MCMC order to share phone data sparks concern

PETALING JAYA: A recent directive by the Malaysian Communications and Multimedia Commission (MCMC) for telecommunications companies to share phone data has raised concerns over digital privacy, legal safeguards and potential misuse.
While MCMC insists that the data is fully anonymised and used solely for national statistics, experts argue that the move raises serious legal and ethical questions.
Technology, media, telecoms and data protection legal adviser Deepak Pillai said the key issues lie in how the data is anonymised and who handles that process.
'If the data is permanently anonymised before it is sent to MCMC, then it would not be considered personal data under the Personal Data Protection Act (PDPA) 2010.
'MCMC has stated that mobile operators may either anonymise the data themselves or provide raw data for MCMC to anonymise. The specifics of this process are important.'
He warned of the risk of re-identifying anonymised data.
'It is unclear whether MCMC has access to information that could be used to re-identify individuals.
'If the data can be used, alone or with other datasets, to identify someone, it falls under the PDPA and must be treated accordingly.'
ALSO READ: Govt collecting phone data to boost network coverage
He highlighted a major legal loophole, namely that the PDPA does not apply to federal or state government bodies.
'Phone data is generally treated as personal data under the PDPA. But government agencies are not legally bound by the same data protection rules because the PDPA does not apply to them,' he said.
Pillai argued that statutory bodies should not be exempt from data protection obligations, especially when handling personal data in a commercial context.
He pointed to shortcomings in the Data Sharing Act 2025, which focuses on sharing public sector data but lacks clear standards for collecting, storing or disposing it.
He recommended extending legal protections to cover public sector data handling and establishing an independent data protection authority to oversee government and private-sector practices.
International Islamic University Malaysia Ahmad Ibrahim Kulliyyah of Laws senior lecturer Assoc Prof Dr Mahyuddin Daud echoed similar concerns.
He said Malaysia lacks a clear legal definition of mass surveillance and proper oversight of how anonymised data is collected and used, even when it falls outside current privacy laws.
'While anonymised data may seem harmless, advances in data analytics make it increasingly possible to re-identify individuals.
'Modern analytics and the combination of datasets could heighten this risk. Laws and safeguards need to keep up.'
He emphasised that there is a need for transparency in how such programmes are introduced and managed.
'People lose trust when policies are unclear and top-down. We need public engagement, clear explanations and independent checks on how data is anonymised.
'Even if data is used for policymaking, it must respect fundamental rights. Privacy is a constitutional right and should not be sacrificed for development.'
He called for such initiatives to undergo parliamentary scrutiny and public consultation.
'Parliamentary oversight ensures that large-scale data collection, especially when it affects rights such as privacy or freedom of movement, is debated transparently.
'It also allows elected representatives to assess whether such measures are truly necessary and balanced.
'Public consultation allows experts to review and strengthen technical aspects, such as how data is anonymised or stored. This helps prevent missteps and builds public trust.'
In response to public concern, MCMC clarified on Saturday that no personal data was accessed or shared, adding that phone data is fully anonymised and used solely to generate national statistics for policymaking.
Its deputy managing director Datuk Zurkarnain Mohd Yasin on Monday said the data received is not considered personal as it cannot be used to identify or trace individuals.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Malaysiakini

10 hours ago

• Malaysiakini

MCMC's phone data grab is not harmless

COMMENT | In 2018 and again in 2022, Malaysians voted for reform, demanding greater transparency, democratic rights, and a government that listens. That is why the public backlash to recent revelations about the MCMC mobile data request has been swift and entirely justified. According to local and international media reports, such as The Edge and South China Morning Post, MCMC issued directives to five major telcos requesting mobile phone metadata for the first quarter of 2025. The fields listed include anonymised user IDs (MSISDN), precise date and time stamps, base station identifiers, GPS coordinates, data type (calls or internet), service type (2G - 5G) and mobile country code. On paper, names or identity card (IC) numbers were excluded, but in practice, metadata is never truly anonymous.

Barnama

14 hours ago

• Barnama

Malaysia To Host GSMA M360 ASEAN From 2026 To 2028

GENERAL KUALA LUMPUR, June 20 (Bernama) -- Malaysia will host the GSMA M360 ASEAN event series from 2026 to 2028 under a multi-year strategic partnership signed between the Global System for Mobile Communications Association (GSMA) and the Malaysian Communications and Multimedia Commission (MCMC). The agreement, signed yesterday at the Mobile World Congress (MWC25) in Shanghai, names Malaysia as the official host nation for the M360 ASEAN series, with the inaugural edition to be held in Kuala Lumpur in September 2026. The collaboration marks a major step in positioning Malaysia as a regional hub for digital policy dialogue, industry innovation, and cross-border cooperation in Southeast Asia. MCMC Executive Chairman Tan Sri Mohamad Salim Fateh Din said the partnership is a long-term strategic investment in regional leadership. "Malaysia is committed to being a convening platform for high-impact conversations on the future of connectivity. M360 ASEAN will be a space where policy meets innovation, and regional priorities find global resonance," he said in a statement. The M360 ASEAN event is expected to bring together leaders from both the public and private sectors across Asia and beyond, focusing on key digital economy issues such as 5G evolution, connectivity, cybersecurity, and digital inclusion. Meanwhile, in the same statement, GSMA Chief Regulatory Officer John Giusti said the hosting of M360 ASEAN and this year's Digital Nation Summit reflects Malaysia's strong commitment to ASEAN's digital ambitions. "Hosting both this year's Digital Nation Summit and next year's M360 ASEAN in Malaysia underscores our strong support for the region's 2045 vision. "By bringing together governments, mobile operators, and technology innovators, we aim to accelerate collaboration, investment, and inclusive connectivity across all ASEAN countries, laying the foundation for a more resilient and people-centred digital future. We're excited to launch the inaugural M360 ASEAN in Kuala Lumpur in 2026!" he said.

Malay Mail

14 hours ago

• Malay Mail

Securities Commission intensifies crackdown on scams, adds 59 to investor alert list in just the first quarter of 2025

KUANTAN, June 20 — The Securities Commission Malaysia (SC) added 59 names to its Investor Alert List in the first quarter (1Q) of this year, said chairman Datuk Mohammad Faiz Azmi. He said this move is part of ongoing efforts to combat the increasingly rampant scams, alongside blocking fraudulent websites and social media pages. 'In 2024, we added 273 names to the Alert List, and in the 1Q this year, we added another 59,' he said during his opening remarks at the launch of the Bersama InvestSmart@Pahang 2025 programme. The event was officiated by Pahang Investment, Industrial Development, Science, Technology and Innovation Committee chairman Datuk Mohamad Nizar Mohamad Najib. Mohammad Faiz added that the SC also collaborates closely with the Malaysian Communications and Multimedia Commission (MCMC) to block these deceptive sites. 'Last year, we blocked 153 websites and 261 social media pages. In the 1Q, we blocked 29 websites and 91 social media pages. These numbers show how much illicit activity we are fighting daily,' he said. As of May 2025, he said, the SC had received 1,218 complaints and enquiries about scams. Mohammad Faiz also reminded the public to be cautious of scams that claim to be Shariah compliant, using religious sentiment to gain trust. Bersama InvestSmart@Pahang 2025 is a three day programme starting today, bringing together government officials, capital market industry players, and regulators under one roof as part of the SC's investor outreach initiative. More than 40 exhibitors are participating in the event, themed 'Bijak Labur, Hidup Makmur'. — Bernama