By: Sonny Zulhuda
It is official now, that the long-awaited personal data protection (PDP) Bill had been passed by the Malaysian House of Representative (Dewan Rakyat). I personally attended the debate that was held yesterday, Monday, 5 April 2010 in the Dewan Rakyat. I am particularly glad that I could make it to the Parliament to watch the passing of the Bill that had filled much of my research time since I was doing my Masters dissertation on PDP law back in 2000.
The debate that took place between 17.00 hrs-19.30 hrs was to me more than just a formality of legislative process. MPs from both sides took turn to present their views, experiences, concerns and arguments on many aspects of the law. Some took even lengthy time to establish their points, citing a number of provision of the Bill.
From opposition point of view, despite their agreement in principle for the need of such law, there are some few concerns raised, mainly:
- On the applicability of the law, they argue it should extend the application to the biggest data pool in the country, i.e. the Government (The law in section 3 excludes Federal & State Govts. from its application).
- Argument that the Commissioner should be answerable to Parliament instead of Minister.
- That the law provides too wide exemptions. One MP cited that this is not in line with the international standard as found in the EU Directive. (The latter only provides 3 exemptions).
- That time frame should be prescribed on certain obligations such as the retention period.
The ruling side maintains that the Government should be excluded from the application due to certain necessity that was not so elaborated though. Or maybe I just did not get what the argument was. But obviously I think this is the policy that has been opted by the Government. Or perhaps we can be assured that there are other laws or rules in place that would control the misuse of of personal data at the Government agencies.
The argument that PDP Commissioner should be answerable to Parliament was refuted on the basis that such manner would be a distortion from the established doctrine of separation of powers that is adopted by the Malaysian constitution.
Though not all the issues were elaborately responded or discussed, the Parliament finally went on to the voting and, as expected, majority of the attending MPs were in favour of the Bill. I could hear one or two people said ‘tidak’ (‘no’) when the Yang Dipertua Dewan Rakyat asked the MPs of their agreement to pass the Bill.
The Bill was finally passed without any change. The Bill draft can be downloaded from the Parliament website (see the link provided in my previous entry)
The debate ended with big smile in many faces. But, as some MPs were concerned, left some questions on the efficiency of its implementation in future. Well, let them and the government work it out and make the law a real gift for the people who have suffered enough for the abuse of their own personal data.
Since the PDP bill has been approved, who would be the implementation and enforcement ministry/agency/body? When will it be gazetted?
Hi. It’s been gazetted on 12 June 2010 but not yet enforced. The govt. will have to appoint a commissioner first (said to be in January 2011) then after that will determine the date of enforcement. Once it is fixed, the three-month grace period will apply. Cheers.
Hi, i love this topic a lot and it sounds interesting. Do mind to share your master dissertation with me to understand more as to i don’t attend the real debate?
However, you had provided me a good information but i need more information to come out with better understanding of this bill and what is other point of arguement if necessary.
I would appreciate if you could share more information with me. Cheers … ^_^
Hi.. you can visit IIUM library in Gombak to read my Master thesis 🙂 Meanwhile a new book is just recently launched on PDP Law in Malaysia. The author is Prof. Abu Bakar Munir of UM. Hope that helps.
I just would like to know which country’s law did we follow in legislating the PDPA. is it the EU?
Hi, thanks for dropping by. Though many from govt said that the Malaysian PDPA is a hybrid between EU and US style, but you would be forgiven to say that it adopted mostly the UK and Hongkong laws. And that is what I think.
There are few quesions that i need to ask if you dont mind:-
1. Retention of data – does it refers to hard copy and soft copy as well? what do you suggest if it is for medical service that sensitive data is to be retained?
2. Does a customer which is a company’s information be excluded here?
3. Can you give guidelines on how should we include the consent clause in a form for the personal data to be collected?
4. As auditting or troubleshooting a system in the company will gain access to the perosnal data, how to cover this area?
5. If 1 company is to acquisite another company which already is a data user, do the company still need to register a fresh registration under the new company’s name?
6. Does this also apply to employer-emplyee?
7. Whenver the Act mentioned about “necessary”, how can we define it?
Hi, thank you for your concerns and questions. Shall revert to them ASAP.
The new Personal Data Protection Act 2010 will seek to achieve certain objectives under the data protection paradigm. As a new Act, it is logical to expect the presence of persistent confusion within the public and industrial sectors with regards to the impact of the Personal Data Protection Act 2010 in the short and long term consideration. With proper understanding and consultation, it is hope that the Personal Data Protection Act 2010 will close the gap and accelerate Malaysia towards “Legal Appreciation and Transparency” by 2020 along the transformation programming tracks.
hi,nice to meet you here.I‘m intrested in PDP,how do you think about the bussiness opptunity in malayisa for next 3 years ? is it a mainstream to boom this market ?thank you for your answers in advance.
Hi. The law to date has not been enforced. But the industries have been watching this Act closely. I think in near future the opportunity is wide open..