A customer of Telenor’s Myanmar telecommunications business has filed a complaint to the Norwegian Data Protection Authority (Datatilsynet) against the company’s plan to sell Telenor Myanmar, ABC Nyheter writes.
The complainant states that Telenor is in breach of the EU’s general data protection regulation (GDPR) with the sale of the subsidiary in Myanmar to the Lebanese financial company M1 Group.
The reason is that Telenor with the sale also hands over its customer data to the new owners, it is stated in the complaint, which has been submitted by Sands Advokatfirma to the Norwegian Data Protection Authority on behalf of the Myanmar citizen.
The complainant believes that the sale will lead to a “dangerous transfer of control over sensitive user data” for more than 18 million users. It is claimed that Telenor has data on customers’ names, addresses, telephone numbers, details on national registration cards, and call history. The complaint, therefore, asks the Norwegian Data Protection Authority to investigate and ensure the sale will not infringe on the data rights of those affected.
The Norwegian Data Protection Authority confirms to media AFP that they have received the complaint.
“As a general rule, we investigate all complaints we receive, and we will therefore open a case on the basis of the information we have received ” says spokesperson Guro Skåltveit in an email to the French news agency.
According to Telenor, the GDPR does not apply to Myanmar, and the customer data in the country is handled locally by Telenor Myanmar in line with local legislation.
“No customer data from Telenor Myanmar’s customers is processed in Norway or the EU, and GDPR does not apply to the processing of this customer data. As the situation has developed, we are in a conflict between local laws on the one hand and our values, international law, and human rights principles on the other. This makes it impossible for Telenor to continue to be in Myanmar,” communications director Gry Rohde Nordhus says.