A customer of Telenor's Myanmar telecommunications business has filed a complaint with Norway’s data protection authority, saying the company's plan to sell the business risks a potentially dangerous breach of privacy, the law firm representing the person said.
After the military ousted Myanmar’s elected government last year, Norway-based Telenor Group announced it would sell its business there to the M1 Group, a Lebanese-based investment firm. It also wrote off the value of the business. Final details of the sale remain unclear.
The complaint filed Monday on behalf of a Myanmar resident, whose name was withheld to protect them from reprisals, contends that such a sale could result in “the dangerous transfer of control over sensitive user data," according to a copy provided by the law firm, SANDS Advokatfirma DA.
The complaint to the Norwegian Data Protection Authority asks it to investigate and ensure the sale will not infringe on the data rights of those affected.
The Feb. 1, 2021, military takeover has provoked a wide public disobedience movement and peaceful protests that security forces have quashed with increasing violence. More than 1,500 civilians have died, according to the Assistance Association for Political Prisoners.
In January, Telenor announced the sale of its fintech company Wave Money to its main partner in the venture, Yoma Strategic Holdings. The sale of Telenor Myanmar is expected to be finalized soon, with M1 acquiring a local partner. Critics of the military leadership say they fear the local partner would be unlikely to resist army requests for information on people suspected of opposing the coup.
The case involves issues of cross-border protection of privacy that have bedeviled other technology and telecoms companies. Telenor Myanmar is subject to Myanmar laws requiring data to be stored for at least five years. But as a member of the European Economic Area Norway has pledged compliance with more stringent European standards for protection of privacy.
Telenor, a major provider of mobile telecoms in Myanmar after having helped build the system nearly from scratch, has said the deteriorating conditions there have made it impossible to abide by international human rights standards, citing that as a reason for selling off the business.
Telenor did not respond to requests for comment and for an update on the status of its plan to sell the company.
On its website, the company says its foreign subsidiaries are required to follow local laws, not European standards. But it also says it has set “minimum requirements” for handling data.
The complaint filed Monday says data held by Telenor include the name, address, phone number, ID number, messages and call records of its customers. The company that buys Telenor Myanmar’s telecoms business would not be subject to the same level of privacy protections as Telenor, the complaint says.
That includes providing internal controls to ensure compliance with private protection rules, transparency about how data is handled, training for employees and measures to address breaches of privacy, it says.
The complaint follows a request made in July for mediation with Telenor over data protection concerns. It was filed by the Netherlands-based Centre for Research on Multinational Corporations, or SOMO, on behalf of 474 Myanmar-based civil society groups. According to SOMO, Norway's “Contact Point" for enforcing data protections accepted the request but the issue was not resolved.