Support Centre



Law: There is no general data protection law in Myanmar.

Regulator: There is no general data protection authority.

Summary: The Constitution of the Republic of the Union of Myanmar 2008 ('the Constitution') and the Law Protecting the Privacy and Security of Citizens (Union Parliament Law 5/2017) 8 March 2017 ('the Privacy Law') set out provisions for the protection of privacy and security of communications. These are supplemented by sectoral legislation, such as the Telecommunications Law 2013, which contains provisions related to the confidentiality of personal information. There have been several discussions in the Government of Myanmar regarding the introduction of a data protection law and regime including the Policy Brief on a data protection law that protects privacy: issues for Myanmar

Further to the above, Myanmar is a member of the Association of Southeast Asian Nations ('ASEAN'), which has developed various frameworks regarding personal data protection such as the ASEAN Framework on Personal Data Protection and the ASEAN Framework on Digital Data Governance. Lastly, the Ministry of Transport and Communications circulated a draft cybersecurity bill in early 2022. In particular, this bill provides definitions for, among other things, critical information infrastructure, personal data, as well as data classification, and establishes restrictions on the use of VPNs. The bill was open for stakeholder consultation until 28 January 2022 and has not been made publicly available.