Committee: ECONOMIC & FINANCIAL AFFAIRS COUNCIL (ECOFIN)
Topic: The protection of data privacy in the context of e-commerce
Allocation: Kingdom of Cambodia
Delegate: Nguyen Duy Hoang Giang
Data privacy protection in e-commerce is the protection of personal data, like names,
payment records, and contact information, which are gathered from commercial transactions
done over the Internet. The popularity of electronic transactions is not by any means
unjustified since they provide individuals and businesses with great convenience, ease,
efficiency, flexibility, and low costs, but electronic transactions also add problems, risks, and
uncertainties to consumers.
The international digital commons is so far bereft of a common sense for protections,
exposing millions to data breaches, identity theft, and warrantless snooping. Poor data
security can be a real drag on the economy to (not to mention the trust of ordinary people),
and especially in more unstable markets. Secondly, in terms of societal and political effects,
data misuse violate autonomy and low regulatory structures triggers concerns about digital
sovereignty, particularly in developing countries in transition periods of technological
adoption. In view of the foregoing, the Kingdom of Cambodia is of the view that the
Economic and Financial Affairs Council (ECOFIN) must take urgent and inclusive action to
strengthen global data privacy standards while respecting national development contexts.
Admittedly, the United Nations has, in resolutions such as 68/167 (2013), 69/166 (2014), and
73/179 (2018), defended the right to privacy in the age of the internet on the foundations of
legality, necessity, and proportionality with respect to data collection. While these resolutions
are not laws in themselves, they do generate universal expectations for the governance of data
worldwide. Regional frameworks like the ASEAN Framework on Personal Data Protection
and the OECD Privacy Guidelines also provide influential, albeit non-binding, policy
templates for the region. Besides that, Non-governmental organizations such as Privacy
International and Human Rights Watch have also become important in promoting
transparency and demanding protective legislation through monitoring state practices. Yet,
progress remains uneven.
Whilst the European Union implements robust regulations such as the General Data
Protection Regulation (GDPR), the majority of Southeast Asian nations, such as Cambodia,
are still at the early stages of establishing baseline protections. Existing challenges include
limited institutional capacity, a fragmented legal framework, and geopolitical tensions that
hold back global consensus. State surveillance in the name of national security also has a
tendency to breach privacy rights, especially in hybrid or authoritarian regimes. As Cambodia
moves forward with digital progress, e-commerce data privacy involves complex secondary
challenges. These include uneven worldwide legislation that intrudes into cross-border
business, weak digital literacy in the Global South hindering informed consent, and ethical
concerns about AI exploitation of data processing. Additionally, discrepancies in enforcement
across countries are likely to render privacy legislation unenforceable in the Global South.
Resolution of these problems is important to building secure and equitable digital markets.
�The Kingdom of Cambodia has witnessed significant growth in digital platforms and online
commerce; however, its legal and institutional frameworks for data privacy remain
underdeveloped. The 2019 Law on Electronic Commerce introduced the concept of personal
data protection but was limited in scope. It primarily addressed the security of digital data
without encompassing key principles such as user consent, data minimization, transparency,
or the right of individuals to access and modify their data. Moreover, the absence of a
centralized regulatory authority, due to overlapping responsibilities between the Ministry of
Commerce and the Ministry of Posts and Telecommunications, has led to fragmented
oversight, limiting effective enforcement and coordination.
To bridge these gaps, Cambodia is preparing its first comprehensive Personal Data Protection
Law. The law seeks to conform to ASEAN and international standards, in this instance, the
ASEAN Framework on Personal Data Protection and United Nations endorsed principles.
The act seeks to stipulate clearly the rights of data subjects, specify the roles of data
controllers and processors, and establish independent supervisory measures. Cambodia also
recognizes that effective regulation must be coupled with effective institutional capacity and
public awareness. Consistent with this, the government also seeks to undertake digital literacy
campaigns to educate citizens—young people and small business owners in particular—about
their digital rights, safe online practices, and data abuse risks. Globally, Cambodia advocates
a balanced and cooperative global response. Cambodia supports the creation of an ECOFIN-
led United Nations Global Data Privacy Framework, in collaboration with institutions such as
UNCTAD and the ITU. The framework would be tiered and adaptable, with differentiated
standards aligned with the digital maturity of each nation. It would provide a common
foundation for good data governance while allowing for national variation. Cambodia
emphasizes that it is not a one-size-fits-all process but an expression of the varying capacities
and contexts of Member States.
Furthermore, Cambodia proposes the establishment of a multilateral Data Protection
Observatory. The Observatory would monitor global trends, share best practices, examine
adherence to global norms, and facilitate capacity-building for Member States. As a
complement to the assistance for digital development in the Global South, the Kingdom calls
for special financing and technical assistance programs to enhance cybersecurity
infrastructure, legal framework, and regulatory capability. Cambodia's position is supported
by the principle that data privacy is both a matter of technical regulation and of human rights
and digital justice. While the Kingdom is encouraged by comprehensive models such as the
European Union's General Data Protection Regulation (GDPR), it maintains that any global
framework will need to be implemented contextually. Factors such as economic capacity,
ICT infrastructure, and digital literacy levels must be considered in establishing realistic and
practical regulatory goals.
United Nations. (2013). Resolution 68/167: The right to privacy in the digital age.
https://undocs.org/A/RES/68/167
United Nations. (2014). Resolution 69/166: The right to privacy in the digital age.
https://undocs.org/A/RES/69/166
United Nations. (2018). Resolution 73/179: The right to privacy in the digital age.
https://undocs.org/A/RES/73/179
�United Nations Conference on Trade and Development (UNCTAD) (2021). Digital Economy
Report 2021: Cross-border Data Flows and Development. United Nations Conference on
Trade and Development. https://unctad.org/webflyer/digital-economy-report-2021
DLA Piper. (n.d.). Data protection laws in Cambodia – Data Protection Laws of the World.
Retrieved May 30, 2025, from https://www.dlapiperdataprotection.com/index.html?
t=law&c=KH
Emerald Insight. (2023). Kundu, S. Digital literacy and privacy behavior: A cross-national
study. Emerald Insight. https://www.emerald.com/insight/content/doi/10.1108/JICES-03-
2022-0041/full/html
Human Rights Watch. (2021, October 4). Cambodia: Draft cybercrime law threatens rights.
https://www.hrw.org/news/2021/10/04/cambodia-draft-cybercrime-law-threatens-rights
International Telecommunication Union (ITU). (2020). Global Cybersecurity Index (GCI)
2020. https://www.itu.int/en/ITU-D/Cybersecurity/Pages/global-cybersecurity-index.aspx
Organisation for Economic Co-operation and Development (OECD). (2022). Enhancing
consumer protection in the digital age. https://www.oecd.org/sti/consumer/consumer-policy-
in-the-digital-age.htm
Privacy International. (2021). Data protection across borders: Cambodia country report.
https://privacyinternational.org
United Nations Conference on Trade and Development (UNCTAD). (2021). Digital economy
report 2021: Cross-border data flows and development. https://unctad.org/webflyer/digital-
economy-report-2021
European Union. (2016). General Data Protection Regulation (GDPR). https://eur-
lex.europa.eu/eli/reg/2016/679/oj
