The digital revolution has exponentially increased the amount of personal information that is collected, processed, and stored. How this data is treated, and the scope of personal privacy, is a fiercely contested issue. While the Cambodian tech sector is still relatively small, data collection and personal privacy remains a salient question for individuals as well as businesses.

In our commercial practice, privacy and data issues often come up when a client asks us to review their privacy policies or wants to know what sort of restrictions there are on the data they collect. For better or worse, there is no comprehensive data protection or privacy law on the books (and none under draft, to the best of our knowledge). There is, however, a constitutional right to privacy, enshrined in Article 40:

The rights to privacy of residence, and to the secrecy of correspondence by mail, telegram, fax, telex and telephone shall be guaranteed.

What this “right of privacy” means in practice is left to further laws and regulations, as well as to how courts interpret that right. There is also a patchwork of protections found in a number of laws, and these are often quite specific.

For instance, the Press Law restricts the publication of the identities of minors involved in civil or criminal suits, parties to family law cases, and female (though strangely not male) victims of molestation or rape. There are a number of other privacy provisions related to medical patients and financial institutions, though each are fairly narrow.

While there isn’t much in the way of a comprehensive Cambodian privacy law at present, anytime you put data on the internet or send it abroad for processing or storage, it is likely you’ll need to consider the laws of other countries too.