Law: There is no general data protection law in Myanmar.

Regulator: There is no general data protection authority.

Summary: Whilst Myanmar has not established a general data protection law, the Constitution of the Republic of the Union of Myanmar 2008 (the Constitution) and the Law Protecting the Privacy and Security of Citizens (Union Parliament Law 5/2017) 8 March 2017 (the Privacy Law) outline provisions for the protection of privacy and security of communications. Furthermore, the amended Electronic Transactions Law (State Administration Council Law 7/2021) February 15, 2021 (only available in Burmese here) introduced the protection of personal data.

These are supplemented by sectoral legislation, such as the Telecommunications Law 2013, which addresses the confidentiality of personal information, and the Financial Institutions Law 2016, which mandates the protection of customer information. There have been several discussions in the Government of Myanmar regarding the introduction of a data protection law and regime including the Policy Brief on a data protection law that protects privacy: issues for Myanmar.

Furthermore, Myanmar is a member of the Association of Southeast Asian Nations (ASEAN), which has developed various frameworks regarding personal data protection such as the ASEAN Framework on Personal Data Protection and the ASEAN Framework on Digital Data Governance.

Lastly, on January 13, 2023, the Ministry of Transport and Communications circulated a draft cybersecurity bill. The bill provides definitions for critical information infrastructure, personal data, as well as data classification, and establishes restrictions on the use of VPNs. The bill is yet to be passed into law.