Latest news with #DataSharingAct2025
The Star
6 days ago
- Politics
- The Star
Contradictheory: A buffet of personal data up for grabs?
It must have been about 25 years ago when I attended a talk about the power of integrating databases, and back then we were lucky governments hadn't quite figured it out yet. But obviously all that has changed now. The speaker was from Canada, and he illustrated the concept with an example: On one hand, the government struggled to catch welfare recipients who were quietly nipping across the border to work in the United States. On the other hand, it would have been trivially easy to catch them if someone just thought to cross-reference the welfare database with weekday border crossing records. The technology wasn't the issue. The stumbling block was getting different government departments to cooperate. But while this was an opportunity begging to be taken, the speaker also highlighted the potential dangers: The power inherent in data sharing, when coupled with the reach and authority of national governments, could lend itself to a wide scope of abuses. Which is precisely what is happening in the United States at the moment. Reports indicate that Elon Musk's Department of Government Efficiency (DOGE) has equipped agents with 'backpacks full of laptops, each with access to different agency systems... to combine databases currently maintained separately by multiple federal agencies'. Why are they doing this? Because DOGE wants to collate immigration data and cross-reference it with tax records, welfare claims, and even state voting records. According to critics, they allegedly want to target immigrants not just for tracking, but possibly for persuasion, prosecution, and persecution. Civil liberties groups are sounding the alarm, pointing out that this level of cross-agency integration is ripe for abuse. Truth is, this isn't something new or foreign for Malaysia. Back in 2018, politician Rafizi Ramli openly discussed how his startup, Invoke, was leveraging big data to support the then Opposition candidates. Using electoral roll data, phone polls, and surveys, they constructed detailed voter profiles based on age, postcode, gender, race, and religion to create a 'microtargeting' strategy to identify and win over swing voters with a 40%-60% chance of flipping. Fast-forward to today, and the government's interest in big data is no secret. From the MyDigital Blueprint to the freshly minted Data Sharing Act 2025, the rhetoric is all about 'digital transformation' and 'evidence-based policymaking'. Then in April, the Malaysian Communications and Multimedia Commission (MCMC) told telcos to hand over mobile network usage data, down to your call records, IP connections, and yes, your location coordinates. Failure to comply could result in a fine of RM20,000 or up to six months in official line is that this is for the 'generation of official statistics to support evidence-based policymaking' in the ICT and tourism sector. (Specifically, to identify the number of mobile broadband subscriptions, and to track the number of visitors and 'domestic tourist trips'.) The government assures us that all data handed over is anonymised and contains no personally identifiable information. But I've learned to be sceptical following alleged breaches that reportedly had data from millions of Malaysians in government databases being sold online. Now we are to trust the authorities when they say they want the data for policymaking? It's a bit of an overkill, like queuing up for an hour for a free plate of nasi kandar. (Which I have done before.) But why settle for a plate when you could have the whole buffet of personal information data? A tech news website said what many of us might be thinking: 'What just happened doesn't feel like planning. It feels like surveillance.' Local technologist and computer scientist Dinesh Nair was more colourful, labelling MCMC's explanation as (if I may paraphrase) horse excrement, noting that location data coupled with the time could be used to positively identify individuals. This isn't theory. We've known for decades how it's possible to do 'data re-identification'. In 1997, MIT computer scientist Latanya Sweeney famously cross-referenced public voter records with anonymised health data to identify then-governor of Massa-chusetts, Bill Weld. She even mailed him his own medical records as proof. And a few years later, I was reviewing drafts of what would eventually become Malaysia's Personal Data Protection Act (PDPA). While the PDPA was a good step forward in defining personal data rights – like requiring consent and allowing individuals to revoke it – it had one gaping hole: it doesn't apply to government entities. Section 3(1) of the Act explicitly exempts federal and state bodies. I was told at the time that government departments handled so much data, it would bog them down in red tape to comply. That was the official line. I suspect the unofficial thinking has evolved into: 'Why would we give up control of such a rich treasure trove?' Fixing this isn't hard. Step one: remove the PDPA exemption for government agencies. Just cross out a paragraph. Step two: appoint an independent oversight body where people can lodge complaints if their rights are violated. The latter's nearly in place, given that the current government has promised an Ombudsman Bill this year that could serve this very function. At the very least, amending the Act would allow us to point to a breach and say, 'That's illegal', instead of shrugging and saying, 'Well, it's the government. What can you do?' Because we were warned. We just didn't listen. In his fortnightly column Contradictheory, mathematician-turned-scriptwriter Dzof Azmi explores the theory that logic is the antithesis of emotion but people need both to make sense of life's vagaries and contradictions. Write to Dzof at lifestyle@ The views expressed here are entirely the writer's own.
New Straits Times
7 days ago
- Business
- New Straits Times
Transparency remains the issue when it comes to digital governance
Malaysia's digital governance is at a crossroads, navigating a delicate balance between epistemic sovereignty and potential government surveillance. Epistemic sovereignty pertains to the imperative of ensuring that its digital policies, historical narratives, and governance models are formulated by Malaysians themselves, rather than being prescribed by Western technology conglomerates, global institutions, or prevailing foreign ideologies. This encompasses the methodologies employed in data collection, processing, and regulation, as well as the shaping of media, education and national discourse. The question is no longer just about data security — but who holds the power to shape reality, Malaysia's digital governance has undergone significant changes over the years, with the Communications and Multimedia Act (CMA) of 1998 initially designed to foster a dynamic digital economy while promoting responsible online content management. Over time, however, regulatory mechanisms have been expanded, leading to greater intervention in cyberspace. The recent introduction of the Data Sharing Act 2025 exemplifies this shift. Designed to facilitate cross-agency access to anonymised datasets, the act aims to streamline governance and improve infrastructure planning. Yet, critics warn that such data-sharing mechanisms could be repurposed beyond their initial scope, opening the door for expanded digital oversight. History has shown that when governments gain access to large-scale data, it often leads to broader surveillance under the pretext of security or public order. Social media, a critical space for political discourse, has also come under increasing scrutiny. Misinformation, fake news and cyber slander pose undeniable risks to national stability. In response, Malaysia has tightened regulations governing social media platforms, requiring greater cooperation from tech companies in moderating harmful content. There is also growing concern that misinformation laws could become instruments of censorship, restricting dissent and alternative viewpoints. Amid growing concerns over data collection, Malaysia's major telecommunications companies have reaffirmed their commitment to customer privacy. A few telcos have issued statements clarifying that any data shared with the Malaysian Communications and Multimedia Commission (MCMC) is strictly anonymised and does not contain personally identifiable information. These assurances align with Communications Minister Datuk Fahmi Fadzil's statement that the government's request for mobile phone call data is solely for evidence-based policymaking and does not involve tracking individual identities. Nevertheless, critics argue that once large-scale data collection mechanisms are established, they can be expanded beyond their original purpose, potentially leading to greater oversight of online activities. The challenge for Malaysia is ensuring that data governance remains transparent and accountable. Malaysia's commitment to epistemic sovereignty — its capacity to regulate the generation and circulation of knowledge within its borders — has emerged as a pivotal element of its overarching geopolitical strategy within the Global South. Yet, the push for digital independence must be accompanied by institutional safeguards to prevent the erosion of fundamental freedoms. As Malaysia strengthens its own digital frameworks, the challenge is in ensuring that its pursuit of sovereignty does not align with authoritarian tendencies. The future of Malaysia's digital policies depends on its ability to balance governance with public trust. If epistemic sovereignty is to be a force for national empowerment rather than an instrument for suppression, several critical steps must be taken. First, transparency must be a cornerstone of digital governance. The government must publicly disclose the full scope of its data collection protocols, ensuring that anonymisation measures remain intact and protected from misuse. Second, independent oversight is imperative. Non-partisan commissions must be instituted to scrutinise government-led digital policies, ensuring that misinformation statutes do not metamorphose into instruments of political manipulation. A governance paradigm that prioritises public accountability will be instrumental in preserving trust in the state's management of digital liberties. Thirdly, Malaysia must disentangle data surveillance from misinformation regulation. While deceptive narratives and cyber propaganda represent legitimate threats, digital governance must guarantee that misinformation laws do not unduly suppress alternative perspectives. For Malaysia to truly establish an independent and transparent digital governance model, it must ensure that its digital policies empower open discourse rather than stifle it. Sovereignty should not equate to heightened state control over narratives but rather facilitate an environment where information can flow freely within a framework of accountability. The question remains whether Malaysia will embrace a transparent and democratic approach to epistemic sovereignty or whether its digital landscape will increasingly reflect patterns of state-led oversight seen across other nations. The coming years will determine whether Malaysia's digital future aligns with open governance or moves toward centralised control — a decision that will shape the nation's standing in the global discourse on digital freedom.
New Straits Times
12-06-2025
- Automotive
- New Straits Times
Task force calls for transport safety overhaul after deadly lorry crash
KUALA LUMPUR: The Transport Ministry has been urged to consider a series of intervention measures to enhance safety in public and freight transport, with a particular emphasis on heavy vehicles within both the commercial sector and government fleets. In its preliminary report on the fatal crash involving a Federal Reserve Unit (FRU) truck and a gravel-laden lorry, the Road Safety Investigation Special Task Force recommended greater enforcement of the Land Public Transport Commission's Industry Code of Practice – Safety (ICOP-Safety) among heavy vehicle operators. "Priority should be given to ensuring full compliance by government agencies and departments with the mandatory use of seat belts in all government-owned vehicles," the report stated. The task force also suggested that government agencies consider using buses for administrative and non-operational passenger transport, especially for official functions. Additionally, the ministry is urged to develop a centralised monitoring system for commercial vehicles, incorporating technologies such as the Global Navigation Satellite System (GNSS), dashboard cameras, and real-time tracking systems. "The installation of dashcams in government vehicles would allow for more comprehensive operational and safety oversight," it said. The report further recommended expanding the use of data recorders and other monitoring technologies in government-owned vehicles, subject to each agency's operational needs and safety protocols. On the legislative front, the task force stressed the need to strengthen provisions under the Land Public Transport Act 2010. This includes stricter enforcement of load limits, enhanced licensing and monitoring of operators, and regular safety and maintenance audits. It also proposed introducing mandatory self-inspection audits among industry players to ensure adherence to maintenance protocols, proper documentation, and compliance with scheduled audits. "All safety and maintenance records should be kept for at least seven years. A centralised database should be established and made accessible to the ministry, relevant authorities, and industry players in accordance with the provisions of the upcoming Data Sharing Act 2025," it said. This database should include records on driver performance and health, operator compliance history, and a real-time route monitoring system for heavy vehicles. The ministry is also encouraged to explore the integration of artificial intelligence in the management and operation of land public transport systems. Additionally, the task force recommended revisiting the proposal to establish the Malaysian Transport Safety Board (MTSB) as an independent body to coordinate transport-related investigations and formulate safety recommendations. On May 13, nine FRU personnel were killed in an accident involving a gravel-laden lorry and the FRU truck along Jalan Chikus Sungai Lampam in Teluk Intan. The victims were identified as S. Perumal, 44; Mohd Roslan Abd Rahim, 46; Mohd Pozli Jaudin, 41; Nurit A.K. Pandak, 34; Amiruddin Zabri, 38; Mohamad Hilmi Mohd Azlan, 38; Akmal Muhamad, 35; Damarrulan Abdul Latif, 33; and Akmal Wafi Annuar, 28.
The Sun
11-06-2025
- Business
- The Sun
MCMC order to share phone data sparks concern
PETALING JAYA: A recent directive by the Malaysian Communications and Multimedia Commission (MCMC) for telecommunications companies to share phone data has raised concerns over digital privacy, legal safeguards and potential misuse. While MCMC insists that the data is fully anonymised and used solely for national statistics, experts argue that the move raises serious legal and ethical questions. Technology, media, telecoms and data protection legal adviser Deepak Pillai said the key issues lie in how the data is anonymised and who handles that process. 'If the data is permanently anonymised before it is sent to MCMC, then it would not be considered personal data under the Personal Data Protection Act (PDPA) 2010. 'MCMC has stated that mobile operators may either anonymise the data themselves or provide raw data for MCMC to anonymise. The specifics of this process are important.' He warned of the risk of re-identifying anonymised data. 'It is unclear whether MCMC has access to information that could be used to re-identify individuals. 'If the data can be used, alone or with other datasets, to identify someone, it falls under the PDPA and must be treated accordingly.' ALSO READ: Govt collecting phone data to boost network coverage He highlighted a major legal loophole, namely that the PDPA does not apply to federal or state government bodies. 'Phone data is generally treated as personal data under the PDPA. But government agencies are not legally bound by the same data protection rules because the PDPA does not apply to them,' he said. Pillai argued that statutory bodies should not be exempt from data protection obligations, especially when handling personal data in a commercial context. He pointed to shortcomings in the Data Sharing Act 2025, which focuses on sharing public sector data but lacks clear standards for collecting, storing or disposing it. He recommended extending legal protections to cover public sector data handling and establishing an independent data protection authority to oversee government and private-sector practices. International Islamic University Malaysia Ahmad Ibrahim Kulliyyah of Laws senior lecturer Assoc Prof Dr Mahyuddin Daud echoed similar concerns. He said Malaysia lacks a clear legal definition of mass surveillance and proper oversight of how anonymised data is collected and used, even when it falls outside current privacy laws. 'While anonymised data may seem harmless, advances in data analytics make it increasingly possible to re-identify individuals. 'Modern analytics and the combination of datasets could heighten this risk. Laws and safeguards need to keep up.' He emphasised that there is a need for transparency in how such programmes are introduced and managed. 'People lose trust when policies are unclear and top-down. We need public engagement, clear explanations and independent checks on how data is anonymised. 'Even if data is used for policymaking, it must respect fundamental rights. Privacy is a constitutional right and should not be sacrificed for development.' He called for such initiatives to undergo parliamentary scrutiny and public consultation. 'Parliamentary oversight ensures that large-scale data collection, especially when it affects rights such as privacy or freedom of movement, is debated transparently. 'It also allows elected representatives to assess whether such measures are truly necessary and balanced. 'Public consultation allows experts to review and strengthen technical aspects, such as how data is anonymised or stored. This helps prevent missteps and builds public trust.' In response to public concern, MCMC clarified on Saturday that no personal data was accessed or shared, adding that phone data is fully anonymised and used solely to generate national statistics for policymaking. Its deputy managing director Datuk Zurkarnain Mohd Yasin on Monday said the data received is not considered personal as it cannot be used to identify or trace individuals.
Malay Mail
04-06-2025
- Business
- Malay Mail
Gunning to phase out analogue data, Gobind says Data Digitalisation Policy to be introduced next month
PUTRAJAYA, June 4 — The Digital Ministry will introduce a Data Digitalisation Policy next month to support the enforcement of the Data Sharing Act 2025 (Act 864). Minister Gobind Singh Deo said the policy, developed by the National Digital Department (JDN), will focus on enhancing data quality governance, data security, digital ethics, data storage and usage technologies, and promoting a digital culture in government administration and public service delivery. 'This is important because in order to succeed in areas like artificial intelligence (AI), we must ensure the data we use is in digital form, (but) many government datasets still exist in analogue formats such as images, audio, or hybrids,' Gobind told reporters after chairing the first meeting of the National Data Sharing Committee here yesterday. He said he has given JDN a three-month deadline to finalise the policy and hopes to present it to the Cabinet by July. The minister said the policy will be implemented not only at the federal level but also extended to state governments and local authorities, to ensure consistent data quality for effective policymaking and delivery of public benefits. 'Full digitalisation of government data will allow for better data sharing and analysis using AI, leading to more innovative and realistic cross-sector solutions,' he remarked. Gobind said that the Data Sharing Act 2025, which officially came into force on April 28, provides a structured legal framework for secure and efficient data sharing between federal ministries and agencies, which is expected to enhance public service delivery by allowing real-time data access, accelerating decision-making, and improving coordination without compromising government data security or personal privacy. 'This will lead to a more connected and data-driven government that benefits the people, safeguards their welfare, and drives economic growth,' he said. In fact, he said data sharing between agencies can also eliminate redundancy in data collection, reduce costs, improve public service efficiency, and strengthen public trust through transparency and accountability. 'Shared data ensures policies are planned and implemented based on accurate and up-to-date information,' Gobind said. The minister also expressed hope that state governments would introduce their own data sharing laws to enable effective integration with federal and local government systems. So far, he said the state governments of Penang, Selangor, and Sarawak have responded positively to the proposal. 'I will be visiting each state to discuss the matter directly with chief ministers and menteris besar,' he said. In his remark at the meeting earlier, Gobind said the National Data Sharing Committee, established under the Data Sharing Act 2025, is tasked with setting policy and strategic direction for public sector data sharing. 'We acknowledge the legal and technical challenges in data sharing between public agencies, states, and local authorities. Therefore, it is hoped that this committee will be able to streamline and facilitate secure inter-agency data sharing,' he said. — Bernama
