By: Sonny Zulhuda
This week I am invited by one Malaysian cybersecurity prominent practitioner and former CEO of the country’s top cyber security agency Prof. Dato’ Dr. Husin Jazri to discuss and record for his channel at ESPC. The event is called “Focus Interview with Prof Jazz”.
The topic of the discussion is privacy in Malaysia. Here are some key points prepared for me to discuss:
Can you list the top three main privacy issues in Malaysia?
There are few top issues in my mind, but these are my top three: Firstly Governments-processed personal data in Malaysia is still not governed by any comprehensive data protection law. This will always be a big hole in Malaysia’s data protection legal landscape. Secondly, there has been an overuse of citizens’ identification cards which open up spaces for hugely potential abuses of personally identifiable information (PII) in Malaysia. Thirdly, there has been considerable uncertainty over the civil remedies as a result of privacy intrusion.
How do you compare GPDR with PDPA? Any chances of mapping PDPA to GDPR?
The European General Data Protection Regulations (GDPR) which was enforced in 2018 had changed the international legal and regulatory landscape on the processing of personally identifiable information not only in the Europe but also in the world. Those changes are for better protection of people. I believe there are many new norms that should be considered in Malaysia especially the risk-based approach to data protection. That is why rules on Privacy by Design/Default (PbD), Privacy Impact Assessment (PIA), Data Breach Notification (DBN) and Data Protection Officer (DPO) are all good ideas to move forward.
How good is the citizen’s right to privacy in Malaysia? How do we progress from here?
Compared to year 2003 when we had the first court case on privacy right, we are progressing. But I can say that the law on right to privacy is still not mature in Malaysia. However, Federal Court’s decision in 2010 on the constitutional interpretations relating to privacy right has done some help.
Is there any international standards to follow and comply with with regard to citizen’s privacy?
There are some, like the Universal Declaration of Human Rights, ICCPR, GDPR, Convention 108, APEC Privacy Framework, and the ISO 29100, ISO 27701. The combination of all these legal and non legal instruments are indeed helpful to guide Malaysia further to improve citizens’ privacy.
Can compliance with privacy right improve living standards and provide an economic advantage?
Yes. It will enable a trusted legal system and commercial activities knowing that consumers’ personal information will be safeguarded. Digital transactions will flourish, digital payment will follow on. More innovations will emerge and eventually, the digital economy will prosper.
Since you are from IIUM, can you explain briefly privacy rights in Islam? How much different as compared to western standards?
Privacy is a universal value in the sense that everyone inherently possesses dignity and deserves respect. Islam put a very stern warning for those who cause injustice and aggression to others in all respect: safety, economy, and even right to life. Privacy is very much part of all those. Islam told Muslim families to educate their children on privacy since their early childhood. More religious injunctions are there from both Quran and Hadith on the importance of preserving others’ dignity, secret life, communications, transactions and businesses. In social life, surveillance, spying and spreading rumours about others are considered serious sins.
Your advice on legal and policy measures to improve privacy?
First, we need to keep on improving our PDP law and move towards more enforcement. We also need to address concerns about the government’s processed personal data in term of more transparency and governance. More safeguards are needed to protect children personal data. And more synchronised privacy-security measures and laws are necessary. The bottom line is very important: A continuous education on citizens about digital privacy.