Posts by: FCL

Cloud Security Alliance Forum on Data Protection in the Cloud (Focus on Malaysia)

I will be speaking on “Malaysia PDPA & Its Application to Cloud Computing” in this event on 13 October 2022. ​ This presentation will cover the salient points of the Malaysian Personal Data Protection Laws in the context of cloud services, including application to the Cloud. The registration & program links can be found here. Registration is free.

Franchise Talk

Pauling Hee and I will be speaking about franchise laws in Malaysia. As some of you may be aware, franchises in Malaysia are governed by the Franchise Act 1998. This law restricts the sale and operation of franchises in Malaysia. In this talk, we will explore the uniqueness of Malaysian franchise practice.

To register, please click here.

Practical Tips in Tracing a Person Online

I will be speaking about the steps that can be taken to trace a person line. In this sessions, I will share some practical tips that I’ve taken to trace people online, particularly, for cases involving defamation and counterfeiting.

Screen recruits for informants programme, ex-IGP tells Putrajaya

I was asked by FreeMalaysiaToday to comment on the Government programme called “Kita Demi Negara”, a national security programme which will recruit thousands of people to act as the home ministry’s “eyes and ears” on the ground. I said-

Lawyer Foong Cheng Leong said false or incorrect reports would not only waste government resources but also negatively affect innocent citizens.

“Obviously, there will be repercussions for submitting false or misleading information, but the effects on the victim of such abuse may be greater.”

He said the ministry must establish a detailed code of conduct for members to abide by.

PM’s Telegram account hacked

I was asked by FreeMalaysiaToday to comment about the effect of the hacking of the Prime Minister’s Telegram account. I said-

Commenting on the matter, lawyer Foong Cheng Leong said the biggest concern in such incidents was the spread of misinformation and the scale of damage it causes.

“If someone uses the account to spread fake news, people could screenshot it and make it go viral. That’s the main danger,” he told FMT.

However, he said it was unlikely that the government would use such platforms when disseminating confidential information.

Power of online petitions: Working collectively to inspire change

I was asked by The Star to comment on legal matters concerning online petitions. I said-

Fact or fiction?

However, it’s important to verify the validity of a petition before supporting it, as not all petitions are based on facts.

Foong Cheng Leong, Bar Council Information Technology and Cyber Laws Committee [former] deputy chairman, urges people to be more wary about the information presented in a petition before signing or sharing one online.

Like in any other online post, the text in petitions has to be carefully worded so that they do not defame or affect the livelihood of anyone adversely.

“Petitions can be defamatory. A petition usually starts with an introduction using background facts, which can be untrue,” he says.

According to Foong, online petitions are treated the same as website posts in the eyes of the law.

“Perhaps the slight difference is that the court is able to see how many people have reacted to the defamatory statements by looking at the petition numbers,” he adds.

Foong explains that online petitions have no effect on legal proceedings and that public opinion is not valid in court for ongoing cases.

“The court bases its decisions on facts and evidence, not on public opinion. Courts are cautious when dealing with public opinion as not to equate it with the public interest,” he says.

..

Is it past time for Malaysia to establish its own official petition platform? Foong says it will be a good start, as it will allow issues to be raised with the government.

“In the olden days, people started petitions in the hope that the mainstream media would report it so that the relevant people would become aware of the issue,” he adds.

..

In the meantime, Malaysians who want to create an online petition will still have to rely on third-party platforms.

Foong urges anyone wanting to post a petition to be careful about how they phrase their concerns.

“Like in any other online post, the text in petitions has to be carefully worded so that they do not defame or affect the livelihood of anyone adversely,” he says.

Data of Malaysians born between 1940 and 2004 allegedly being sold for over RM40,000

I was asked by The Star to comment on the recent news about an alleged data leak containing the information of 22.5 million Malaysians born between 1940 and 2004, purportedly stolen from the National Registration Department (NRD).

I said-

Lawyer Foong Cheng Leong said the lack of transparency on investigations related to data leaks in Malaysia has been frustrating.

“There needs to be an account of how the matter is being investigated and what steps are being taken to ensure that the data is secure.

“The information could serve as a deterrent to others and show that there will be consequences for those leaking private information,” he said in a phone interview.

Foong urged fresh investigations to be conducted by the relevant agencies, including the Department of Personal Data Protection (JPDP) to discover if the leak was genuine.

When contacted, JPDP declined to comment at this point.

Foong said the data from the alleged leak could be used by scammers to dupe victims.

“For example, they could pose as an authority figure and present information such as your MyKad number or address to gain your trust.

“They will use this to convince you to give out more details or perform financial transactions,” he said.

Government Says Not Liable For Damages Over MySejahtera Data Use

I was asked by CodeBlue, a health care news portal, to comment on the recent debacle about MySejahtera App, particularly, on the disclaimer of MySejahtera’s terms and conditions. The term states-

DISCLAIMER
Government of Malaysia shall not be liable for any loss or damage caused by the usage of any information obtained from this Application.

https://mysejahtera.malaysia.gov.my/penafian_en/

Here is an extract from the article-

Intellectual property (IP) and information technology (IT) lawyer Foong Cheng Leong said the MySejahtera disclaimer does not allow the government to disclaim liability for negligence.

“This clause has no legal effect for damages and losses due to negligence claims,” Foong told CodeBlue. “Data breach is a form of negligence.”

He explained that the MySejahtera disclaimer means that the government cannot be held liable for loss or damages in incidents that do not involve negligence, such as wrongly reporting Covid-19 cases.

When asked if the government could be held liable, despite its disclaimer, if a private company somehow manages to get access to MySejahtera users’ personal data and uses it for marketing purposes, Foong replied in the affirmative, but said a data breach must first be proven.

He also pointed out that MySejahtera’s privacy policy merely states how the government treats one’s personal data on the app, but omits specifying its data retention policy, security measures, or government contractors handling the app. The only retention period mentioned by the app’s privacy policy relates to check-in data, which is 90 days, but nothing for other user data like personal details and medical and health information like Covid-19 diagnostics, close contact status, and blood pressure and heart rate readings.

“The privacy policy is scarcely explained.”

….

Foong said although the government may claim that MySejahtera data protection is in compliance with PDPA requirements (which the government is not legally subject to), the lawyer said the law just sets out the basics.

“Under the PDPA, the privacy policy has to be in a certain format, for example, describe what is collected, the purposes of collection, whether it’s obligatory to collect and if so, consequences for not providing those obligatory data. But no requirement to state what kind of security is provided, what is the retention time etc.”

In the intellectual property section of the App Store review guidelines for app developers, Apple requires app developers to ensure that their app “only includes content that you created or that you have a licence to use.”

This includes avoiding use of protected “third-party material such as trademarks, copyrighted works, or patented ideas” in the app. “Apps should be submitted by the person or legal entity that owns or has licensed the intellectual property and other relevant rights.”

Foong said this does not indicate that the Malaysian government, which is described on Apple’s App Store as the MySejahtera developer, owns the app and its IP.

“The app and content are different,” the lawyer said, adding that MySejahtera content includes things like user data, images, write-ups, charts, or source codes of the app.

BFM Podcast: THE MYSEJAHTERA APP: WHO OWNS WHAT?



The MySejahtera saga continues with uncertainty over the ownership of the app. Foong Cheng Leong, Intellectual property and information technology lawyer helps us untangle this complex web, reminding us of the importance of contracts.

Produced by: Moh Heng Ying
Presented by: Wong Shou Ning, Tan Chen Li, Philip See

1 2 3 36  Scroll to top