Malaysian Personal Data Protection Commissioner publishes draft Codes of Practice

The Malaysian Personal Data Protection Commissioner has published the draft Codes of Practice for the banking and finance industry and also for the communications sector. Members of the public are invited to provide their feedback before 22 September 2015 by sending their comments to:-

Aras 6, Kompleks KKMM, Lot 4G9,
Jabatan Perlindungan Data Peribadi
Kementerian Komunikasi dan Multimedia Malaysia
Persiaran Perdana, Presint 4,
Pusat Pentadbiran Kerajaan Persekutuan,
62100 Putrajaya.

or email or fax to and 603-89117959 respectively.

PDF    Send article as PDF   

Bread & Kaya: Uber and GrabCar services legal in Malaysia?

Bread & Kaya: Uber and GrabCar services legal in Malaysia?

By Foong Cheng Leong
Aug 12, 2015

– The apps appear legal under current laws, but are the drivers?
– Public transport services need to be regulated to ensure they are safe

ON Aug 7, Malaysia’s Land Public Transport Commission (SPAD) announced on its Facebook page that it had seized 12 cars alleged to have been providing public vehicle services without a licence, under Uber and GrabCar.

SPAD said it would bring the matter to court.

This is not the first time the Commission has acted. According to a March 3 report in theSun, No escape for operators violating Land Public Transport Act, 39 private vehicles that were used to offer taxi-like services through different mobile applications like Uber, MyTeksi and Blacklane, were seized.

App-based transportation network companies such as Uber have been subject to ongoing protest and legal actions around the world. Uber has been banned in numerous countries such as Australia, India and Thailand, as well as certain parts of the United States.

GrabCar and Uber are essentially a service which connect users for rides on private cars. For the purpose of this article, I’ll focus on Uber which I am familiar with. I’ve used Uber when I was in the United States and Singapore.

If you’re wondering whether Uber and GrabCar services are legal in Malaysia, there is no express prohibition under the law to have software to connect users for rides on private cars.

According to a report in automotive portal, SPAD chairman Syed Hamid Albar said that existing laws are silent on mobile apps offering public transport services, and this meant that SPAD was finding it difficult to rein in foreign and local mobile apps such as Uber and GrabCar, which it claimed were offering illegal public transport services.

However, Uber and GrabCar’s positions are quite clear: They do not provide transportation services but merely connect their users with drivers.

In the Recital of Uber’s Transportation Provider Service Agreement, it is stated:

Rasier does not provide transportation services, and is not a transportation carrier. In fact, the Company neither owns, leases nor operates any vehicles. The Company’s business is solely limited to providing Transportation Providers with access, through its license with Uber, to the lead generation service provided by the Software, for which the Company charges a fee (“Service”).

In GrabCar’s Terms of Use, it states:

The Company is a technology company that does not provide transportation services and the Company is not a transportation provider. It is up to the third party transportation providers to offer transportation services to you and it is up to you to accept such transportation services.

However, the problem lies with the drivers providing the transportation services. Under Section 16 of the Malaysian Land Public Transport Act 2010 (Act), no person shall operate or provide a public service vehicle service using a class of public service vehicles unless he holds an operator’s licence issued under said Act.

A person is deemed to be operating or providing a public service vehicle service if he:

(a) uses or drives a public service vehicle of a class of public service vehicles himself; or
(b) employs one or more persons to use or drive a public service vehicle of a class of public service vehicles,

to operate or provide a public service vehicle service, and

(a) he owns the said public service vehicle; or
(b) he is responsible, under any form of arrangement with the owner or lessor of the said public service vehicle to manage, maintain or operate such public service vehicle.

Based on the above definition, Uber and GrabCar do not seem to fall within the scope. Hence, Uber and GrabCar apps are legal in Malaysia.

Notwithstanding that Uber and GrabCar apps are legal in Malaysia, are Uber and GrabCar’s drivers legal in Malaysia?

Uber and GrabCar drivers can legally provide public transportation service if they are licensed under the Act.

In fact, Uber’s Transportation Provider Service Agreement (PDF) states that an Uber driver (pic above) must “possess a valid driver’s licence and all licences, permits and other legal prerequisites necessary to perform rideshare or P2P (peer-to-peer) transportation services, as required by the states and/or localities in which you operate.”

From this agreement, it is clear that Uber requires its drivers to have a valid licence to provide “rideshare or P2P transportation services” which are essentially transportation services. Drivers without such a licence are committing an offence under Section 16 of the above Act, or can even be considered as breaching Uber’s own Transportation Provider Service Agreement.

Section 16 of the Malaysian Land Public Transport Act 2010 (Act) provides that any person, not being a corporation, who commits an offence shall, on conviction, be liable to a fine of not less than RM1,000 but not more than RM10,000, or to imprisonment for a term not exceeding one year, or to both. [RM1 = US$0.25]

The court may also order the vehicle to be forfeited to the Government under Section 80(4) of the Act.

In Reza Kianmehr v. PP [2013] 7 CLJ 265, Reza Kianmehr was convicted and sentenced to a fine of RM2,000 in default of two months’ imprisonment for the offence of operating a public service vehicle service (in local terms, kereta sapu) without a licence under Section 16 of the Act. His car was also ordered to be forfeited to the Government under the same Act.

The reason for regulating public transport service vehicles is simple. We need to make sure public transport is safe to the public. Details of drivers must be recorded and they must meet the minimum qualifications.

Those who escape the system are a risk to users and those on the streets.

Assuming an accident is caused by an unlicensed public transport vehicle driver where the passenger and person on the streets are injured, would the driver’s insurance cover such injuries, or even death?

First published on Digital News Asia on 12 August 2015

PDF Creator    Send article as PDF   

Sarawak Report should sue MCMC for blocking site, say lawyers

I was quoted by Malaysia Insider on their report “Sarawak Report should sue MCMC for blocking site, say lawyers” on 22 July 2015. The relevant extract is below.

However, personal data protection expert and lawyer Foong Cheng Leong told The Malaysian Insider that none of the provisions in the Communications and Multimedia Act 1998 explicitly provided for blocking access to sites.

In justifying its decision, MCMC on Sunday said it had acted according to Section 211 and 233 of the act. Both these sections provide for criminal prosecution against those who have been deemed to publish “offensive” content, or content that intends to “annoy” or “harass” any person.

Under both sections, an offender can be sentenced to not more than one year jail or RM50,000 fine, or both.

But Foong said the more relevant act that MCMC could have used to justify its action was Section 263, which said licensees, which were network providers, had the general duty to assist MCMC in preventing the network being in commission of any offence under Malaysian laws.

“This is the provision that is used to compel service providers to help block a website upon request by MCMC,” Foong said.

However, even this section did not explicitly provide for the blocking of a website.

Service providers are not obligated by law to cede to requests to block certain cites, but they normally comply with such requests since MCMC regulates their licences.

“It is possible to bring this matter to the court and challenge it, one possibility is to say that this is ultra vires what is provided for in the act itself,” Foong said.

Section 3 (3) of the same act states that the act does not allow for the censorship of the Internet, in line of the Multimedia Super Corridor (MSC) Bill of Guarantees, which promised the same.

“And because the act doesn’t explicitly provide for blocking of a website, one can also argue that MCMC is acting beyond its scope (with the block).”

There’s a slight clarification on the use of s. 263. If we look at MCMC’s notice, it did state that the blocking order is made pursuant to s. 263 of the CMA. The exact section is s. 263(2) of the CMA which provides the following:

(2) A licensee shall, upon written request by the Commission or any other authority, assist the Commission or other authority as far as reasonably necessary in preventing the commission or attempted commission of an offence under any written law of Malaysia or otherwise in enforcing the laws of Malaysia, including, but not limited to, the protection of the public revenue and preservation of national security.

The sentence “preventing the commission or attempted commission of an offence” is key here. No actual offence needs to be committed but an attempt is sufficient to enable MCMC to act against a website. The section does not expressly state “blocking order” but such blocking order is commonly used against unlawful websites such as pornography or drugs websites.

I made further comments in the Malay Mail in their article “Sarawak Report blockage shines light on ‘abusive’ MCMC powers” on this matter:-

Lawyer Foong Cheng Leong, who is well-versed with cyber law, said Section 263(2) has a wide scope and could be interpreted “very liberally” to mean that MCMC can ask ISPs to block a website even when no complaint or police report has been lodged.

“You don’t have to wait for the court to convict the person to block the website,” the KL Bar Information Technology committee chairman told Malay Mail Online when contacted, adding that even prosecution was not a requirement for the section to apply.

Foong said there is “room for abuse” as the MCMC can cite the broadly-worded clause to block websites without reasonable basis, but noted that website owners could seek legal remedy by attempting to have unjustified blocks declared unlawful and beyond the MCMC’s authority.

Both Foong and Amer Hamzah said there appears to be no tribunal available for website owners to appeal to and it is unclear whether the CMA’s Section 82 on resolving disputes through negotiation covers such cases.

The two lawyers suggested safeguards to curb any possible power abuses by MCMC under Section 263 (2), with both saying that the regulator should notify the website owner when it makes a written request to the ISPs to block the websites.

“If you look at the Home Ministry’s website, there is a list of books being banned. Why can’t we have say a list what kind of website has been banned?” Foong asked, adding that a clear avenue for website owners to appeal to the MCMC decision must be provided.

Foong said, however, that some curbs were justifiable, citing as example Islamic State militants’ propaganda as well as existing restrictions on pornography, gambling and drugs.

PDF Printer    Send article as PDF   

Business Development for Young Lawyers on 31 July 2015

I presented a seminar on business development for young lawyers. It was attended by 30 lawyers, chambering students and law students. I spoke about the concept of generating and converting leads, tips on having a successful networking conference, building your own database and online marketing.

After my talk, we had a group discussion by the participants which were broken down in group. The participants are required to discuss on how they are going to market their legal practice to clients and prospective clients. Each group came out with standard marketing methods and also very unique ideas. One suggested that instead of a legal conference to speak about law, they have a funfair for their clients with their family, and one suggested that they should have a YouTube video on what to expect in a medical negligence case with a scene where a family member actually died.

Download the Slides

PDF Download    Send article as PDF   


On 1 July 2015, the Personal Data Protection Commissioner published the Public Consultation Paper No. 1/2015. This consultation paper is intended to solicit feedback from the data users and data subjects relating to their understanding of the personal data protection.

In order to make the Standard for Personal Data Protection a reliable reference document, the Commissioner will merged three standards namely the Safety Standard, Storage Standard and Data Integrity Standard into one document.
According to the Commissioner, this step is in accordance with the requirements of the Personal Data Protection Regulations 2013 and the Personal Data Protection Act 2010. The feedback received through this public consultation paper will be analyzed and the results of this analysis will be used in the preparation of the final draft standard. The final draft will be presented to the 11 classes of data users before being registered by the Commissioner.

The feedback can be downloaded here (in Malay) and here (in English)


Free PDF    Send article as PDF   

PDC Seminar on Business Development for Young Lawyers on 31 July 2015

As part of its Professional Development Programme, the KLBC Professional Development Committee (PDC) is pleased to present the above Seminar by Foong Cheng Leong on 31 July 2015 (Friday) from 3:00 pm to 5:00 pm at the KL Bar Auditorium, 4th Floor Wisma Hangsam, No 1, Jalan Hang Lekir, 50000 Kuala Lumpur.

Areas to be covered

• Building your practice
• Getting your first client and expanding your clientele
• Specialisation
• Networking skills
• Improving presentation skills
• Client management

About the speaker
Foong Cheng Leong was called to the Malaysian Bar in 2005. He currently serves as the KLBC Information Technology Chairperson, Co-Chairperson of the Bar Council Information Technology and Cyberlaw Committee, Co-Chairperson of the Ad Hoc Committee of the Personal Data Protection and Deputy Chairperson of the Bar Council Intellectual Property Committee. He is regularly featured in the media notably over topics regarding intellectual property, cyberlaw, data privacy and the like. He also regularly presents at seminars and conferences.

REGISTRATION FEE (inclusive of 6% GST)

Pupils-in-Chambers / Law Students – RM31.80 per participant

Members of the Bar – RM63.60 per participant

Non-Members – RM106.00 per participant

Registration Must be Accompanied With Payment to Guarantee Your Place

Only 150 Seats Available. Click here to register.

PDF    Send article as PDF   

Malaysia amends law to hold publishers responsible for user comments

I was recently interviewed by PRWeek Asia regarding my views of the amendments of the Sedition Act 1948. My email interview is as follows:-

What power do these amendments give the Malaysian government against the tech giants?

Foong: Our laws may not reach foreign tech giants. However, with the new amendments to the Sedition Act and even under the Communications and Multimedia Act 1998, it is possible to block the websites of these foreign tech giants.

What could it cost them potentially to keep operating in Malaysia?

Foong: Possible problems: being criminally liable, servers and other electronic devices being seized as evidence, and so on, during investigation.

What are their options? Self-monitor like Tencent?

A self monitoring practice is possible but it will be costly and time consuming. Unfortunately, we do not have takedown notice provision (other than under our Copyright Act) or laws to protect intermediaries, hence monitoring is required in Malaysia.

One possible option is to have their operations moved out from Malaysia which is detrimental to our economy.

Do you think lobbying will change these amendments?

Foong: Lobbying for laws to protect intermediaries would be recommended. Other than affecting the freedom of expression, it also affects our digital economy. Foreign investors will have to think twice before setting up their operation and putting their servers here in Malaysia.

For the full article, please visit here.

PDF Creator    Send article as PDF   

Bread & Kaya: How the ‘new’ Sedition Act affects netizens

Bread & Kaya: How the ‘new’ Sedition Act affects netizens
By Foong Cheng Leong
Apr 08, 2015

– As with Section 114A, website hosts and FB page owners can be held liable
– Particularly thorny are comments left by others on your portal

BY the time you read this article, the Sedition (Amendment) Bill 2015 – which seeks to amend the Sedition Act 1948 – will be debated in Parliament. The Bill is now published on the Parliament of Malaysia’s website. Click here to download a copy.

The Najib Administration is seeking to update the 1948 Act to now cover electronic publications, and this article will focus on how these amendments may affect the netizens of Malaysia, and website operators in particular.

The purpose of introducing the amendments is stated in the Explanatory Statement of the Bill.

On the eve of Malaysia Day 2011, Malaysian Prime Minister Najib Razak pledged watershed changes to enhance the parliamentary democracy system in Malaysia. This pledge was reiterated in July 2012 and a decision was made to repeal the Sedition Act 1948.

“However, events since that date have demonstrated the continued relevance of the Sedition Act 1948 in tandem with recognition for the need for enhanced safeguards against its misuse to stem legitimate criticism of Government and discussion of issues of concern to Malaysians,” the explanatory statement reads.

“Among the issues of concern are the increasingly harmful and malicious comments, postings and publications that jeopardise that most valued ideals of Malaysia – tolerance and racial and religious harmony in a multiracial, multireligious and multicultural nation.

“Even more alarming are calls for the secession of States in the Federation of Malaysia established by the consensus of the peoples of Malaysia and unwarranted attacks against the sovereign institutions of Malaysia, the Yang di-Pertuan Agong and the Rulers of the States.

“It is against this background that the Government has decided to retain the Sedition Act 1948 (‘Act 15’) at this time with the addition of enhanced measures and penalties to deal with the threats against peace, public order and the security of Malaysia, in particular through the irresponsible misuse of social media platforms and other communication devices to spread divisiveness and to insult the race, religion, culture, etc. of particular groups of Malaysians without regard for the consequences,” it says.

The definition of seditious tendency will be amended. It will no longer be seditious to “bring into hatred or contempt or to excite disaffection against any Government, administration of Justice (our Courts).

It will be seditious to excite the secession of a State from Malaysia. It is seditious to insult our Rulers, and to promote feelings of ill will and hostility between different races or classes of the population of Malaysia and, with the new amendments, between persons or groups of persons on the grounds of religion.

The Sedition (Amendment) Bill 2015 creates liability to website operators (I use this term loosely as the Bill uses the words ‘any person’ and thus may include owner, host, editor and subeditor) such as online forums, online news portals, and even Facebook Page/ Group owners.

Sections 3 and 4 of the Bill introduce the words “caused to be published.” Under the newly amended Section 4(1)(c) of the Sedition Act 1948, a person who, among others, publishes or caused to be published any seditious publication is guilty of an offence.

The punishment is now “a term not less than three years but not exceeding seven years.” Previously, it was not exceeding three years and a fine.

So what does “caused to be published” here mean? It seems to cover a website operator who allows a comment to be published on his website (especially in the case where comments are moderated). This also covers a comment or a posting published on a Facebook page.

Further, pursuant to Section 114A of the Evidence Act 1950, the owner, host, administrator, editor or a subeditor of the website is the publisher of that comment – notwithstanding that such person is not the author of such a comment (unless the contrary is proven).

If the offence involves a publication of a seditious comment under the new Section 4(1A) – that is, published or ‘caused to be published’ any seditious comments which caused bodily injury or damage to property – the Public Prosecutor has a right not to allow bail. Such a person will languish in jail until his trial is over.

Further, the new Section 10(5) of the Sedition Act 1948 compels a person who knowingly has in his possession, power or control a prohibited publication by electronic means, shall remove or cause to be removed, such publication – failing which he shall be liable to a fine not exceeding RM500,000 (US$137,000) or imprisonment not exceeding three years, or both.

However, there are exceptions for a website operator if he can prove that the seditious publication was done:

– Without his authority, consent and knowledge and without any want of due care or caution on his part, or
– That he did not know and had no reasonable grounds to believe that the publication had a seditious tendency.

The first exception will not be applicable to a website operator who moderates comments because publication of a comment was done by his authority, consent and knowledge when he approved the comment.

It would however be applicable to an unmoderated website but such an operator must show that due care and caution had been taken.

Nevertheless, the second exception above will be of assistance to a website operator who moderates comments. However, it is difficult to determine what amounts to seditious nowadays (we need a compendium of sedition statements!).

A Sessions Court Judge, on the application by the Public Prosecutor, can make an order to prohibit the making or circulation of certain sedition publications (that are likely to lead to bodily injury, damage to property, promote feelings of ill will, etc., as per the new Section 10(1)).

Any person making or circulating the prohibited publication shall remove or caused to be removed that publication, or be prohibited from accessing any electronic device.

Any person who fails to do so shall be guilty to a fine not exceeding RM500,000 or to imprisonment not exceeding three years, or both.

If the person making or circulating the seditious publication by electronic means cannot be identified, a Sessions Court Judge can direct that such publication be blocked (under the new Section 10A).

[Note: This article is subject to amendments in the event that there are new facts or clarifications from the First Meeting of the Third Session of the 13th Parliament (2015)].

First published on Digital News Asia on 8 April 2015.

Create PDF    Send article as PDF   

BFM Podcast: Suing Illegal Downloaders

I was interviewed by BFM Radio to talk about illegal downloading of music, songs etc by internet users on 13 April 2015.

The makers of Dallas Buyers Club, the award winning movie starring Matthew McConaughey and Jared Leto, have been aggressively going after online pirates in the United States, Australia and now, Singapore. What set their legal strategy apart from similar efforts in the past, what are the implications for privacy rights, and will internet service providers in Malaysia have to surrender subscribers’ information as well if they extend their litigation to our shores? Intellectual property and privacy rights lawyer Foong Cheng Leong explains.

Your browser does not support native audio, but you can download this MP3 to listen on your device.

PDF Printer    Send article as PDF   
1 2 3 22  Scroll to top