
Knowledge Highlights 22 August 2023
Knowledge Highlights 11 May 2022
The Myanmar Ministry of Transport and Communications (“MOTC”) has circulated a new draft Cyber Security Bill (“Bill”) among stakeholders for consultation. The Bill is intended to replace the Electronic Transactions Law 2004 (“ETL”) and sets out measures for protecting cyberspace, personal information and critical information infrastructures as well as licensing requirements for providing cyber security and digital platform services.
The Bill applies to Myanmar residents, including Myanmar citizens and foreigners temporarily or permanently residing in Myanmar, and any matters of communications made with anyone either directly or indirectly with regards to cyber resources within the national cyberspace. The Bill seeks to have extraterritorial applicability, noting that offences can be committed under the Bill both domestically and internationally.
The Bill was circulated for consultation in January 2022 and there is currently no clear timeline for its introduction as law. This Article sets out the key highlights of the Bill at this stage.
Power to inspect computers
The Bill provides the authorities responsible for the protection of cyberspace with the power to inspect, and intervene with, the computer or computer system of persons who are suspected of security threats, cyberattacks or cyber fraud and those related to such persons. MOTC is also empowered, with the approval of the Union Government, to temporarily control devices related to the provision of digital platform services. The Bill also requires prior approval for the establishment or use of virtual private networks (VPNs) and similar tools on networks licensed under the Telecommunications Law 2013.
Disclosure of personal information
The term “personal information” includes any information relating to an individual which has been verified or is capable of being verified. Under the Bill, those responsible for managing and maintaining personal information requires consent from the relevant individual or organisation to disclose or distribute personal information. This definition is set out in section 27A of the ETL.
Licensing framework
Key features of the licensing framework set out in the Bill include the following:
Administrative and criminal liability
Failure to comply with the provisions under the Bill will attract administrative and criminal liability. Offences under the Bill are recognised as cognisable offences and punishable by imprisonment for a term ranging from one month to three years or a fine not exceeding MMK10,000,000 or both.