DFDL Myanmar

On 5 September 2023, the Ministry of Commerce issued the E-Commerce Guidelines that introduced several significant provisions affecting the e-commerce landscape. In this alert, we will delve into specifics of personal data protection as provided in the Guidelines.

On 5 September 2023, the Ministry of Commerce ("MOC") under the State Administration Council issued the E-Commerce Guidelines ("Guidelines") that introduced several significant provisions affecting the e-commerce landscape. Our previous 21 September 2023 alert provided an overview of the Guidelines' key features. In this alert, we will delve into specifics of personal data protection as provided in the Guidelines.

1. Legal Framework and Ethical Principles

The Guidelines reinforce the necessity of safeguarding personal freedom and consumer information in alignment with the Constitution of Myanmar, the Telecommunications Law, the Protection of Personal Privacy and Personal Security of Citizens Law, and other applicable statutes. Moreover, they articulate ethical principles that e-commerce operators ("Operators") are obligated to adhere to diligently:

  • Limited Data Collection: Operators should restrict data collection to personal and payment information only.
  • Lawful Grounds: Data collection must occur on lawful and reasonable grounds.
  • Preventing Misuse: Operators are required to ensure that consumer data is not misused.

2. Data Lifecycle Management

The Guidelines underscore the importance of responsible data lifecycle management. Once data has fulfilled its initial purpose, Operators must either retain it for a period necessary for the original purpose or securely dispose of it unless legal restrictions or circumstances against the public interest necessitate retention.

3. Operator Liability and Market-Specific Safeguards

Operators are exempt from liability for incidents stemming from consumer negligence, such as sharing confidential data like passwords. However, Operators must implement safeguards tailored to the specific market characteristics in which they operate.

4. Transparency and Consumer Rights

To enhance transparency, Operators must maintain a clear policy encompassing the types of personal data collected, the primary purposes of data usage, and details about data controller documentation and contact information. Importantly, consumers, now recognized as data subjects, have the right to request and confirm the existence of their personal information from the data controller. Such requests should be promptly fulfilled at a reasonable cost and in an easily understandable format. Consumers can seek reasons for the denial and the right to appeal. Furthermore, data subjects have the authority to file complaints and, if successful, make modifications or request data deletion. They should also have avenues to report challenges related to ethical principles to regulatory authorities and assignees.

5. Responsibility of Data Collectors

Data collectors are mandated to take adequate measures to uphold ethical principles. Collection, disclosure, or usage of data necessitates consumers' informed consent.

6. Privacy-Enhancing Technologies (PETs) and Collaboration

Operators are urged to deploy Privacy-Enhancing Technologies (PETs) to protect personal freedom and enhance technology communication. Collaborative efforts are encouraged with authorities to promote education, awareness, and technological safeguards for personal freedom. Operators should promptly report any personal information leaks due to technological misuse or legal violations, adhering to rules that aim to minimize personal data risks, prevent discrimination, and prohibit the unauthorized sale, lending, or exchange of online personal information.

7. Cyber Security Obligations

The Guideline put the onus of cyber security risk on the Operators by mandating measures to reduce or mitigate any adverse consequence of e-commerce transactions. The Operators must conspicuously provide information regarding cyber security and authentication mechanisms to the consumers. The details must be clear and understandable. Similarly, Operators must implement effective measures to minimize risks while paying particular attention to information management, authentication process, data in transit, data at rest, and safeguarding personal and payment information. Emphasis must also be placed on enhancing security controls and network security.
 

The information provided here is for information purposes only and is not intended to constitute legal advice. Legal advice should be obtained from qualified legal counsel for all specific situations.

Please Login or Register for Free now to view all updates and articles

In addition to free-to-view updates and articles, you can also subscribe to the full Legal Centrix Vietnam Service including access to:

  • Overview notes on the law
  • Thousands of high quality translations of legislation covering all key business areas
  • Legal and tax updates
  • Articles on important legal and tax issues
  • Weekly email alerts
  • Sophisticated web platform and search

Legal Centrix is trusted by top law and accounting firms.

DFDL Myanmar

Founded in 1995, DFDL is one of the oldest foreign legal and tax firms in Myanmar.

DFDL provides a full range of legal and tax services to foreign and local investors operating in Myanmar. Our team of more than 30 experienced local lawyers and foreign legal advisers in Yangon and Naypyidaw provides efficient, effective, and practical legal services at an international standard, coupled with a high level of personal in-depth knowledge of the local environment.

DFDL is best placed to advise Asian and international companies on their investments in Myanmar.

Our Myanmar business unit is led by Partner and Managing Director William D. Greenlee, Jr.

Click here to view the author's profile

Author

Tags

  • Myanmar
  • E-Commerce and Electronic Signatures
  • Legal Updates
  • Data Protection & Privacy

Related Content

Recent updates

Cookies On
Our Website
We use cookies on our website. To learn more about cookies, how we use them on our site and how to change your cookie settings please click here to view our cookie policy. By continuing to use this site without changing your settings you consent to our use of cookies in accordance with our cookie policy.