A couple questions to ask before implementing an“ask-once” policy in Myanmar

Can the government of a politically diverse and fractioned country like Myanmar implement an ethical and accountable “ask once” policy that would integrate citizen data from across federal databases to improve departmental services to the people? Yes, it’s technically feasible — but still not likely to happen anytime soon.

Data can be key to an inclusive culture. This is particularly true in developing countries where traditional public service infrastructure has yet to escape the gravity of urban hubs. Telecommunications is outpacing nearly all other forms of infrastructure — and it is not just accelerating data collection. In many ways, expanding mobile phone connectivity represents the first nationwide data collection vehicle. Myanmar is one such country, now enjoying a 95% mobile phone saturation rate. Conversely, nearly 74% of the population remains without access to financial services. Financial companies like Yoma Strategic, Wave Money and ThitsaWorks are taking advantage of this infrastructure to collect valuable data needed to authorize access to essential services well beyond the reach of brick-and-mortar banks. In doing so, they are leapfrogging legacy systems commonplace in more developed countries.

Eyeing this bandwagon is the government of Myanmar, seeking ways to utilize similar datasets collected via mobile devices, to inform various citizen-facing government functions. Other countries have already begun evaluating the benefits and concerns of such a policy. But, should Myanmar even consider doing so?

In developing countries, the concerns many. In terms of feasibility, the majority of devices are smartphones and can handle the personal identification and data sharing mechanism requirements. But in terms of platform governance and the state of government modernization, there remain several concerns — specifically around privacy issues. A glaring one in Myanmar is highlighted by OneTrust Data Guidance’s 2019 Data Protection Overview: simply, “there are no specific laws or regulations related to data protection in Myanmar.” Even the Central Bank of Myanmar’s Regulation on Mobile Financial Services — governing perhaps the broadest repository of user data nationally, hasn’t published an update in 2016 and only mentions privacy once.

The next question is whether Myanmar’s citizenry would accept such a policy. Even in America, boasting fairly well-regulated government functions and information security, discussion of citizen data collection and management often prompts heated privacy references to the Fourth Amendment. When machine learning, digital data aggregation and citizen services automation in the context of government processes enter a conversation, it is hard not to conger ideas of Big Brother analyzing Winston’s facial expression for thought crimes in Orwell’s 1984. In Myanmar, a country plagued by ethnic conflict and political corruption, such concerns are exacerbated.

While the infrastructure for an ask-once policy is there, a lot of other pieces are not. If ask-once is to be pursued, it’ll be worth looking to Myanmar’s own Centre for Responsible Business (MCRB) for guidance. In “A Data Protection Law that Protects Privacy: Issues for Myanmar,” MCRB has identified that meaningful data privacy requires first a clear scope and purpose, detailed legal requirements on protection, and grounds for processing personal data and clearly delineated obligations for data controllers. But, first things first: like the vast majority of countries that have data protection laws, Myanmar must have a supervisory authority that is independent and authoritative.

Myanmar has a lot to gain from an ask-once policy, but this is not a one step process, and each will need to be taken thoughtfully and deliberately.