Myanmar Data Lawsuit Hits Telenor Raising Questions For Celcomdigi

---

 


Norwegian telecommunications giant Telenor ASA, which is part-owner of Malaysia’s CelcomDigi Bhd, has been served a notice of legal action over alleged human rights violations linked to its former operations in Myanmar.
The claimants, represented by Norwegian law firm Simonsen Vogt Wiig, are accusing Telenor of unlawfully sharing the personal data of Myanmar civilians with the country’s military authorities following the 2021 coup, which overthrew a democratically elected government.
The alleged disclosures - including names, addresses, national identification numbers, last known locations, and call logs - were said to have led to “arbitrary arrests, torture, and at least one execution” by the military junta.
According to a copy of the notice shared with Malaysiakini, the plaintiffs claimed that Telenor continued to comply with data requests from the junta until March 2022, when it completed the sale of its Myanmar operations to Investcom Pte Ltd.
Protesters in MyanmarInvestcom is a joint venture between Lebanese investment firm M1 Group and Myanmar conglomerate Shwe Byain Phyu (SBP).
SBP is owned by military-linked businessperson U Thein Win Zaw, and includes among its investors Khin Thiri Thet Mon, the daughter of junta chief Min Aung Hlaing.
At the time of the sale, Telenor reportedly had over 18 million customers in Myanmar, with the transaction including the transfer of surveillance technology that had supposedly been “installed and tested” by Telenor before its exit.
The complainants argued that their claim for damages under Norwegian law is backed by how Telenor’s senior executives and board members were fully aware of the implications of the company’s “systematic disclosure” of its customers’ personal data.
“Telenor is also liable for losses caused by the negligent or intentional acts of its employees… There is a causal link between Telenor’s disclosure of personal data to the military junta and economic losses suffered by the plaintiffs,” stated the notice.
The legal action - initiated by Myanmar citizens, the families of deceased victims, as well as civil society organisations Defend Myanmar Democracy and Myanmar Internet Project - is being supported by the Centre for Research on Multinational Corporations (Somo) and the Open Society Justice Initiative.
Telenor has been given two weeks to respond to the notice, which was served on the company yesterday (Oct 6).
Myanmar junta chief Min Aung Hlaing‘PR stunt in tragic case’
In an immediate response to Malaysiakini’s queries on the matter, Telenor described the legal notice as a “PR stunt in a tragic case”, adding that multiple investigations by Norwegian police and courts have not led to “any results”.
“The fact that journalists from Kuala Lumpur and Bangkok to Helsinki and Oslo received this notice of legal action long before we did, unfortunately, says something about where Somo’s focus lies,” the spokesperson said.
Explaining that telecommunication operators are legally required to comply with lawful government requests for access to certain data, it said that failing to comply with such orders from Myanmar’s military authorities would have put employees “in direct danger and carried serious consequences”.
“After the coup, our offices were raided by armed soldiers, properties were mined, employees were threatened, and tragically, one employee was shot and killed.
“Telenor was facing a brutal military junta and could not risk the lives of its employees,” it said. The company also maintained that any potential misuse of user data was beyond its control and the responsibility of the Myanmar military alone.
Malaysiakini has also contacted Telenor’s fellow CelcomDigi major shareholder, Axiata Group Bhd, as well as CelcomDigi for their responses to the matter and is awaiting a reply.
The legal notice comes after human rights group Justice for Myanmar and ICJ Norway filed a complaint with the Norwegian police on Dec 19 last year against Telenor and the management of its Myanmar operations for allegedly violating Norwegian sanctions between 2018 to 2022.
On Aug 20 this year, Norwegian state-run broadcaster NRK reported that then-Myanmar Telenor CEO Jon Mund Revhaug - who is also deputy chairperson of CelcomDigi’s board of directors - confirmed that Telenor had shared sensitive user data with the military junta.
“The consequence of refusing orders from the military was to expose our employees to mortal danger,” he was quoted as saying.
Myanmar civilians allegedly put in danger
As details of the alleged data disclosures emerge, a former Telenor customer said the company’s compliance with military orders had devastating real-world consequences.
One of the co-claimants in the case, a long-time Myanmar human rights activist, told Malaysiakini that Telenor’s actions directly endangered civilians and exposed activists to arrest and torture.
“After the (2021) coup, I knew the military would use telecommunication data to hunt down activists like me. I directly asked Telenor to delete my data from their system to protect myself, (but) they refused. They told me they wouldn’t do it because I’m not an EU (European Union) resident.
“Think about what this means: if I had been European, Telenor would have protected my data, but because I’m (from) Myanmar, my safety didn’t matter enough to them - even though I faced far greater danger than any European customer ever would,” said the individual known as Ko Ye.
He insisted that Telenor could have warned users, deleted data, or refused to cooperate with what he deemed an “illegitimate military junta”.
“My worry doesn’t end with what has already happened. I’m deeply concerned that Telenor’s user data can still be weaponised against the Myanmar people who are fighting for democracy and to bring peace to our country.
“That data remains a tool the military can use to track, arrest, and kill those fighting for our freedom. Every day that data exists is another day of danger for pro-democracy activists,” he added.
Despite the risks of speaking out, the activist said pursuing justice abroad was necessary given the lack of resources and time within Myanmar.
“Nothing can bring back the lives that were lost. Nothing can undo the torture people suffered, but we have to try.
“It feels strange to bring this case in Norway - so far from Myanmar, in Telenor's own home country, but maybe that's where it needs to be. Maybe Norwegians need to see what their company did in our country (and) maybe justice has to travel this far because we cannot get it at home,” he said.
He also expressed his hopes that the case will set a global precedent for corporate accountability, especially for companies operating in conflict zones or under authoritarian regimes.
“Our data is our right. We paid for the services we used from Telenor - we didn’t get anything for free. They took our money and handed our data to people who used it to kill us. That is unacceptable,” he said.
When asked what he would say to Telenor and its shareholders, he emphasised that the most basic thing for a company to do is listen to its customers.
“I cannot believe what you (Telenor) did to the Myanmar people. I cannot believe you looked at our situation - a military coup, a dictatorship hunting down activists - and you still chose to hand over our data.
“Take responsibility. Admit what you did. Compensate the victims. Make sure this never happens again - not in Myanmar, not in Malaysia, not anywhere,” he stressed.
In a message to Malaysians, particularly CelcomDigi users, the activist urged his Asean neighbours to take heed of what purportedly happened in Myanmar and be vigilant about their own data.
“When the day comes and you face danger, Telenor will leave you behind. They showed us they don’t care what happens to their customers. They will protect their business interests, but not your life.
“You have power as customers. Ask CelcomDigi and Telenor: will you protect us, or will you abandon us like you did to the Myanmar people? Be aware of who you’re trusting with your data before it’s too late,” he warned.
Protest in MyanmarCall for safeguards at CelcomDigi
The Norwegian state remains Telenor’s majority shareholder, and the company - via Telenor Malaysia Investments Pte Ltd - holds a 33.10 percent stake in Malaysia’s CelcomDigi, formed through the 2022 merger of Celcom Axiata and Digi Telecommunications.
Axiata Group also owns 33.10 percent of shares in CelcomDigi, one of Malaysia’s largest mobile network operators and a key player in the country’s 5G rollout following Putrajaya’s decision to transition from a single wholesale network model to a dual network structure.
On Aug 15, it was reported that CelcomDigi, Maxis Bhd, and YTL Power International Bhd provided additional shareholder advances of RM116.67 million each to the government’s special-purpose vehicle for the 5G rollout, Digital Nasional Bhd (DNB).
CelcomDigi and the two other entities hold a 19.44 percent stake in DNB.
According to Somo advocacy director Joseph Wilde-Ramsing, the potential overseas lawsuit against Telenor raises an important question for CelcomDigi and Malaysian regulators - what safeguards exist to prevent similar violations from happening here?
Pointing to the United Nations’ Guiding Principles on Business and Human Rights as well as the Organisation for Economic Co-operation and Development’s Guidelines for Multinational Enterprises on Responsible Business Conduct, he said companies have a responsibility to respect human rights.
As such, he highlighted that in the Malaysian context, Telenor - and by extension, CelcomDigi - has a duty to avoid causing or contributing to adverse human rights impacts.
“If it ever receives similar data requests from authorities, CelcomDigi should carefully assess the possible risks on its users and should resist such requests - especially if sharing (the requested) data is likely to put its users at serious risk,” the researcher told Malaysiakini.
He added that Telenor has an obligation to inform Malaysian consumers and regulators about the legal notice sent to it in Norway, asserting that the matter constitutes a “material risk” for CelcomDigi and its users, given Telenor’s “track record of providing sensitive data to violent regimes”.
Wilde-Ramsing also said that in light of the move by Myanmar victims, Malaysian consumers, investors, and civil society actors are now in a position to demand greater transparency and stronger safeguards from CelcomDigi.
Expressing similar sentiments, lawyer Jan Magne Langseth, who is representing the Myanmar claimants, said Telenor’s business reputation could be affected if the court finds that the company has contributed to human rights violations in a country where it was operating for several years.
“The precedent will be that international telecommunications companies will be obliged to comply with human rights, regardless of which jurisdiction in which they operate.
“I would presume that the lawsuit against Telenor regarding its actions in Myanmar may pave the way for similar lawsuits if human rights violations by Telenor or CelcomDigi are revealed in Malaysia,” he added when contacted.
In Telenor’s response to Malaysiakini, the spokesperson detailed that in every country across the world, authorities have the legal power to access personal data or network information from telecom operators.
However, Telenor said CelcomDigi operates in Malaysia under a “completely different” legal and regulatory environment, with Telenor not managing CelcomDigi’s day-to-day operations.
“CelcomDigi’s business is built on transparency, accountability, and trust, and the legal action against Telenor in Norway does not affect its operations or Malaysian users’ data.
“In any case, as a part-owner, Telenor’s legal matters in Norway do not impact CelcomDigi’s operations, regulatory compliance, or investments in Malaysia,” added the spokesperson. - Mkini

---