18 March 2022 Myanmar Centre for Responsible Business (MCRB) welcomes the opportunity to submit experience from Myanmar in response to the call for input to the High Commissioner report on the practical application of the UNGPs in the tech sector. Our input specifically addresses ‘The State's duty to protect, or regulatory and policy responses’ (session four). It summarises MCRB’s research and advocacy in this area over the last eight years in Myanmar, and lessons learned. It also includes suggestions lessons for member states in their role in promoting respect for human rights by technology companies, including through their development programmes. MCRB’s Sector-Wide Impact Assessment (SWIA) In association with its co-founder, the Institute for Human Rights and Business (IHRB), MCRB embarked upon a Sector-Wide Impact Assessment (SWIA) of Myanmar’s ICT Sector in 2014. At the time the sector was expanding rapidly. Drawing on the methodology developed for MCRB’s first two SWIAs on oil and gas, and tourism, in which the UN Guiding Principles were central to the approach, the assessment analysed Myanmar’s ICT policy and regulatory framework from the perspective of whether it protected human rights. It also undertook research on the ground, based on interviews with a variety of stakeholders and rightsholders including companies, users, and regulators. Both ‘offline’ and ‘online’ rights were assessed. The former related primarily to network infrastructure rollout. The latter covered issues relating to Freedom of Expression, ‘Hate Speech’, Privacy, Surveillance and Lawful Interception and Cyber-Security. Of the stakeholders interviewed for the SWIA, it was the companies (or at least a minority of them, particularly Telenor and Ericsson) which were most aware of the risks to human rights in the regulatory framework, above all those concerning surveillance/lawful interception. They had identified these in their human rights due diligence undertaken prior to market entry. The ICT sector is one of the few areas of legislation in which companies who seek to respect human rights can be prevented from doing so by legislation or local context. Generally other legislation, for example labour, sets a minimum standard, on which companies have the freedom to improve to ensure human rights are respected. Consequently, companies that seek to respect human rights have an active interest in identifying and reforming regulations which do not contain human rights safeguards. The Global Network Initiative (GNI) is one manifestation of that. At the time, the main law applicable to the sector was the newly adopted 2013 Telecommunications Law (which was not finalised when companies were first bidding for telecom licences). There were also some legacy laws which created risks to human rights identified in the SWIA. Generally, the protection of human rights was not recognised in any ICT-related laws. The Telecoms Law contained broad provisions without safeguards on several issues including internet shutdown and lawful interception (surveillance), as well as defamation (a topic covered in multiple Myanmar laws). Further details on the regulatory framework and human rights risks are available in Chapter 2 of the SWIA, and summarised in Table 11, Chapter 2) (see also the GNI’s Country Legal Framework Resource database for Myanmar). Sensitivity: Open

Select target paragraph3