Cambodian law contains no laws or regulations that specifically address privacy rights or the protection of personal information collected from individuals in Cambodia. Although the term “Data Privacy” is yet to be defined by any regulation or law in Cambodia, this term is used in various regulations and general principles relating to data privacy exist in several Cambodian laws. The term “Data Privacy” may include reference to facts, pictures, and/or information or circumstances directly or indirectly related to a specific person.
The digital revolution has exponentially increased the amount of personal information that is collected, processed, and stored. How this data is treated, and the scope of personal privacy, is a fiercely contested issue. While the Cambodian tech sector is still relatively small, data collection and personal privacy remain an important issue for individuals and businesses in Cambodia.
Article 40 of the Constitution of the Kingdom of Cambodia provides:
- The rights to privacy of residence, and to the secrecy of correspondence by mail, telegram, fax, telex and telephone shall be guaranteed.
What this “right of privacy” means in practice is left to further laws and regulations, as well as to how courts will interpret that right. There are also references to a privacy right found in a number of sector specific laws.
For instance, the Press Law restricts the publication of the identities of minors involved in civil or criminal suits, parties to family law cases, and female (though strangely not male) victims of molestation or rape. There are a number of other privacy provisions related to medical patients and financial institutions, though each are fairly narrow.
The following provisions of Cambodian law relate to personal privacy:
Cambodian Constitution – Article 31
Article 31 recognizes and respects human rights as stipulated in the United Nations Charter, the Universal Declaration of Human Rights, and the Covenants and Conventions related to human rights, women’s rights and children’s rights.
Article 12 of the Universal Declaration of Human Rights 1948 and Article 17 of the United Nations International Covenant on Civil and Political Rights of 1966, ratified by Cambodia in 1992 prohibit the arbitrary or unlawful interference with the privacy, family, home or correspondence, or unlawful attacks on the honor and reputation of people. Please note that any international convention ratified by Cambodia has legal force as Cambodian law (Decision No. 092/003/2007 of Constitutional Council dated July 10, 2007).
Article 40 states that the right to privacy of residence and to the confidentiality of correspondence by mail, telegram, fax, telex and telephone, is guaranteed.
While the above articles do not specifically mention protection of personal data, the Constitution clearly recognizes a fundamental right to privacy which may be invoked by individuals to support claims that such right has been violated. To our knowledge, however, there is no precedent of a penalty being imposed by a court due to a constitutional violation. Constitutional provisions act as guiding principles which are often then supplemented by implementing legislation.
Article 10 of the 2007 Civil Code
Article 10 provides that privacy and the right to life, personal safety, health, freedom, identity, dignity, and other personal benefits or interests are personal rights residing in individuals.
In the absence of any specific legislation dealing with protection of personal information other than general principles on privacy rights, we believe that a customer would likely be deemed to have consented to the collection, processing and use of the personal information if such customers gives free and valid consent, even if such consent is given electronically. Such collection, processing and use should be within the agreed scope and exercised with due care.
There are different kinds of data privacy, including civil status, data in mail or in correspondence by all kinds of telecommunication means, data contained in information technology systems (such as email and internet records), public administration or private files, etc. In Cambodia, only certain data/information is legally protected, as set out below.
Specific References within Cambodian Laws
Code of Criminal Procedure (“CCP”)
Information received during an investigation conducted by a judge, prosecutor, attorney, court clerk, policeman, military policeman, expert, interpreter, medical doctor, or other qualified person as set out in the CCP must be kept confidential (Article 83 of CCP).
Judicial police officers cannot conduct a search for any private data, unless they first obtain the written or verbal authorization from a prosecutor, the search must not be conducted before 6:00 a.m. or after 6:00 p.m. and must be conducted in the presence of the person concerned or at least two witness (Article 91 paragraph 1 & 2 of CCP).
All data in the attorney’s office cannot be searched unless it is conducted in the course of a criminal investigation procedure, by an investigating judge or prosecutor, in the presence of the president of the Bar Association (Article 91, paragraph 5 of CCP).
All data held by media enterprises cannot be searched by the judicial police, unless it is conducted under the supervision of an investigating judge or prosecutor (Article 91 paragraph 6 of CCP).
All information received in violation of Article 91 of CCP as stated above is inadmissible in court (Article 109 of CCP).
Article 10 of the Civil Code provides that privacy and the right to life, personal safety, health, freedom, identity, dignity, and other personal benefits or interests are personal rights residing in individuals.
Whilst we are not aware of any specific legal sanctions available to an individual claiming the misuse of personal rights under the Civil Code, an aggrieved party would still have recourse to the courts to file a civil claim for any damage caused as a result of misuse of personal rights, in addition to the right to injunction and right to demand elimination of effect of an infringing act (Articles 11, 12, & 13 of Civil Code).
Codes of Ethics for Professional
Persons who practice the following professions must keep all information received for their clients confidential:
Lawyers (Article 58 of Law on Statutes of Lawyers (“LSL”)).
- All consultations, advice and non-official documents prepared by a lawyer for a client, and correspondence sent between the lawyer and a client shall be considered as confidential. Any lawyer who fails to comply with this requirement shall be subject to punishment according to the provisions of the Criminal Law (Article 78 of the LSL).
– Any person who participates in any capacity in the administration, direction, management, internal control, or external audit, and employees of banking or financial institutions.
- Confidential information includes statements, facts, acts, figures or the contents of accounting or administrative documents of which he might have become aware through the persons position (Article 47 of Law on Banking and Financial Institution (the“LBFI”)
- Any person acting in breach of the provisions of Article 47 of the LBFI shall be liable to imprisonment from between 1 to 5 years and a fine of between 5 million to 250 million Riels, or to either of these penalties, without prejudice to the possible closure of the concerned establishment (Article 55-1 of LBFI).
– All members of the Expert Accountant and Auditor Institute of Cambodia.
- Confidential information includes all affairs learned during the performance of the accountant/auditor’s function (Article 47 of Prakas Nº 001 of MEF dated February 26, 2004).
– Physicians and/or medical doctors.
- Confidential information includes any confidential documents and medical information of patients under the care of or examined by a physical or doctor (Article 70 of Sub Decree № 61 dated August 28, 2003 (“SD 70”)). Any breach of the confidential information shall be punishable by disciplinary sanction (Article 110 of SD 70).
– Members of Arbitration Panels.
- Confidential information includes information and documents provided the panel, as well as any facts that come to their attention while carrying out their duties (Article 312 of Labor Law).
- Labor Inspectors, Labor Physicians, and Labor Supervisors must keep the source of any complaint about a problem in a firm or of a violation of the law absolutely confidential and must not reveal to the employer or his representative that the inspection was the result of a complaint (Article 348 of Labor Law).
- In addition to the disciplinary penalties, Labor Inspectors and Controllers as well as Labor Medical Inspectors who reveal the confidential information and production processes shall be liable to be punished by imprisonment for six days to one month, even though the revelation of the secrets took place after they have left their job (Article 386 of Labor Law).
Transfer of Employees Information outside Cambodia
Subject to Articles 11, 12, & 13 of Civil Code, we are not aware of any provision which would restrict the transfer of employees’ information outside Cambodia.
Collection of Customer Information
We are not aware of any requirement for registration, approval or license from any Cambodian government authority in order to collect, process or use personal information provided by customers.