The Amended Electronic Transaction Law Focuses on Use of Personal Data, Fake News, and Cyberattacks

Following an attempt to push forward the draft Cybersecurity Law as circulated to telecom licensees on 9 February 2021, the Government installed by the Myanmar Military on 16 February 2021 has changed direction. Instead of passing the new law to repeal the Electronic Transaction Law, it amended the Electronic Transaction Law to incorporate part of the stipulations under the draft Cybersecurity Law. The draft amendments of the Electronic Transaction Law (“Draft Amendments’) were published on 16 February 2021 with an indication that it would be taking effect almost immediately, namely from 21 February 2021. 

The Draft Amendments reflect some key parts that were also contemplated under the draft Cybersecurity Law: 

• It stresses the liabilities of persons who are responsible for managing personal data of others. Breach of their responsibilities to manage others’ personal information in accordance with the law may expose the responsible person to imprisonment for a term not exceeding three years or a fine not exceeding MMK10 million, or both. 
• Fake News: Any person who creates false news or incorrect news in a cyber space, with the intent to cause fear or alarm to the public, make them lose faith, commit sedition, or disband an organization, shall, upon conviction, be punished with imprisonment for a term that may extend from a minimum of one year to a maximum of three years or with a fine not exceeding MMK5 million, or both. 
• It creates an exception that protection of personal data under this law shall not hinder the discharge of duties or investigation by the authorities on the ground of national security, cyber security, and cybercrimes, etc. 
• The amendments also target cyberattacks. Anyone attempting to breach a cyber source without permission, and using more than the allowance, with the intent to threaten and destroy the State’s sovereignty, security, stability, rule of law, or national solidarity, and installing malware with the intention to harm someone, shall, upon conviction, be punished with imprisonment for a term that may extend from a minimum of two years to a maximum of five years or with a fine not exceeding MMK30 million, or both. 

At the same time, it should be noted that the State Administration Council (“SAC”) enacted the Law amending Protection of Privacy and Security of Citizens Law on 13 February 2021 (“Amended Privacy Law”). This law amendment states that sections 5, 7, and 8 of the Protection of Privacy and Security of Citizens Law shall be suspended as per Article 420 of the Constitution of Myanmar. These suspended sections relate to the protection of citizen’s rights against unlawful detention, arrest, seizure, and obtaining personal communications data. The Amended Privacy Law would be in effect within the period in which sovereign power is conferred to the SAC under Article 419 of the Constitution of Myanmar.