The proposed Bill should not include powers which can be used to order Lawful Interception, which is covered by the Telecom Law. Further, laws governing personal data protection, electronic transactions and cyber security should be kept separate to allow for more comprehensive protection, governance and execution across all areas.