Previous 1 / 5 Next

Myanmar’s cyber law a serious threat to privacy, speech, and security 10 January 2025 Rather than ensuring cybersecurity, Myanmar’s newly adopted Cyber Security “Law” grants the military sweeping powers to control online spaces, enabling systematic violations of digital rights, including the rights to privacy, freedom of expression, and access to information. This analysis highlights how the law deviates from international human rights standards and threatens privacy, digital security, VPN use, free expression, fair trial, digital rights NGOs, and social media. While earlier drafts of the law under the National League for Democracy (NLD) administration already raised concerns about potential infringements on digital rights, post-coup revisions by the military in 2021 and 2022 further weakened safeguards. Human rights experts noted that the military’s revisions added new crimes—some of which have now been removed—and stripped away protections. Therefore, this analysis compares the final adopted law to earlier drafts to examine how the military’s repression has evolved. Privacy protections removed The Cyber Security Law represents a deliberate effort by the military to dismantle essential privacy protections in Myanmar, undermining the right to privacy as enshrined in international human rights instruments. Even the military’s 2022 draft included provisions aimed at safeguarding personal data held by government and private entities—protections crucial for addressing cybercrime involving unauthorised data collection and interception (2022v Art. 4.c). In the final adopted law, all privacy safeguards have been completely erased. Critical definitions, such as personal information and responsibilities for its protection, have been removed (2022v Arts. 3.n–o). The objective of protecting personal data has been eliminated (2022v Art. 4.c), as has the duty to ensure the security of private data and infrastructure (2022v Art. 14.i). Moreover, Chapter 6—which previously mandated measures such as appointing data officers to secure data handling, prevent unauthorised disclosure, and ensure data destruction—has been deleted, along with penalties for failing to protect privacy (2022v Arts. 79–81). The new law imposes disproportionate obligations on digital platforms, requiring them to retain user data for three years and hand it over upon mere request by any military-controlled

Select target paragraph3

● ● ●

Myanmar’s cyber law a serious threat to privacy, speech, and security

Report

Preview

Language

English

Topic

Digital Rights
Digital Surveillance
Information Operation
Internet Connectivity / Accessibility
Internet Restrictions
Military Coup

Author(s)

Human Rights Myanmar

Date Published: Jan 13, 2025

Abstract: The Cyber Security Law imposes stringent regulations on domestic and international platforms, including global giants like Facebook, granting the military expansive control over social media. While enforcing these provisions on foreign platforms may be challenging, the law provides legal grounds for blocking or banning non-compliant platforms, facilitating censorship and arbitrary enforcement. Platforms with over 100,000 users, whether local or foreign, must obtain a licence valid for three to 10 years (Arts. 24, 19). Licence approvals are managed by a government department, with appeals adjudicated by a military-controlled committee, bypassing judicial oversight (Arts. 25, 57-59). Although the military has removed an earlier requirement for platforms to host data on government-designated servers (2022v Art. 36.a), the law still empowers authorities to inspect, suspend, take over, or ban platforms on vague grounds, often citing cybersecurity as a pretext for arbitrary actions (Arts. 42, 43a-c). Additionally, platforms must identify, monitor, and remove content vaguely defined as disrupting “peace”, spreading “rumours”, disclosing “unsuitable” information, or inciting “terrorism”, which is code in Myanmar for pro-democratic opposition groups (Arts. 31a-g). Severe penalties for non-compliance, including blocking, grant the military sweeping powers to control online platforms, undermining freedom of expression and enabling the arbitrary restriction of platforms that resist its demands (Art. 52).

Link: source

Primary Documents

HRM-cyber-security-law-analysis.pdf
English
Download View