Telenor’s role in severe human rights violations in Myanmar
Norwegian telecommunications company shared sensitive data and put millions of mobile users at risk
In 2021, SOMO filed an OECD complaint on behalf of 474 Myanmar civil society organisations against Norwegian telecoms company Telenor ASA, concerning the sale of its Myanmar subsidiary, Telenor Myanmar Limited (Telenor Myanmar), to a company closely linked to the violent military junta. In April 2026, Swedish non-profit Justice and Accountability Initiative (JAI), with support from SOMO and the Open Society Justice Initiative (OSJI), filed a civil class action lawsuit against Telenor ASA on behalf of Myanmar customers whose data was shared with the military. Together, these complaints seek to hold Telenor ASA liable for its role in severe human rights violations by the junta following the February 2021 coup.
Case overview
The OECD NCP Complaint
The July 2021 complaint to the Norwegian National Contact Point (NCP) under the OECD Guidelines for Multinational Enterprises alleged that Telenor failed to meet the standards of respect for human rights and responsible disengagement set out in the OECD Guidelines before, during, and after the sale of Telenor Myanmar in February 2022. Telenor Myanmar was sold to a consortium comprising the Lebanese investment firm M1 Group SAL and Shwe Byain Phyu (SBP), a Myanmar conglomerate closely linked to the military junta that had just overthrown the country’s democratically elected government.
The complaint concerns Telenor ASA’s failure to conduct adequate risk-based due diligence, lack of meaningful stakeholder engagement, and insufficient transparency during its operations and exit, which put the security of the data of Telenor Myanmar’s over 18 million customers and their personal safety at risk.
Civil litigation
The class action lawsuit against Telenor ASA seeks damages for the sharing of data by Telenor Myanmar with the military authorities of customers suspected of opposing the 2021 coup. The lawsuit seeks damages for non-financial losses incurred by all customers whose data was shared, as well as damages for financial losses suffered by individuals, Tha Zin, widow of prominent government opponent Zeya Thaw, and civil society activist Aung Thu.
Case context
Telenor ASA is one of the world’s leading telecommunications companies, headquartered in Norway. The Norwegian state is the majority owner of Telenor, holding 54% of the shares. With several subsidiaries worldwide, Telenor is a key player in the mobile phone service market in Europe and Asia.
Telenor Myanmar Ltd, Telenor ASA’s wholly owned subsidiary, commenced operations in Myanmar in 2014 and served more than 18 million customers by 2021. Information Telenor gathered and stored about its customers included names and physical addresses, Facebook and bank accounts, e-wallets, ID numbers, location data, and call logs.
On 1 February 2021, the Myanmar military toppled the country’s democratically elected government. In the aftermath of the coup, a civil resistance movement was born. The military immediately started cracking down on these activists through widespread arbitrary arrests and detentions, extrajudicial killings, torture, and other forms of serious human rights violations. A civil war between the military junta and opposition forces continues to date.
In March 2022, despite warnings by civil society organisations and legal action against this transfer, Telenor ASA sold its Myanmar subsidiary. With this transaction, all customer data and active surveillance technology that Telenor had installed were turned over to a military-linked company.
Between the time of the coup and Telenor’s exit from Myanmar, the military regularly requested that Telenor Myanmar disclose specific user data, particularly the data of customers suspected of opposing the coup, which the subsidiary handed over. The lawsuit alleges that, despite knowing about the risk of human rights violations systematically inflicted by the military, Telenor ASA failed to prevent the sharing of sensitive data in any of these cases. The lawsuit alleges that for some of them, the parent company explicitly recommended compliance with the requests.
Allegations
OECD NCP complaint
The complainants argue that Telenor ASA has failed to conduct appropriate risk-based human rights due diligence and has failed to seek to prevent or mitigate adverse human rights impacts arising from the sharing of data with a violent military regime and the sale of its Myanmar operations to a military-linked company. They further allege that Telenor did not meaningfully engage with relevant stakeholders, including Myanmar civil society groups, and failed to disclose adequate information in relation to its sale of Telenor Myanmar.
Civil litigation
The class action lawsuit argues that Telenor ASA is liable for damages arising from the sharing of data because the company either failed to prevent disclosure or knowingly and unlawfully authorised its subsidiary, Telenor Myanmar, to disclose it, without taking sufficient measures to prevent its misuse. Although it is not known exactly how many of these customers’ data was shared with the junta by Telenor Myanmar, the lawsuit alleges that customer data linked to at least 1,253 phone numbers was shared.
The lawsuit alleges that two individuals experienced severe human rights violations after their data was handed over to the military. It claims that Telenor Myanmar handed over the logs of a phone number owned by prominent government opponent Zeya Thaw after informing Telenor ASA that it was going to comply with the request, shortly after which he was arrested by the military and executed. The lawsuit further alleges that Telenor Myanmar handed over the user data of activist Aung Thu after escalating the request to Telenor ASA, and that the military likely relied on the data to convict him under terrorism laws. In both cases, Telenor Myanmar complied with the requests despite internal assessments concluding that doing so would infringe on internationally recognised human rights.
Voices of the community
The 474 civil society groups in Myanmar taking part in the OECD NCP complaint continue to face extreme risks of human rights abuses by the Myanmar military and have no choice but to stay anonymous in the filing of the complaint out of fear of retaliation. Ko Ye, activist and Chairperson of JAI, has nevertheless decided to speak out:
“I feel betrayed. By the company that has the Norwegian state as its main owner. A company that we thought had high integrity and high humanitarian standards” … “This is not just about me. But about millions of customers. We are in danger, in struggle, in a very difficult position. But Telenor is not protecting us. On the contrary. Our data is being used as a weapon against us.”
Tha Zin, one of the plaintiffs in the intended lawsuit, says(opens in new window) :
“Fuck off … There were so many dreams. About making music together, travelling around, giving concerts, studying … It’s gone. All dreams have faded.”
Case timeline
-
2026Apr 08Myanmar customers sue Telenor for sharing private data with militaryupdateOn behalf of Myanmar customers, a Swedish non-profit association filed class action lawsuit against the Norwegian telecoms giant Telenor over its role in serious human rights violations in Myanmar.Published on:
-
2025Dec 11Norwegian NCP Final StatementupdateThe Norwegian National Contact Point has found that Norwegian telecoms company Telenor ASA breached international standards on human rights and responsible business conduct.Published on:
-
Oct 07Notice of Legal Action to TelenorupdateA number of Myanmar citizens and non-profit organisations have notified Telenor of their intention to file a lawsuit for compensation in relation to human rights violations resulting from Telenor Myanmar’s disclosure of personal data to the Myanmar military junta.Published on:
-
Aug 28Telenor reported to the Norwegian Police ServiceupdateThe Norwegian branch of the International Commission of Jurists has reported Telenor ASA to the Norwegian Police Security Service for allegedly implementing systems that could have been used in the military junta’s surveillance of Telenor customers.Published on:
-
Aug 20Cooperation of Telenor Myanmar with the military revealedupdateThe Norwegian Broadcasting Corporation (NRK) revealed that Telenor Myanmar had repeatedly complied with requests from the Myanmar military to hand over user data and put its users at risk hundreds of times following the coup. NRK’s investigation highlights how the military used sensitive data collected and handed over by Telenor to track down human rights defenders and democracy activists.Published on:
-
2024Sep 01Norwegian NCP begins its own investigationupdateIn September 2024, the mediation phase of the complaint procedure was closed, and the Norwegian NCP began its own investigation of the allegations and Telenor ASA’s conduct, with the aim of producing a public final statement with conclusions and recommendations. The NCP’s final statement is expected in the second half of 2025.Published on:
-
May 01Mediation failsupdateA final mediation session scheduled for May 2024 was cancelled because, according to the complainants, Telenor had failed to make progress on and refused to even discuss a key provision of the interim agreement, namely Telenor ASA’s contribution to a Myanmar digital security relief mechanism, which was intended to mitigate and prevent human rights risks and impacts associated with Telenor Myanmar sharing of data with the military regime prior to and as a result of the sale of Telenor Myanmar to M1 and SBP.Published on:
-
2022Oct 28Interim agreement reachedupdateThe Norwegian NCP published a Memorandum of Understanding capturing the mediation discussions, the agreements and acknowledgements made by both parties, and a path forward for further mediation and agreement.
Published on: -
Mar 25Telenor Myanmar’s sale completedupdateDespite the ongoing complaint, Telenor announced that it had completed the sale of Telenor Myanmar to M1 and the Myanmar firm Shwe Byain Phyu.Published on:
-
Mar 04Legal experts recommend suspension of Telenor Myanmar’s saleupdateTwo international law experts released a legal memo stating that Norway and Telenor could be held responsible under international law for human rights abuses resulting from the sale of Telenor Myanmar.Published on:
-
Feb 08Data protection complaint filed against TelenorupdateA Myanmar citizen and rightsholder filed a complaint at the Norwegian Data Protection Authority against Telenor, arguing that its sale of Telenor Myanmar is in breach of the EU’s General Data Protection Regulation. SOMO supported the complainant in the filing.Published on:
-
2021Sep 27Complaint accepted by Norwegian NCPupdateThe Norwegian NCP issued an initial assessment accepting the complaint for mediation between the complainants and Telenor.Published on:
-
Jul 27Complaint filed with the Norwegian NCP complaintupdateOn 27 July 2021, SOMO officially filed the complaint on behalf of 474 Myanmar civil society organisations against Telenor.Published on:
Norwegian NCP Final Statement
The NCP’s final ruling(opens in new window) on the complaint finds that Telenor acted in breach of the OECD Guidelines.
The NCP determined that Telenor ASA did not carry out human rights due diligence commensurate with the severity and likelihood of the adverse impacts with which it was involved in Myanmar. It found that “provision of user data to a military junta that uses the data for surveillance of political opponents may be regarded as a contribution to adverse human rights risks and impacts” and that Telenor ASA avoided taking “nearly any possible actions to mitigate the risks for end users”, such as helping customers protect their communication.
Furthermore, the NCP concluded that Telenor ASA was not prepared for the situation created by the military coup in February 2021, as its human rights due diligence and risk assessments had not encompassed the possibility of full military rule and the corresponding responsible exit scenarios. The decision also states that Telenor ASA did not provide customers with any assistance on how they should protect themselves from misuse of authority requests for information.
Lastly, the NCP determined that Telenor ASA should take an active role in remediation and recommends that it provide financial support to a Myanmar digital security relief mechanism.
What’s next?
OECD NCP complaint
Within a year of publishing the Final Statement, the NCP will invite the parties involved to a follow-up meeting to discuss updates on Telenor’s implementation of the recommendations and any other relevant issues. The NCP is expected to publish a follow-up statement.
Civil litigation
Following the filing of the case, Telenor ASA will have the opportunity to formally respond to the claims. Once the court has confirmed whether the case can be tried as a class action, it will schedule a hearing where both parties can present their evidence and oral arguments.
SOMO’s role
At their request, SOMO provided the OECD NCP complainants with strategic legal advice and assisted in drafting the complaint, collaborating closely with affected rightsholders. In addition to the OECD Guidelines case, SOMO assisted affected rightsholders in filing a data protection complaint to the Norwegian Data Protection Authority for breach of the Norwegian version of the EU’s General Data Protection Regulation (GDPR). SOMO is working closely with the plaintiffs in the class action lawsuit throughout the legal process. SOMO is also supporting advocacy and communication efforts, working with the complainants as well as civil society and media in Norway.
Media coverage
- “‘Telenor had only one intention. It was to protect itself.(opens in new window) ‘” Article published by NRK on 31 August 2025
- “Preparing legal action against Telenor and the state for data sharing with the junta(opens in new window) ”. Article published by Dagens Næringsliv on 5 September 2025
- “Telenor quits Myanmar with $105 mln sale to Lebanon’s M1 Group(opens in new window) “. Article published by Reuters on 8 July 2021.
- “Telenor signals Myanmar exit, as UN calls for urgent action(opens in new window) “. Article published by Al Jazeera on 8 July 2021.
- “Myanmar rights groups complain to OECD over Telenor sale(opens in new window) ”. Article published by the Financial Times on 27 July 2021.
- “Myanmar’s fight for democracy is now a scrap over phone records(opens in new window) “. Article published by Wired on 8 February 2022.
Company responses
- “Telenor’s response to concerns regarding Myanmar withdrawal(opens in new window) “. Published on the website of the Business and Human Rights Resource Centre on 13 November 2021.
- “Update on the ongoing OECD complaint lodged against Telenor regarding its sale of Telenor Myanmar(opens in new window) “. Published on Telenor’s website on 28 October 2022.
- “Update on the ongoing OECD complaint against Telenor on the sale of Telenor Myanmar(opens in new window) “. Published on Telenor’s website on 27 September 2021.
- “Telenor shared sensitive personal data with the military junta(opens in new window) “. Published by NRK (in Norwegian) on 20 August 2025.
Do you need more information?
-
Joseph Wilde-Ramsing
Advocacy Director
-
474 Myanmar civil society organisations
The organisations names must remain anonymous due to safety and security concerns.
Related news
-
The Telenor Myanmar scandal: a stark warning for data control in authoritarian timesPosted in category:Opinion
Joseph Wilde-RamsingPublished on:
Joseph Wilde-Ramsing -
Levi’s sued over misleading claims on labour conditionsPosted in category:News
Aintzane MárquezPublished on: -
Updated Datahub shows 1,400 corporate groups covered by weakened CSDDDPosted in category:News
David Ollivier de LethPublished on:
