NextFin News - Telenor ASA, the Norwegian telecommunications giant, is facing a landmark lawsuit in its home jurisdiction over allegations that it failed to protect the personal data of millions of customers during its chaotic exit from Myanmar following the 2021 military coup. The legal action, filed in Oslo on Wednesday, represents a significant escalation in a multi-year dispute between the state-controlled operator and civil society groups who claim Telenor’s divestment effectively handed a "digital roadmap" for repression to the Myanmar military junta.
The lawsuit centers on the 2022 sale of Telenor’s Myanmar operations to M1 Group, a Lebanese investment firm, which subsequently partnered with a local conglomerate linked to the military. Claimants allege that by transferring the metadata and call records of approximately 18 million subscribers, Telenor violated European and Norwegian data protection standards, exposing activists and ordinary citizens to targeted violence, arrests, and surveillance. The plaintiffs are seeking damages and a formal judicial declaration that Telenor’s actions breached its duty of care under international human rights frameworks.
Telenor has consistently maintained that its exit was a "forced" response to an impossible dilemma. According to official statements from the company, the military regime had demanded the activation of lawful interception equipment that would have allowed real-time monitoring of communications. Telenor argues that refusing these orders would have put its local employees at immediate risk of imprisonment or worse, while complying would have violated its own corporate principles and international law. The company contends that selling the business was the only way to protect its staff, even if it meant losing control over the customer data stored on local servers.
The legal battle follows a critical review by the Norwegian National Contact Point (NCP) for the OECD Guidelines, which recently concluded that Telenor did not do enough to mitigate the risks to customer data before finalizing the sale. While the NCP acknowledged the extreme pressure Telenor faced, it noted that the company’s risk assessments were insufficient and that it failed to engage transparently with affected stakeholders. Telenor has rejected these findings, asserting that the NCP underestimated the physical security threats to its personnel and that much of its internal risk data could not be shared due to safety concerns.
For the broader telecommunications industry, the Telenor case serves as a cautionary tale regarding the "S" in ESG (Environmental, Social, and Governance) investing. Institutional investors have watched the saga closely, as Telenor is 54% owned by the Norwegian state, a government that prides itself on human rights leadership. The lawsuit threatens to tarnish this reputation and could set a precedent for how multinational corporations are held liable in their home courts for the actions—or omissions—of their subsidiaries in high-risk jurisdictions.
Market analysts remain divided on the financial impact. While the potential for a massive class-action settlement exists, some legal experts suggest that proving a direct causal link between the data transfer and specific instances of harm will be a high evidentiary bar in a Norwegian court. Furthermore, Telenor’s defense—that it acted under "duress" to save lives—is a powerful legal argument that may resonate with judges. However, the reputational damage and the cost of prolonged litigation in Oslo are likely to weigh on the stock as the discovery process begins to unearth internal communications from the period of the coup.
The outcome of this litigation will likely hinge on whether the court views data protection as a secondary concern to physical safety or as an inseparable component of modern human rights. As the military junta in Myanmar continues to tighten its grip on digital infrastructure, the Telenor case will determine if "responsible exit" is a viable corporate strategy or merely a theoretical concept that fails when confronted with the reality of a violent regime. For now, the 18 million former customers in Myanmar remain in a state of digital vulnerability, their records now held by entities far less concerned with European privacy standards than the Norwegian firm they once trusted.
Explore more exclusive insights at nextfin.ai.
