Rajah & Tann Regional Round-Up
your snapshot of key legal developments in Asia
Issue 1 - Jan/Feb/Mar 2021
 

Amendments to the Electronic Transactions Law

On 15 February 2021, the State Administration Council ("SAC") enacted Law Number 07/2021, which introduced new provisions into the existing Electronic Transactions Law (ETL) ("Amended Law"). Among other things, the Amended Law has introduced the concept of Personal Data and provided protections for it. However, it has also included broad scenarios where the governing authority may breach such protections. The Amended Law also introduced offences relating to cyber-crime and cyber-terrorism. The new provisions are as follows:


Section 27-A – Section 27-A sets out the responsibilities and duties of a Personal Data Management Officer when processing Personal Data.


Section 27-B – Section 27-B stipulates that an Investigative Team, which will be designated as such by a relevant authority, has the responsibility to retain Personal Data and keep them confidential, unless their disclosure is required in accordance with the law.


Section 27-C – Section 27-C sets out scenarios where the protection of Personal Data may not apply, as follows:


  1. Where a governmental organisation designated by the Central Committee, the Investigative Team, or other Governmental Organisations requires the disclosure of Personal Data for the prevention, investigation, undertaking discovery, or provision of evidence in court in relation to cybersecurity, cyber attacks, cyber terrorism, cyber misuse, and other accidents.
  2. Where a governmental organisation designated by the Central Committee, the Investigative Team, or other Governmental Organisations requires Personal Data for the prevention, investigation, undertaking discovery, or provision of evidence in court in relation to a criminal matter.
  3. Where an investigation, undertaking discovery, or gathering or sharing information is undertaken in connection with cybersecurity and cybercrimes which threatens the sovereignty, peace, and stability or national security.
  4. Any other instances where a matter is undertaken by a department or an organisation authorised by the Central Committee, or the Central Committee in relation to sub-section (c).

Section 38-A – Section 38-A provides for the offence where a Personal Data Management Officer breaches his duties. The penalty imposed under this provision is an imprisonment term between one to three years, or a fine not exceeding 10 million MMK, or both.


Section 38-B – Section 38-B provides for the offence when one breaches the provision prohibiting interference with Personal Data. Interference includes, but is not limited to, obtaining, disclosing, altering, or disseminating Personal Data without the consent of the relevant person. Section 38-B imposes a penalty of an imprisonment term between one to three years, or a fine not exceeding 5 million MMK, or both.


Section 38-C – Section 38-C provides for the offence when one breaches the provision prohibiting the creation of fake or false information on the Cyber Space with the intent to cause fear, lose trust or respect, or disunity among the public. This provision imposes a penalty of an imprisonment term between one to three years, or a fine not exceeding 5 million MMK, or both.


Section 38-D – Section 38-D provides for the offence when one breaches the provision prohibiting unlawful interference with Cyber Resources, and obtaining access to restricted information including installing malware and committing Cyber Attacks. Section 38-D imposes a penalty of an imprisonment term between two to five years, or a fine not exceeding 30 million MMK, or both.


Section 38-E – Section 38-E provides for the offence when one breaches the provision prohibiting the commission of Cyber Attacks to obtain access to confidential Cyber Resources between Myanmar and another country, with the intent to cause disruption in diplomatic relations. Section 38-E imposes a penalty of an imprisonment term between three to seven years, or a fine not exceeding 50 million MMK, or both.




Please note that whilst the information in this Update is correct to the best of our knowledge and belief at the time of writing, it is only intended to provide a general guide to the subject matter and should not be treated as a substitute for specific professional advice.

 

Rajah & Tann
Myanmar Company Limited
Junction City Tower,
No.3A Bogyoke Aung San Road,
Level 13, Unit 13-04, Pabedan Township,
Yangon, Myanmar
http://mm.rajahtannasia.com


Contacts:

Dr Min Thein
Managing Partner
D +951 9345343
F +951 9345348
min.thein@rajahtann.com

Chester Toh
Director
D +65 62320220
chester.toh@rajahtann.com

Jainil Bhandari
Director
D +65 62320601
jainil.bhandari@rajahtann.com

Rajah & Tann Asia is a network of legal practices based in Asia.

Member firms are independently constituted and regulated in accordance with relevant local legal requirements. Services provided by a member firm are governed by the terms of engagement between the member firm and the client.

This update is solely intended to provide general information and does not provide any advice or create any relationship, whether legally binding or otherwise. Rajah & Tann Asia and its member firms do not accept, and fully disclaim, responsibility for any loss or damage which may result from accessing or relying on this update.