PDP Act to be strengthened, govt invites public feedback

Among major amendments that have been proposed are expanding applications of the Act to data processors


THE Personal Data Protection (PDP) Act 2010 (Act 709) will be strengthened to address the gap found in the law compared to similar legislation elsewhere.

Communications and Multimedia Minister Gobind Singh Deo (picture) said the government is considering provisions to strengthen PDP, expand the jurisdiction of the existing system, and actions against parties who acquired or hold unauthorised personal data.

He said among major amendments that have been proposed are expanding applications of the Act to data processors, making it compulsory for data users to report any personal data leakage incident to the authority, extending the rights of the data subject and simplifying cross-border personal data transfer.

“These amendments are important to strengthen PDP in Malaysia, while ensuring the existing Act is in line with the revolution of the digital economy, technology, social and surrounding development,” the minister said in a statement yesterday.

He also said the amendments to improve the Act are in line with the growth of the digital economy and the importance of e-commerce.

Gobind said the ministry via the Department of Personal Data Protection (JPDP) has reviewed the Act 709 last year through the establishment of four working teams besides a series of workshops involving experts and professionals from the industry, regulator, government agencies and academics.

He further said the ministry has identified gaps and positions of Act 709 against PDP legislation in other countries such as in Asean, Japan, South Korea and the European Union with the General Data Protection Regulation.

He added that a public consultation will be conducted from Feb14 to Feb 28, where the public can access and provide feedback through the JPDP website https://www.pdp.gov.my/jpdpv2/.

Gobind said of the deliberation of the Act amendment framework will take place in March.

Malaysia was ranked fifth-worst in privacy protection among 47 countries studied by Comparitech.com, a UK-based technology research firm.

Malaysia scored 2.6 out of five, signalling the existence of safeguards but weak against all threats. Other countries in the rankings are Thailand (2.6), India (2.4), Russia (2.1) and China (1.8).

Comparitech.com said the introduction of the PDPA 2010 did increase Malaysia’s data privacy protection, but the laws need to be updated as technology advances.

A survey by Chubb of small and medium enterprises (SMEs) revealed that 84% of SMEs in Malaysia were affected by cyber incidents in the past year.