Malayan Law Journal Articles
PRIVACY AND PERSONAL DATA PROTECTION IN THE MALAYSIAN COMMUNICATIONS SECTOR — EXISTING IN A VOID? PK Yong
Advocate and Solicitor LLM (Information Technology and Telecommunications Law) Introduction
Networks and services, which provide a secure environment, are fundamental to consumer confidence. This confidence rests on the premise that the privacy of communication is protected. At its basic core, this means respect for fundamental human rights of individuals in society. What is ‘privacy’ then? Is it the right to be merely ‘left alone’?1 Legal definitions of the concept are imprecise but it is clear that ‘everyone has the right to respect his private and family life, his home and his correspondence’,2 though this is usually limited by exceptions in the public interest of security. In this scenario, privacy will include relevant information that is generated in respect of individuals and the way such information is used. In this sense, the information or data that is generated is as much an integral feature of the protection of individual human rights as is the right of individuals not to be physically harmed in an unjust manner. In the context of communication networks and services, data protection to safeguard the privacy or human rights of individuals is developing rapidly across many countries but at different levels and areas of protection. In this article, we will analyse the regime under the Malaysian Communications and Multimedia Commission Act 1998 (‘CMA’). 5 MLJ ciii at civ
The Coming Constructs of Privacy and Personal Data Protection? At the outset, it must be mentioned that the concept of privacy is not a fundamental human right under the Malaysian Constitution.3 However, its importance has been recognised both, in a general sense as well as in the field of telecommunications.4 The Sector Ministry is presently engaged in drafting a new piece of legislation on personal data protection, which seeks to regulate the collection, possession, processing and use of personal data by any person or organisation to provide protection to an individual’s personal data and to safeguard the privacy of individuals. The objective, amongst others, is to provide ‘adequate security and privacy in handling personal information and create confidence among consumers and users of both networked and non-networked industries’.5 This therefore, envisages a more general legislation. It should be pointed out that a draft Personal Data Protection Bill6 (‘draft Bill’) was introduced in 2000, but subsequently withdrawn for further consultation and the same is expected to be reintroduced soon.7 5 MLJ ciii at cv
This Draft Bill envisaged the formation of a commissioner for personal data protection and a tribunal, who would be answerable to the Minister. The definition of ‘personal data’ is wide and includes the kind of data that is recorded and which can be processed either via automatic means or otherwise and which relates directly or indirectly to a living individual who is or is not identified, either from that information or partly from other information, which also includes opinions of third parties about the concerned individual and any indication of the intentions of the data user (controller) in respect of the individual. There are nine (9) data protection principles which relate to the manner of collection of personal data, the purpose of the collection, its use, disclosure requirements, accuracy, duration, access and correction possibilities, security of personal data and ascertainment of data users’ (controller) policies and information to be provided to a data subject.8 Azmi observed that the wide provisions in the exemption provisions lend credence to the view that privacy protection is a matter of ‘balance’ rather than any underlying notion of human rights. The author further argues that the draft bill essentially deals with procedural usage of data instead of fostering a...