By: Sonny Zulhuda
As the country was shocked by the recent incident of cyberbullying that had cost the life of a young lady in Klang Valley, people have been looking for some answers and solutions on how to deal with cyberbullying and to even prevent it.
This note was triggered when a local journalist texted me asking what laws we have in place that can be used against cyberbullying. The current legal framework in Malaysia that may be useful in cyberbullying incidents includes the following:
The Communications and Multimedia Act 1998 [Act 588] – section 211 (on the prohibition of the provision of offensive content with intent to annoy, abuse, threaten or harass any person); section 233 (on the improper use of network facilities, e.g. social media, to transmit obscene, indecent, false, menacing or offensive communications with intent to annoy, abuse, threaten or harass another person). These provisions have been relatively successful in prosecuting those who make or provide such offensive content/communications. Some specific set of intentions required to prove, e.g. “intention to annoy”, however, can be tricky. The effectiveness of these provisions becomes more difficult when the maker of the content is unknown. However, section 114A of the Evidence Act 1950 will normally be used to establish a presumption of publication on those who allow such comments on their digital platform.
Personal Data Protection Act 2010 [Act 709] – section 8 (on the principle of disclosure, for not to disclose personal data beyond its approved use and beyond its approved recipient). The penalties are quite deterrent in nature, i.e. 2-year imprisonment or RM 300,000 fines or both. Meanwhile section 42 provides for the right of data subject to prevent processing of his/her personal data if such processing (disclosure, publication, sharing etc) is likely to cause damage or distress. Section 108 also makes a distress as an important ground for the authority to serve an enforcement notice to any defaulting data controller.
However, this law for now only applies to commercial data users, not to individual content makers (which makes the most of cyberbullying cases). Also, even for a commercial data user, the Act provides wide coverage of exceptions that allow such disclosure of personal data to take place without infringing the data subject’s rights.
Penal Code [Act 574] – section 509 (on the utterance of any word intending to insult the modesty of any person). This provision is general enough to cover incidences of cyberbullying. But, the special mention of modesty may cover a narrower scope of cyberbullying. section 507A (An offence of Stalking: any act of harassment intending to cause distress, fear or alarm to any person of his/her safety). This is a newly introduced amendment to cover many incidences which are otherwise not a crime before. The act of harassment includes communication in any manner by any means such as digital communications. On the downside, this offence requires a “repeated” act, i.e. at least happens on two occasions. So, if there are ten people involved with cyberbullying, but each person only caused it once, this is not caught by section 207A.
Torts of Privacy – this is not a criminal legal action but may be a basis for personal compensation. However, our courts have not really agreed whether this can be the basis of a legal suit for personal compensation. Various cases have been treated differently. A recent High Court from KL High Cout case involving Genting company (2022) has further reaffirmed the necessity to protect the right to privacy and to interpret legislation in Malaysia in line with the right to privacy.
Way Forward
As we realise, those laws that we discussed each have strengths and weaknesses. The way forward, these laws would need improvement or amendment for better protection against cyberbullying. Here are some notes:
- Enhancing our PDPA 2010, to include non-commercial data users, as well as to impose more specific obligations to personal data processors. Because data users are often deprived of effective control of personal data when the data are shared with a third party.
- The offence of cyberbullying, eg harmful communications can be further introduced to complement the offence of stalking under the Penal Code. Alternatively, the requirement of repeated acts under section 507A should be repealed.
- While imposing too far over the internet intermediary is usually not helpful, we need their support to help identify the culprit behind harmful communications. Some preventive measures like the requirement of identification may be put, more specifically to those who wish to use the full features of the digital platform eg. comment section. But I hope the government can consider both the interest of public protection and open space for respectable expression.
- The use of Content Code should be made more efficient for the industries, both for the licensee and non-licensee. Also, a similar content code for individual users would be useful.
TRIBUTE 