Myanmar – Law

Domestic law and policy

Myanmar presently does not have a comprehensive legal framework that governs digital identity systems.[43] From 2013 onwards, government strategies (e-Governance Master Plan 2016–2020, and the 12-point Economic Policy) identified digital ID and ‘smart cards’ as priorities.[44] More recently, the Myanmar e-Governance Master Plan 2030, released in December 2024, outlines the country’s transition plan to a digital government.[45] This plan, however, does not provide a detailed outline of the digital identity system.[46]

Data Protection

As mentioned above, there is no specific law or comprehensive digital ID statute in force in Myanmar and ‘digital identity’ is not specifically defined.[47] Article 357 of the 2008 Constitution protects the ‘privacy and security of home, property, correspondence and other communications of citizens’.[48] Additionally, the Law Protecting the Privacy and Security of Citizens (2017) regulates searches, surveillance and interception, but does not create a general data protection regime or detailed rules for digital ID databases.[49] Myanmar’s digital ID system raises serious concerns in relation to privacy, surveillance, and access to public resources.[50] The UID Smart Card and biometric SIM card registration are used to track individuals’ movements and communications. However, they operate without a legal framework, and there is no independent system to ensure accountability or provide redress..[51]

While certain provisions related to privacy exist in laws such as the Electronic Transactions Law (2004, amended in 2021)Law Protecting the Privacy and Security of Citizens (2017)  and Cybersecurity Law (2025), none of these laws provide a comprehensive or enforceable structure for safeguarding personal data, particularly in the context of the country’s expanding digital identity system.[52] Furthermore, there is limited information available regarding the legal requirement for encryption of UID data. There are also no restrictions on government access to this information. The DLA Piper Data Protection Laws of the World report confirms that Myanmar relies on fragmented sectoral provisions and that there is no general data protection law in Myanmar nor an independent supervisory body to oversee data processing by public authorities or private actors.[53]

Additionally, in June 2021, Human Rights Watch reported that the UN High Commissioner for Refugees (UNHCR) shared the personal and biometric data of Rohingya refugees with the Bangladesh government.[54] This information was later made accessible to Myanmar authorities, and the transfer occurred without obtaining the refugees’ informed consent.[55] Human Rights Watch warned that this data could be used by Myanmar authorities to facilitate forced or unsafe repatriation, surveillance, or discrimination against a population that remains stateless and persecuted.[56] 

International Commitments

Myanmar is not a party to international data protection frameworks such as the GDPR. Myanmar is a party to the CRC, and the CRPD.[57] The implementation of the UID system may violate the country’s human rights obligations with respect to access to essential services such as healthcare, education, and employment.[58] Most notably, the fulfilment of the country’s obligations under the CRC (Articles 7 and 24), and CRPD (Article 5, 24, and 25).[59] Myanmar has not ratified the ICCPR, ICESR, or acceded to the 1954 and 1961 Statelessness Conventions or the Refugee Convention.[60]

In addition, as a member state, the ASEAN Framework on Personal Data Protection and Framework on Digital Data Governance sets out non-binding principles to promote coordination and raise standards around data protection, privacy, and secure digital economies.[61] It encourages member states to adopt national data protection laws and supports mutual recognition. However, it does not impose binding commitments or specific mandates on digital ID systems or make provisions for the protection of stateless persons.[62]

Lastly, the country has also pledged to the Ministerial Declaration on a Decade of Action for Inclusive and Resilient Civil Registration and Vital Statistics in Asia and the Pacific at The Third Ministerial Conference on Civil Registration and Vital Statistics in Asia and the Pacific (2025).[63] As per the declaration, countries have pledged to ensure that every birth is registered by 2030 and to close registration gaps among marginalized populations.[64] Moreover, the declaration notes the barriers faced by stateless persons in access to civil registration services and pledged to ‘develop and implement measures to avoid the potential exclusion of digitally marginalized or vulnerable populations from statistical data and facilitate their access to services and entitlements’.[65]

References
43.^
 Myanmar Computer Federation, ‘Digital Strategies in Myanmar’ (2023) 9, 10 <https://cicc.or.jp/english/wp-content/uploads/231213Myanmar.pdf>.
44.^
 Human Rights for Digital Identity (n 40).
46.^
ibid
47.^
 Human Rights for Digital Identity (n 40).
48.^
 Constitution of the Republic of the Union of Myanmar 2008.
49.^
 Law Protecting the Privacy and Security of Citizens 2017.
50.^
 Human Rights Myanmar, ‘Privacy Violations and Discrimination in Myanmar’ (8 June 2025) <https://humanrightsmyanmar.org/privacy-violations-and-discrimination-in-myanmar/> accessed 21 November 2025.
51.^
 ibid; Privacy International, ‘Submission to the Human Rights Council at the 37th Session of the Universal Periodic Review’ (2021) <https://privacyinternational.org/sites/default/files/2021-01/PI%20Summary%20Myanmar%20UPR%2027.11.20.pdf>.
52.^
 Human Rights for Digital Identity (n 40); Human Rights Myanmar (n 50).
53.^
 DLA Piper, ‘Data Protection Laws in Myanmar - Data Protection Laws of the World’ (18 December 2024) <https://www.dlapiperdataprotection.com/?t=law&c=MM#insight> accessed 18 December 2025.
54.^
 ‘UN Shared Rohingya Data Without Informed Consent | Human Rights Watch’ (15 June 2021) <https://www.hrw.org/news/2021/06/15/un-shared-rohingya-data-without-informed-consent> accessed 18 December 2025.
55.^
ibid
56.^
ibid
57.^
 OHCHR, ‘UN Treaty Body Database’ <https://tbinternet.ohchr.org/_layouts/15/TreatyBodyExternal/Treaty.aspx?CountryID=20&Lang=EN> accessed 20 November 2025.
58.^
 Burmese (n 33); ‘UID Essential for People - Global New Light Of Myanmar’ (n 37).
59.^
 ‘Convention on the Rights of the Child’ (OHCHR) <https://www.ohchr.org/en/instruments-mechanisms/instruments/convention-rights-child> accessed 17 October 2025; ‘Convention on the Rights of Persons with Disabilities’ (OHCHR) <https://www.ohchr.org/en/instruments-mechanisms/instruments/convention-rights-persons-disabilities> accessed 20 November 2025.
60.^
 OHCHR (n 57).
61.^
 ASEAN TELMIN, ‘Framework on Personal Data Protection’ (2016) <https://cil.nus.edu.sg/wp-content/uploads/2020/08/2016-Frmwk-PDP.pdf>; ASEAN TELMIN, ‘Framework on Digital Data Governance’ (2018) <https://cil.nus.edu.sg/wp-content/uploads/2020/09/2018-Framework-Digital-Data-Governance.pdf>.
62.^
 ASEAN TELMIN, ‘Framework on Personal Data Protection’ (n 61); ASEAN TELMIN, ‘Framework on Digital Data Governance’ (n 61).
63.^
 UNESCAP, ‘Ministerial Declaration on a Decade of Action for Inclusive and Resilient Civil Registration and Vital Statistics in Asia and the Pacific’ (2025) ESCAP/MCCRVS/2-25/6/Add.1 <https://www.unescap.org/sites/default/d8files/event-documents/2500197E_ESCAP_MCCRVS_2025_6_Add1_Ministerial_Declaration.pdf?_gl=1*vdnplp*_ga*NTMxNDc5Mjc4LjE3NjIzMjk2NDg.*_ga_SB1ZX36Y86*czE3NjIzMjk2NDckbzEkZzEkdDE3NjIzMzA1MDgkajI3JGwwJGgw>; UNESCAP, ‘Report on the Third Ministerial Conference on Civil Registration and Vital Statistics in Asia Pacific’ (2025) ESCAP/MCCRVS/2025/6 <https://www.unescap.org/sites/default/d8files/event-documents/2500210E_ESCAP_MCCRVS_2025_6_Report_3rd_Ministerial_Conference_on_CRVS.pdf?_gl=1*1bh2iwy*_ga*NTMxNDc5Mjc4LjE3NjIzMjk2NDg.*_ga_SB1ZX36Y86*czE3NjI0NTA3NzUkbzIkZzEkdDE3NjI0NTE1NDMkajEkbDAkaDA.>.
64.^
 ‘Asia-Pacific Nations Reaffirm Commitment to Legal Identity for All at Third Ministerial Conference on Civil Registration and Vital Statistics | Get Every One in the Picture’ <https://crvs.unescap.org/news/asia-pacific-nations-reaffirm-commitment-legal-identity-all-third-ministerial-conference-civil> accessed 7 November 2025.
65.^
 UNESCAP (n 63).
Footer design