There is no general data protection law in Myanmar. Relevant laws on data protection and privacy can be found in various legislation, which include:
- Financial Institutions Law (2016)
- Telecommunications Law (2013)
- Notification 116/97 of the Ministry of Finance and Revenue
- Law Relating to Private Health Care Services (2007), and
- Electronic Transactions Law (2004) and its 2021 amendment.
Definition of Personal Data
Personal Data means any information that relates to an identified or identifiable living individual. (Section 2(l) of Electronic Transaction Law as amended in 2021).
Definition of Sensitive Personal Data
No definition provided.
There is no definition of Data Protection Officers, but there is a definition for Personal Data Administrator. The Personal Data Administrator (“PDA”) means “a person and its staff authorized by a government department or an entity having power to conduct the collecting, storing and using of personal data according to the provision of this law or any existing law.” (Section 2(m) of Electronic Transaction Law as amended in 2021).
By implication from relevant laws, collection and processing of personal data requires consent.
By implication from relevant laws, transfer of personal data requires consent.
By implication from relevant laws, personal data must be kept with reasonable security arrangements.
None so far as at December 21, 2022.
There is no specific law. However, electronic marketing would generally be governed by the Competition Law (2015) and the Consumer Protection Law (2019).
There is no specific law. However, the Law Protecting the Privacy and Security of Citizens (2017) and Electronic Transactions Law deal with privacy of communications and personal data.