SAC is using a terrible draft cybersecurity law: HRW

Some people waiting in front of an internet service provider's shop in Nay Pyi Taw on March 16, 2021.

Published 16 February 2022

Myanmar’s military council has revived a draconian cybersecurity bill that would provide sweeping powers to the authorities, Human Rights Watch (HRW) said in a statement released on February 15.

The current draft would allow the State Administration Council (SAC) in power since the military takeover on February 1, 2021, to access user data, block websites, order internet shutdowns, and prosecute critics and representatives of noncomplying companies.

The Cybersecurity Law was initially proposed a week after the takeover. The current draft includes new provisions that would ban use of virtual private networks (VPNs), abolish the need for certain evidentiary proof at trial, and require online service providers to block or remove online criticism of SAC leaders.

Ten international chambers of commerce in Myanmar issued a joint statement on January 28, 2022, that said the proposed law “disrupts the free flow of information and directly impacts businesses’ abilities to operate legally and effectively in Myanmar.”

“Myanmar’s military council has taken a terrible draft cybersecurity law and made it even worse,” said Linda Lakhdhir, Asia legal adviser at Human Rights Watch. “The military should scrap this bill, which would further devastate free expression and access to information across the country.”

The draft law would apply to all those providing “Digital Platform Services,” defined to include “any over the top (OTT) service that can provide the service to express data, information, images, voices, texts and video online by using cyber resources and similar systems or materials.” The law thus applies not only to social media and other content-sharing platforms, but to digital marketplaces, search engines, financial services, data processing services, and communications services providing messaging or video calls and games.

While companies licensed under the Telecommunications Act are excluded from the definition of Digital Platform Service providers, the restrictions on use of VPNs and the requirement that companies cooperate with investigations are made specifically applicable to such companies.