Telenor Myanmar sale challenged over data leak fears

The proposed sale of Norwegian telecoms giant Telenor's Myanmar subsidiary could put sensitive personal data of millions of customers into the hands of the junta, according to a complaint filed on Tuesday.

Myanmar has been in chaos since a coup last year sparked huge protests and a bloody military crackdown on dissent.

Telenor announced in July that it planned to sell its subsidiary Telenor Myanmar and later cited junta demands that it install monitoring equipment on the network as a reason for leaving the country.

A proposed sale to Lebanese financial company M1 Group and a consortium headed by a figure close to the ruling junta has been approved by the military, according to local media reports.

But a Myanmar citizen has filed a complaint with Norway's Data Protection Authority, arguing the sale would result in a "dangerous transfer of control over sensitive user data" of more than 18 million Telenor customers.

Any sale would breach EU privacy rules (GDPR), the complaint argues, asking the body to investigate and ensure any sale would not infringe the data rights of those affected.

The complaint claims customers' names, addresses, phone numbers, national registration card details, messages and call histories are held by Telenor.

Activist groups say any new owner could comply with future requests from the junta to provide cellphone data.

In Oslo, the parent company Telenor, which is majority-owned by the Norwegian state, argued that the Burmese authorities require operators to keep this data "for several years" and that deleting it would be "in breach of the telecoms licence, which is a prerequisite to run telecoms operations in the country".

"Violating or not complying with local regulations under the existing legal framework would have severe and completely unacceptable consequences for our employees," Gry Rohde Nordhus, Head of Telenor communications, told AFP.

Nordhus added that since Telenor did not "exert any control on the handling of customer data by Telenor Myanmar," GDPR did not apply to customer data there.

The Norwegian Data Protection Authority also confirmed it had received the complaint.

"We examine all complaints that we receive as a general rule, and will therefore open a case based on the information we have received," spokeswoman Guro Skaltveit wrote in an email to AFP.

Telenor -- part-owned by the Norwegian government -- has had a commercial presence in Myanmar since 2014.

In July, 474 civil society groups in the country called Telenor's decision to pull out irresponsible, saying it had not sufficiently considered the impact of the move on human rights.

More than 1,500 people have been killed by security forces and over 11,000 arrested since the coup, according to a local monitoring group.