abusesaffiliationarrow-downarrow-leftarrow-rightarrow-upattack-typeburgerchevron-downchevron-leftchevron-rightchevron-upClock iconclosedeletedevelopment-povertydiscriminationdollardownloademailenvironmentexternal-linkfacebookfiltergenderglobegroupshealthC4067174-3DD9-4B9E-AD64-284FDAAE6338@1xinformation-outlineinformationinstagraminvestment-trade-globalisationissueslabourlanguagesShapeCombined Shapeline, chart, up, arrow, graphlocationmap-pinminusnewsorganisationotheroverviewpluspreviewArtboard 185profilerefreshIconnewssearchsecurityPathStock downStock steadyStock uptagticktooltiptwitteruniversalityweb

12 Feb 2021

Myanmar: Global Network Initiative releases statement of concern on Draft Cybersecurity Law

"GNI Statement of Concern on Proposed Cybersecurity Law in Myanmar", 12 February 2021

The Global Network Initiative (GNI) is deeply troubled by the Myanmar military’s recently proposed Cybersecurity Law. In addition to surfacing during a state of emergency, the draft law, which has not been shared publicly and whose timeline for enactment remains uncertain, is very detailed and appears to significantly change existing laws and expectations with respect to telecommunications and digital services in Myanmar.

Given the severe social, economic, and human rights consequences that the draft law is likely to have on both users and companies inside the country, GNI calls on the Myanmar military to withdraw and reconsider the Cybersecurity Law. We remind all government officials that any efforts to reform existing law should be undertaken transparently and in broad consultation with affected stakeholders.

The law’s stated objectives of protecting cyber security, critical information infrastructure, and personal information are commendable, but several aspects of the law appear to undermine these goals. Although we have not had adequate time to examine the draft in detail, it is clear from a preliminary review that it raises significant threats to freedom of expression and privacy. Particularly concerning are the combination of vaguely defined powers for the proposed State Administration Council and its subsidiary authorities to restrict access to broad, undefined categories of content and access company data, together with limited independent oversight and due process provisions. These concerns are heightened by requirements for companies to store personal data in places “designated by the ministry,” and threats of legal penalties or orders to disrupt or block services for failures to comply.