[Myanmar] Asia Internet Coalition (AIC) Statement on the “Cyber Security Law” Draft, February 2022

Download: [Myanmar] Asia Internet Coalition (AIC) Statement on the “Cyber Security Law” Draft, February 2022

The Asia Internet Coalition (AIC) is deeply concerned about the draft Cybersecurity Law 2022 (“draft law”) in Myanmar. The draft law raises legitimate concerns and undermines user privacy, limiting freedom of expression and creating undue burdens on domestic and foreign businesses. Adoption of the draft law as written would make compliance by international companies impractical.

The draft law has overly broad catch-all provisions whereby online service providers that fail to comply with any provision of the draft law face a penalty of imprisonment and a fine. Additionally, individuals failing to comply with notifications, orders, and directives issued under the draft law are also subject to one year’s imprisonment and a fine. These sanctions are non-compliant with the requirements of proportionality under international human rights law and standards on freedom of expression.

Digital economy ecosystems depend on cross-border exchange of knowledge, technical know-how, scientific and commercial information across transnational IT networks, as well as access to digital tools and global market opportunities that help sustain economies, expand literacy, and raise global living standards. The draft law is, therefore, contrary to the digital economy goals of Myanmar, and will disrupt business continuity, reduce opportunities for digital innovation, including various missed opportunities for inclusive development, thereby causing wider economic losses, less predictable investment climate, reduced foreign direct investment. The draft law, which is not aligned with international best practices, would deprive users and businesses of products and services that digital platforms offer.

The scope of the law must be clearly defined with clear obligations, for it to be technologically feasible and practical to implement. We recommend that Myanmar focus on enhancing cybersecurity and upholding the principles of data protection and user privacy by using risk-based approaches grounded in global, consensus-based, industry-led standards and best practices. Such commitment should entail refraining from imposing measures that would inhibit the necessary flow of goods and services, information, including digital services and technologies.

At a time when governments are grappling with the social and economic impact of an ongoing pandemic, the priority must be to mount the strongest possible economic and public health response. Digital technologies have a fundamental role to play in enabling the response and recovery from the pandemic, including in the form of critical healthcare-related devices and components; digital products and services that facilitate telework, distance learning and tele-health arrangements; digital tools that can assist in public health and economic recovery, including digitally-delivered financial services; and information and communications technology (ICT) infrastructure and products that enable connectivity.

For Myanmar to benefit from the digital economy, it needs to invest in infrastructure, and also develop business-friendly regulations, while ensuring that domestic measures are enacted in a transparent manner that allows opportunities for broad stakeholder input.

AIC strongly recommends that Myanmar reconsider its approach to the draft cybersecurity law.