The Telenor Myanmar scandal: a stark warning for data control in authoritarian times

What happened in Myanmar is more than just a story about one company’s failure. It’s a cautionary tale about what happens when corporations hold massive amounts of sensitive user data amid rising authoritarianism, and how quickly the infrastructure of everyday life can be turned into a weapon.

Telenor in Myanmar: a slick sales pitch masks a risky reality

Telenor, the Norwegian telecommunications giant, entered Myanmar in 2014 during a period of democratic transition. After decades of military rule, Myanmar was opening up. Foreign investment flowed in, and telecoms expansion was seen as a sign of progress. Telenor had a slick sales pitch, profiling itself as an “ethical” and “responsible” company that customers could trust. Mobile connectivity surged, and Telenor soon had millions of customers.

For Myanmar citizens, this wasn’t simply about better phone coverage. It meant easier access to education, news, banking services, and social connections. A country that had long been isolated suddenly became digitally connected. 

But with that connectivity came something far less visible: massive data collection.

Tech companies like Telenor hold some of the most sensitive data imaginable. Subscriber identities, SIM registration records, call logs, metadata, and detailed location tracking, phone numbers of close contacts. Even without reading messages, telecom data can reveal who someone communicates with, where they go, what networks they belong to, where their friends and family live, and what patterns shape their daily life.

In stable democracies, this kind of corporate control over hyper-sensitive personal information is already concerning. Under fragile democracies, and certainly authoritarian regimes, it can have disastrous consequences.

When the coup happened, control over data became deadly

In February 2021, Myanmar’s military staged a coup, overthrowing the elected government and launching a brutal crackdown on dissent. Suddenly, the same telecom infrastructure that connected families and networks for nearly seven years became a surveillance goldmine.

Military regimes don’t need to guess who is organising protests if they can track SIM registrations. They don’t need informants if they can monitor call records. They don’t need to search communities randomly if they can pinpoint where activists live and where they travel.

Telecom data becomes a map of a society’s resistance. And here’s the core lesson: corporations that have the data can at any time hand it over to repressive governments or other actors who will use it to abuse human rights.

That became horrifically clear for Myanmar democracy activist Ma Tha Zin, whose husband Zay Yar Thaw, a hip hop artist turned lawmaker and opposition leader, was arrested and executed after Telenor shared his call log, contacts, and location data with the violent military junta in 2021. Another Myanmar human rights defender, Ko Ye, knew he would be in danger if Telenor turned over his data to the junta, so he wrote to Telenor asking them to delete it. Telenor refused. Ma Tha Zin and Ko Ye are both plaintiffs in the class action lawsuit that was filed on 8 April in Norway.

Authoritarianism doesn’t always need new tools. It just needs access to existing ones. And when corporations control data, they can become – sometimes involuntarily, sometimes willingly – partners in authoritarian repression.

The myth of “neutral” corporations

Big Tech and telecom firms often frame themselves as neutral. They provide services; they don’t do politics. They connect people; they don’t control them. They claim they simply follow the laws of the countries in which they operate.

But the Telenor Myanmar case exposes the myth of “neutral” corporations as a pernicious lie.

There is no neutrality when you are holding data that can determine who lives freely and who disappears into prison.

A company that controls communications infrastructure is not just doing business. It is shaping power. And when political conditions shift, as they often do, its “neutral” systems can suddenly become tools of oppression. Just take a look at the role of tech companies in democratic backsliding in Hungary(opens in new window) or how corporations are cooperating in the increasing use of internet shutdowns as a tool of political control in Uganda(opens in new window) .

The uncomfortable truth is that modern authoritarian regimes don’t always need to build surveillance states from scratch. They can outsource them. Or inherit them. Or buy them.

And corporate control of our data makes that easy.

Rising authoritarianism makes this everyone’s problem

Myanmar is not an isolated case. Across the world, authoritarianism is rising: through military coups, democratic backsliding, nationalist crackdowns, and states expanding surveillance powers in the name of security.

In these environments, personal data can become a weapon and a tool of oppression. And it can happen anywhere. Just look at how Immigration and Customs Enforcement (ICE) officers are expanding their use of a broad web of surveillance tools provided by tech companies like Clearview AI and Palantir(opens in new window) to spy on immigrants and American citizens alike in the US, or how the EU is working with Big Tech to build a dystopian surveillance-driven deportation machine(opens in new window) .

Location data can reveal who attended a protest. Messaging metadata can reveal networks of activists. Phone records can expose journalists’ sources. Social media data can identify political dissidents. Facial recognition can turn a public street into a digital checkpoint.

And once that data exists, the question is no longer whether it will be abused but when and by whom.

The real lesson: data is power, and power must be limited

The Telenor Myanmar scandal goes beyond a corporate ethics controversy. We should take it as a warning sign that the modern economy has quietly centralised power in the hands of companies that were never democratically elected, never truly accountable, and rarely transparent.

Telecom and tech corporations have become gatekeepers of society’s most sensitive information. They often collect more data than they need, store it longer than necessary, and operate under weak global standards.

And when political crises erupt, that data becomes an irresistible target and an immediate tool of control.

Variations on the “Telenor Myanmar scenario” – where corporate data collection infrastructure is being used for repression – are already unfolding or at risk of doing so around the world. If we want to put a stop to this, we need to rethink the entire system. That means stronger international, regional, and national privacy laws that ensure that individuals, not corporations, have control over their data. More specifically, we need stricter limits on data retention, meaningful transparency obligations, enforceable protections that prevent companies from gathering and holding data – and thus power – that can be easily transferred into the hands of authoritarian regimes. The power of tech companies must be reined in. 

The tragedy of the Telenor Myanmar scandal is that it reveals something many people still refuse to admit: in the digital era, surveillance is not a distant threat. It is built into the infrastructure of everyday life.

And when corporations control that infrastructure, they become political actors whether they want to or not.

The world should be paying attention.

Because the next time a government turns authoritarian, it may not need to build new tools of repression.

It may simply open the database.