Bread & Kaya: A look at Malaysian cyberlaw cases
Foong Cheng Leong
Feb 17, 2014
– A summary of the plethora of Malaysian cases involving the online world in 2013
– The Government still needs to look at legislation to address many other issues
Bread & Kaya by Foong Cheng Leong
I HAVE been summarising some interesting cases related to online disputes from around the world every year since 2011.
Compiling legal cases is a hobby of mine. I recently published a compilation of Malaysian trademark cases under the title Compendium of Intellectual Property Cases – Trade Marks. This book consists of 70 reported and unreported Malaysian trademark cases.
The year 2013 was one packed with an unprecedented number of legal cases concerning the Malaysian Internet sphere so much so that I have enough cases for one full article!
Facebook and Twitter
Facebook and Twitter related lawsuits have flooded the Malaysian Courts.
In National Union of Bank Employees v Noorzeela Binti Lamin (Kuala Lumpur High Court Suit No. S-23-NCVC-14-2011), the plaintiff initiated an action against the defendant for posting alleged defamatory comments on her Facebook page.
The defendant denied making such comments on Facebook, and claimed that his sister operated the Facebook account, also testifying that “maybe someone hack[ed] my Facebook [account].”
The defendant further contended that the plaintiff had failed to take any steps to check the details of the owner of the Facebook account or the Internet address with the Facebook administrator to confirm that the account belonged to the first defendant.
Notwithstanding this evidence, the defendant admitted in her Statement of Defence that she had published the comments. As a result, the court held that she was bound by her pleadings and therefore could not dispute that she did not post the comments.
In Dato Seri Mohammad Nizar Bin Jamaluddin v Sistem Televisyen Malaysia & Anor (Kuala Lumpur High Court Suit No: 23 NCvC-84-07/2012) , the plaintiff, a well-known politician, filed an action against the defendants for defaming him through the first defendant’s television news report of materials regarding the plaintiff’s tweets on his Twitter account.
The plaintiff alleged that the news report wrongly accused him of making the allegation that the Sultan of Johor had used public funds to bid for car plate number WWW1.
The High Court held that the plaintiff’s tweets, read and understood by any reasonable man, clearly insinuated that the Sultan of Johor had used public funds for the WWW1 bid. Thus, the court held that the defendants succeeded in their defence based on justification.
However, the court held that the defendants did not practise responsible journalism because they failed to verify the truth of his tweet messages with the plaintiff, or to obtain his comments on the matter.
It said the defendants’ publication was lop-sided, leaning towards giving a negative impression about the plaintiff, even before the police completed their investigations. The court also stated that there should be freedom on the part of the plaintiff to tweet his personal messages on his own Twitter account for as long as the laws on defamation and sedition, and other laws of the land, were not breached.
Mohammad Nizar also initiated legal action against Malay-language daily Utusan Malaysia for allegedly misreporting his tweets (see Datuk Seri Mohammad Nizar Jamaluddin lwn. Utusan Melayu (M) Berhad  1 LNS 592). He succeeded and was granted, among others, damages of RM250,000.
The learned High Court Judge also commented that Utusan Malaysia did not practice responsible journalism.
In Salleh Berindi Bin Hj Othman v Ruslili Nurzahara Hassan (Kota Kinabalu High Court Suit No. BKI-23-1/6-2012), Salleh, a schoolteacher, sued his colleague for damages of RM1 million for publishing three photographs of him on his colleague’s Facebook page. The photographs showed Salleh sleeping on a sofa in the teacher’s room.
Similarly, Salleh also sued his other colleagues for the sum of RM10 million for posting several entries and comments on their Facebook pages (Salleh Berindi Bin Hj Othman v Abdul Hamid Ahmad & 4 Others (Kota Kinabalu High Court Suit No. K-22-134-2011)).
Salleh failed in both suits.
In Nor Hayati Binti Ali v Wan Nuredayu Binti Wan Shaharuddin & Ors (Kuantan Sessions Court Civil Suit No. 53-218-2012), the Kuantan Sessions Court granted a modest sum of RM20,000 against the first defendant for defaming the plaintiff on Facebook.
The use of Facebook pages as evidence in court is becoming the norm these days. However, such evidence is not always acceptable.
In Tan Swee Ean v Adrian Tan Soon Beng & Anor (Penang High Court Divorce Petition No. 33-295-201), the High Court rejected a wife’s allegation that his husband had committed adultery based on pictures downloaded from a Facebook account belonging to the wife’s friend. The Court held that such pictures are hearsay.
Sex bloggers ‘Alvivi’ (Alvin Tan Jye Yee and Vivian Lee May Ling) were charged under Subsection 4 (1)(c) of the Sedition Act 1948, Penal Code, and Subsection 5(1) of the Film Censorship Act 2002 for displaying pornographic pictures on their blog and posting their controversial ‘Bah Kut Teh’ picture on their Facebook page, which allegedly insulted Muslims during the holy month of Ramadhan.
In 2011, Sri Muda state assemblyman Mat Shuhaimi Shafiei was charged with sedition over a blog post which allegedly insulted the royal institution. He challenge the constitutionality of S. 4(1)(c) of the Sedition Act 1948 but failed in the Court of Appeal as reported in Mat Shuhaimi bin Shafiei v Pendakwa Raya.
His appeal to the Federal Court is now pending.
Pro-Umno blogger ‘Papa Gomo’ was also ordered to pay a businessman RM500,000 in damages over a defamation suit.
Notwithstanding the introduction of Section 114A (which makes website operators liable for their users’ posts), there were not many lawsuits taken against forum owners.
However, in Gloco Malaysia Sdn Bhd v Lam Ming Yuet (Shah Alam High Court Suit No. 22NCVC-1284-10/2012), the plaintiff sued its former employee for posting her experience working with the plaintiff on the popular forum LowYat.net.
The High Court dismissed the plaintiff’s action on, among others, the grounds that such postings were not defamatory.
The Enforcement Division of the Ministry of Domestic Trade, Cooperatives and Consumerism, with the help of other authorities, arrested the operator of JIWANG.org for hosting links to music, television shows and movie files via the website JIWANG.org.
Interestingly, one can be arrested for hosting links instead of hosting the content itself!
In the past, the Malaysian courts have referred to Wikipedia articles as evidence or guidance.
However, in Ganga Gouri ap Raja Sundram Mohd Faizal Bin Mat Taib (Kuala Lumpur Civil Suit No. 21 NCvC-168-07/2012), the High Court rejected evidence from a Wikipedia page used to rebut an expert’s testimonial.
The Court highlighted that Wikipedia has a legal disclaimer stating that “Wikipedia does not give legal opinions. There is absolutely no assurance that any statement contained in an article touching on legal matters is true, correct or precise.”
In Mycron Steel Berhad v Multi Resources Holdings Sdn Bhd (High Court Suit No: KCH-22-80-2011), the High Court declined to take judicial notice of an economic downturn based on an extract from Wikipedia on a write-up titled Subprime Mortgage Crisis because it was not evidence adduced at the trial or an authored publication on the subject.
However, in Lee Lai Ching v Lim Hooi Teik  1 LNS 18, the learned High Court Judge downloaded a Wikipedia page relating legal issues on parental testing in other jurisdictions.
Although Malaysia had a plethora of cyberlaw cases flooding its courts in 2013, we can see that there are many issues that our laws have not specifically dealt with. Our Government has yet to come out with legislation or regulations to deal with issues such as:
1) Instigating netizens or setting an online mob against a person with intent to hurt that person through bodily harm or damage to reputation. We have seen many cases where Facebook pages or blogs were set up to set upon angry netizens against a person.
2) Cyberstalking and publication of images of young girls on a blog without their consent (although I would argue Copyright Act 1987 applies). See my previous Digital News Asia (DNA) article here.
3) Disseminating gruesome images of victims. See my previous DNA article here.
4) A law to absolve electronic platform providers (e.g. forums) from liability when a user makes an unlawful posting. The United Kingdom has introduced the Defamation Act 2014 to protect operators of websites.
5) Guidelines for Internet service providers (ISPs) to follow before a website can be blocked from access by the general public. Instead of allowing the Government or ISPs to arbitrary block websites without notifying the public, there should be a rule to make any decision to block a website published in the Government Gazette and any party may challenge such a decision unless there are good reasons to exempt such publication (e.g. for national security reasons). The arcane Printing Presses and Publications Act 1984 has similar provisions and I don’t see why we can’t have the same thing for blocked websites!
First published on Digital News Asia on 17 February 2014.
I was quoted by Sin Chew Daily in this article “【更新】免權益受影響‧消費人應回覆通知書“.
I was quoted by Rakyat Post in their article “Personal Data Protection Act 2010: Our details are worth protecting.
Personal Data Protection Act 2010: Our details are worth protecting
The Personal Data Protection Act 2010 intends to protect personal data and stop it from being distributed.
THE Personal Data Protection Act 2010 is necessary because personal data is often the cause of constant unwelcome calls from companies, and can be used by malicious people to break into networks.
Personal Data Protection Department Deputy Director-General Dr Zainal Abidin Sait said personal data used in commercial transactions had value while personal data available online may not.
“My name on Facebook would not be useful for marketing. I don’t give my real information in Facebook, but in commercial transactions, I give my real name, my real data.”
He said there were penalties for those who did not adhere to the law, but that was not the reason the law was gazetted.
“The intention of this law is not to issue summonses to people. The intention of the law is to ensure the personal data of all Malaysians, which is collected from all over the place by these agencies, is managed properly and systematically.”
Zainal Abidin also said the PDPA would not hamper doctors and banks.
This is because for doctors, processing without consent can still be carried out with conditions, while banking transactions made via contracts do not fall under the law.
Solicitor Foong Cheng Leong said laws similar to the Personal Data Protection Act (PDPA) 2010 had been implemented around the world.
“But in Southeast Asia, we are the first to come up this law. Singapore has a similar law. It came after ours, but came into force earlier than us.”
Foong is a lawyer focusing on Intellectual Property, Information Technology, Internet, Social Media and Cyber laws, Franchise, Privacy and Data Protection laws.
In the past, people had been selling personal data without repercussions, but that will all change now.
“The new law is to protect personal data and stop it from being distributed. Now under the law, it is subject to consent. If individuals want to receive all these things, then they (the companies) can send. Otherwise they can’t,” Foong said.
Websense Inc Asia Pacific Sales Engineering Director William Tam pointed out that personal information was highly valuable, not just to sell insurance or credit cards.
“When we look at what happened at many large retailers over the years, such as TJ Maxx and Target, personal data was pure gold to people with a malicious intent.”
He said cybercriminals were not just after credit card details as even simple personal contact details could be used in social engineering to create a very powerful lure that could be the way into a company’s network and lead to a highly targeted attack.
“Once individuals understand their rights under the PDPA, they can be the key driving force in encouraging businesses to comply with the same standard.”
There is no need for the Personal Data Protection Act 2010 because customer information is already treated with complete confidentiality, say stakeholders.
THE Personal Data Protection Act 2010 is unnecessary for the banking and health industry. It also hinders insurance agents and marketers in conducting their business.
Although banks will comply with the Act, Association of Banks in Malaysia (ABM) Executive Director Mei Lin Chuah said it was already common practice in banks to respect the personal data of those who bank with them.
“All this while, our members have taken the necessary steps to ensure that customer information is treated with the greatest of confidentiality as a matter of policy which, in a certain fashion, has now become a requirement of law.
“Our member banks have in place controls and systems to ensure that customer information is kept confidential at all times.
“Further to this, banks have their strict internal rules on confidentiality and information security which all bank employees must abide by. Failure to comply with the internal rules will lead to disciplinary action against the employee,” said Mei.
Malaysian Medical Association (MMA) President Datuk Dr N.K.S. Tharmaseelan said including doctors under the Act was redundant. It was unfair to slap them with a fine as no announcement on this had been made earlier, he added.
“The Commissioner of the Personal Data Protection Department did not send out any circular whatsoever to inform doctors about this registration exercise, but still expects all to know,” said Dr Tharmaseelan in a statement.
“Doctors were given till Feb 15, 2014 to register or be slapped with a fine of RM500,000.
“It appears redundant as the doctors are strictly regulated by MMC on confidentiality. Doctors now have to face this additional burden.
“Doctors have always been guided by the Hippocratic Oath since the birth of modern medicine, but now we have a law which has become a hippopotamus that will run through our practice.
“This was another law passed without consulting stakeholders, in this case doctors. But we hope common sense will prevail and an exemption is granted,” said Dr Tharmaseelan.
Insurance agents, direct sellers and telemarketers rely on gathering personal information to find customers.
“Basically, information about people can’t be passed around any more without their permission,” said an insurance agent who did not want to be named.
The Act made it more difficult to initiate contact with a person through the telephone, which is known as “cold calling”, and is often done using bank databases sold by middlemen.
“When you apply for a loan or credit card, whatever information you give them is what these databases will contain,” said the agent, adding that direct sellers and telemarketers relied heavily on such databases to make sales.
The Malaysia Personal Data Protection Commissioner (Commissioner) has published two (2) proposal papers namely:-
(1) Guideline on Compliance for Personal Data Protection Act [No 2/2013]; and
The Proposal Paper No 2/2014 sets out the proposed steps to be taken to comply with the Personal Data Protection Act 2010 (PDPA) whereas the Proposal Paper No 3/2014 confirms that employer-employee relationship is governed by the PDPA. Any comments on the Proposal Paper may be submitted to the Commissioner before the prescribed deadline. Copies of the proposal papers are enclosed.
Further, the Commissioner has also uploaded a complaint form on the Commissioner’s website. Data subjects may now file complaints to the Commissioner directly.