Financial Crime World

Data Protection for Finance in Myanmar: Recent Developments and Implications

New Amendments to the Electronic Transactions Law

YANGON, MYANMAR - In a significant move to strengthen data protection laws in Myanmar, the country’s Electronic Transactions Law was amended on February 15, 2021. The amendments aim to provide a basic framework for personal data protection and criminalise certain acts related to cyber-attacks and online information dissemination.

Overview of the Original Law

The Myanmar Electronic Transactions Law, originally enacted in 2004, governs electronic records and data messages used in commercial and non-commercial activities. The law was first amended in 2014 to introduce criminal punishments for prohibited actions such as hacking, modifying, or destroying electronic records.

New Provisions on Personal Data Protection

The recent amendments have inserted new provisions related to the management of personal information into the Electronic Transactions Law. A new Chapter 10, “Protection of Personal Information,” has been added, which comprises:

Key Requirements for Managing Personal Information

  • Systematically keep, protect, and manage personal information based on its types and security levels
  • Not allow scrutiny, disclosure, or modification of personal information without consent
  • Utilise personal information only for compliant purposes
  • Destroy or delete personal information after a certain period has expired

Authority to Keep Confidential Information

The amended law also grants the investigation team authority to keep confidential information, including personal data, except when disclosing it in accordance with the law.

Implications and Concerns

However, the new provisions have raised concerns among experts and civil society groups. The exceptions clause in Section 27(c) allows authorities to interpret “stability of state sovereignty, public order, national security” broadly, which could be used to justify sweeping surveillance and data collection.

Advice for Businesses

As Myanmar’s financial sector continues to grow, businesses must take note of the new data protection regulations. Collecting, sharing, and storing data between Myanmar businesses and entities outside of Myanmar requires careful consideration of these laws.

Bell Boo Hsiu Ting, ZICO Law Myanmar partner, advises that business entities should take proactive steps to ensure compliance with the amended law. “It is essential for businesses to review their data management practices and policies to avoid potential fines or reputational damage,” she said.

Contact Us

If you have any questions or require assistance in relation to handling data protection and privacy in Myanmar, please contact Bell Boo Hsiu Ting at bell.boo@zicolaw.com.