International corporations from liberal democracies face a choice when operating in authoritarian countries. Comply with government surveillance and censorship, or leave the country.

This decision has become urgent in Myanmar, where the Norwegian telecommunications company Telenor has been trying to untangle itself from the country since the junta seized power in a coup on February 1, 2021. In doing so, Telenor is torn between selling its Myanmar subsidiary quickly or protecting the millions of users whose data could end up in the hands of the military.

Now the company faces a new hurdle, one that could have broader implications for how European companies do business in illiberal countries. 

On February 8, an anonymous Myanmar citizen and a Norwegian law firm filed a complaint with the Norwegian Data Protection Authority alleging that Telenor’s sale violates Europe's General Data Protection Regulation, or GDPR, which applies to countries in the European Economic Area, which includes Norway. The complaint asks Norway’s state  privacy agency to investigate and intervene to ensure that the sale does not violate the right to privacy of its customers and put them at risk of exposure to military surveillance.