Social Media

Seminar on GET WIRED! Updates on Tech Laws and Cyber Security (24 Aug 2017)

The Bar Council Information Technology and Cyber Laws Committee is organising a seminar focusing on the important aspects of information technology (“IT”) and cyber law on 24 August 2017.

In this seminar, I will speak on the topic of “Practical Steps in Tracing a Person Online“. I will speak on keyword search investigation, and discovery orders and cases relating to discovery orders against data processors.

The other topics would be “Search and Seizures of Computers — Advising Clients” by Ravin Vello, “Wrap n Snap: Technology IP Mash-up” by Suaran Singh and “Overview of Malaysian Cyber Laws and Latest Updates” by Deepak Pillai.


Click on image to enlarge

You may register for the event at here

Bread & Kaya: Are WhatsApp admins going to jail?

Bread & Kaya: Are WhatsApp admins going to jail?

By Foong Cheng Leong | May 02, 2017

– Two key elements in s. 233 are not fulfilled by a group chat admin
– To use s. 114A to attach liability on a group chat admin is stretching s. it too far

I REFER to the recent news reports stating that the Honourable Deputy Communications and Multimedia Minister Jailani Johari announced that group chat admins can be held accountable under the Communications and Multimedia Act 1998 (CMA) if they fail to stop the spread of false news to its members.

With due respect to the Honourable Deputy Ministry, the CMA, in particular s. 233 of the CMA, does not attach any liability to an admin of a group chat admin for spreading “false news”.

For ease of reference, I reproduce s. 233 of the Act:-

233 Improper use of network facilities or network service, etc

(1) A person who-

(a) by means of any network facilities or network service or applications service knowingly-

(ii) initiates the transmission of,

any comment, request, suggestion or other communication which is obscene, indecent, false, menacing or offensive in character with intent to annoy, abuse, threaten or harass another person; or

(b) initiates a communication using any applications service, whether continuously, repeatedly or otherwise, during which communication may or may not ensue, with or without disclosing his identity and with intent to annoy, abuse, threaten or harass any person at any number or electronic address,

commits an offence.

(2) A person who knowingly-

(a) by means of a network service or applications service provides any obscene communication for commercial purposes to any person; or

(b) permits a network service or applications service under the person’s control to be used for an activity described in paragraph (a),

commits an offence.

(3) A person who commits an offence under this section shall, on conviction, be liable to a fine not exceeding fifty thousand ringgit or to imprisonment for a term not exceeding one year or to both and shall also be liable to a further fine of one thousand ringgit for every day during which the offence is continued after conviction.

The offence under s. 233(1) of the CMA is committed by a person who uses any network facilities or network service or applications service knowingly makes, creates or solicits and initiates the transmission of an offensive communication with intent to annoy, abuse, threaten or harass another person. Two key elements in s. 233 are not fulfilled by a group chat admin namely “knowingly make or initiates the offensive communication” and “with intent to annoy, abuse, threaten or harass another person”.

As for s. 233(2), liability is only attached to a person who knowingly provide or permits an applications service to provide any obscene communication for commercial purposes. This is also not applicable to the present case.

It is noted that s. 114A of the Evidence Act 1950 provides for three circumstances where an Internet user is deemed to be a publisher of a content unless proven otherwise by him or her. The relevant section, namely s. 114A(1), states that “A person whose name, photograph or pseudonym appears on any publication depicting himself as the owner, host , administrator, editor or sub-editor, or who in any manner facilitates to publish or re-publish the publication is presumed to have published or re-published the contents of the publication unless the contrary is proved”.

In simple words, if your name, photograph or pseudonym appears on any publication depicting yourself as the aforesaid persons, you are deemed to have published the content.

To use s. 114A to attach liability on a group chat admin is stretching s. 114A too far. It must be highlighted that s. 114A was introduced to “provide for the presumption of fact in publication in order to facilitate the identification and proving of the identity of an anonymous person involved in publication through the internet” (Explanatory Statement of Evidence (Amendment) (No. 2) Bill 2012). Common sense would dictate that a group chat admin is not a publisher of their member’s messages.

In fact, in the Delhi High Court case of Ashish Bhalla vs Suresh Chawdhury & Ors, the Court held that:-

Similarly, I am unable to understand as to how the Administrator of a Group can be held liable for defamation even if any, by the statements made by a member of the Group. To make an Administrator of an online platform liable for defamation would be like making the manufacturer of the newsprint on which defamatory statements are published liable for defamation. When an online platform is created, the creator thereof cannot expect any of the members thereof to indulge in defamation and defamatory statements made by any member of the group cannot make the Administrator liable therefor. It is not as if without the Administrator‟s approval of each of the statements, the statements cannot be posted by any of the members of the Group on the said platform

Perhaps the Honourable Deputy Minister should clarify which section in the CMA attaches liability to a group chat admin to avoid further confusion and panic to group chat admins.


First published on Digital News Asia on 2 May 2017.

BFM Podcast: LANDMARK #4: FACEBOOK

Subsequent to my update on the Malaysian 2016 cyberlaw cases, I was interviewed by BFM Radio to talk about general laws applicable to social media in Malaysia on 13 April 2017. I also covered the rules applicable to your digital data after your death and how to manage them in preparation of your death.


Who owns the pictures you post on Facebook? Can comments you post on Facebook be used against you in court, even after it is deleted? How is defamation defined on social media? On this episode of Landmark, a series exploring how the law shapes society and vice versa, lawyer Foong Cheng Leong talks us through recent rulings involving the social media platform and explains where the law currently stands when it comes to Facebook.

Your browser does not support native audio, but you can download this MP3 to listen on your device.

Feedback to the proposed Personal Data Protection (Transfer Of Personal Data To Places Outside Malaysia) Order 2017

The Malaysian Personal Data Protection Commissioner (Commissioner) has published the Public Consultation Paper (PCP) No. 1/2017 (click to download) entitled Personal Data Protection (Transfer Of Personal Data To Places Outside Malaysia) Order 2017 (“Order”). The public consultation is intended to solicit feedback from data users and/or relevant parties pertaining to the whitelist places for transfer of personal data outside Malaysia. This step is in line with the requirements of subsection 129(1) of the Personal Data Protection Act 2010 [Act 709]. The Order is a ‘living document’ in which, as and when required; addition of places to the list will be done accordingly. Among the criteria considered by the Commissioner in preparing a list of those places are:

i. Places that have comprehensive data protection law(can be from a single comprehensive personal data protection legislation or otherwise a combination of several laws and regulations in that place);

ii. Places that have no comprehensive data protection law but are subjected to binding commitments(multilateral/bilateral agreements and others);

iii. Places that have no data protection law but have a code of practice or national co-regulatory mechanisms.

The Order has proposed the following places to be in the “whitelist places”:-

(a) European Economic Area (EEA) member countries
(b) United Kingdom
(c) The United States of America
(d) Canada
(e) Switzerland
(f) New Zealand
(g) Argentina
(h) Uruguay
(i) Andorra
(j) Faeroe Islands
(k) Guernsey
(l) Israel
(m) Isle of Man
(n) Jersey
(o) Australia
(p) Japan
(q) Korea
(r) China
(s) Hong Kong
(t) Taiwan
(u) Singapore
(v) The Philippines
(w) Dubai International Financial Centre (DIFC)

The deadline for sending feedback is on the 4th of May 2017 (Thursday). For more details, please click here.

Kuala Lumpur Bar Committee 2017/2018

I am pleased to announce that I have been re-elected as a committee member of the Kuala Lumpur Bar Committee for the year 2017/2018.

I have also been re-appointed to chair the Kuala Lumpur Information Technology and Publication Committee. This Committee will continue its development of the Kuala Lumpur Bar website, App and membership management system.

The full list of office-bearers of the Kuala Lumpur Bar Committee for 2017/18 are as follows:-

Chairman :
Goh Siu Lin

Committee members :
Alvin Oh Seong Yew
Atan Mustaffa
Chen Yu Szen
Foong Cheng Leong
Jacky Loi
Muhendaran Suppiah
New Sin Yew
Nik Elin Nik Rashid
Shashi Devan
Vivek Sukumaran

Representative to the Bar Council: Khaizan Sharizad binti Ab Razak (Sherrie)

MY Legal History: Lecture on Traditions of The Bar by Dato Dr Peter Mooney – 28 February 2000

Last year, I found a box full of cassettes at the Kuala Lumpur Bar Secretariat. They were recordings of various Kuala Lumpur Bar events in the late 1990s and early 2000 where smartphones were not widely available yet (perhaps not even in existence).

One of the cassettes had the label “Lecture on Traditions of the Bar by Dato Dr. Peter Mooney”. The late Peter Mooney was a very well-known lawyer who, like many early lawyers of Malaya, came from the United Kingdom. Many of his contemporaries had left for home or had passed on. Peter Mooney served as the Attorney General of Sarawak and Vice President of the Bar Council. He was also one of the founding partners of Skrine. He passed on recently at the age of 92.

I have converted into a podcast using a device I bought online (above). Some parts of the podcast is a little bit fuzzy due to the age of the cassette (16 years old!).

This is my favourite part of the podcast:-

“The independent of the Bar is absolute essential if the system is to work properly and it essential to the liberty of the subject. Justice will be done only if there is a strong bar which is courageous and as well as independent”.

Bread & Kaya: Cyberbullying, stalking and sexual harassment

Bread & Kaya: Cyberbullying, stalking and sexual harassment
By Foong Cheng Leong | Jun 28, 2016

– Current laws narrowly and vaguely defines harassment
– It is high time Malaysia legislates against it

In Mohd Ridzwan bin Abdul Razak v Asmah Binti HJ. Mohd Nor (Kuala Lumpur Civil Suit No. 23NCVC-102-12/2011), the Defendant alleged that the Plaintiff had sexually harassed her at their workplace.

The Defendant alleged that numerous vulgar and harassing words were uttered to her and they included the following:

– kalau nak cari jodoh cari yang beriman, solat, you kena solat istikarah .. . bila you solat istikarah, you akan mimpi you berjimak dengan orang tu! (If you’re looking for a partner, look for someone pious. You will need to pray. When you pray, you will dream of having sex with that person!)
– you ni asyik sakit kepala saja, you ni kena kahwin tau … you nak laki orang tak? (You’re always having a headache. You need to get married, you want someone’s husband?)
– you nak jadi wife I tak? I banyak duit tau. (You want to be my wife? I have a lot of money).

The Defendant filed a complaint against the Plaintiff to the company and a committee of inquiry was set up to investigate the complaint.

The committee found that there was insufficient evidence to warrant disciplinary action to be taken against the Plaintiff, but a strong administrative reprimand was given.

Aggrieved, the Plaintiff sued the Defendant for defamation and the Defendant counterclaimed for tort of sexual harassment.

The High Court dismissed the Plaintiff’s claim and allowed the Defendant’s counterclaim. She was awarded with RM100,000 in general damages and RM20,000 in aggravated and exemplary damages.

The Plaintiff appealed against the judgment to the Court of Appeal (Court of Appeal Civil Appeal No. W-02(NCVC)(W)-2524-10-2012).

The Court of Appeal dismissed the appeal and held that what the Plaintiff did amounts to the tort of intentionally causing nervous shock.

The Court of Appeal however fell short of declaring that there is tort of harassment in Malaysia.

Dissatisfied again, the Plaintiff filed an appeal with the Federal Court. Unfortunately for the Plaintiff again, the Federal Court (Federal Court Civil Appeal No 01(f)-13-06/2013 (W)) dismissed the appeal.

The Federal Court added:

[39] After mulling over the matter, we arrived at a decision to undertake some judicial activism exercise and decide that it is timely to import the tort of harassment into our legal and judicial system, with sexual harassment being part of it.

The introduction of the tort of harassment is a significant improvement to our laws. Victims of harassment and cyberbullying now have an easier avenue to obtain redress from our Courts.

In my earlier article Bread & Kaya: Cyberstalking, harassment … and road rage, published in July 2014, I said that we do not have specific laws to govern harassment, and hence it is difficult to determine whether an act amounts to harassment without a legal definition.

Section 233 of the Communications and Multimedia Act 1998 criminalises certain forms of harassment, but it must be an electronic communication which is obscene, indecent, false, menacing or offensive in character.

But as we can see, harassment comes in all sorts of forms.

Furthermore, there had have been complaints that industry regulator the Malaysian Communications and Multimedia Commission (MCMC) is selective in prosecuting cases. Not all complaints are acted upon.

Before the Federal Court decision, it was tougher to seek legal redress as there were no reported case laws holding that there is tort of harassment in Malaysia. When the Court of Appeal delivered the decision of Ridzwan, it equated an action for tort of harassment as tort of intentionally inflicting nervous shock.

Such equation is significant because the threshold to succeed in an action for nervous shock is high. A victim needs to prove that he or she suffered some form of psychiatric illness or injury. Normally, this would need to be proven by a doctor, and a victim may not see a doctor immediately.

Further, a victim of harassment does not necessarily suffer such a medical condition. Harassment normally causes distress, annoyance, humiliation or annoyance.

In Malcomson Nicholas Hugh Bertram v Mehta Naresh Kumar (2001] 3 SLR 379, the Singapore High Court defined harassment as the following:

For the purposes of this application I shall take the term harassment to mean a course of conduct by a person, whether by words or action, directly or through third parties, sufficiently repetitive in nature as would cause, and which he ought reasonably to know would cause, worry, emotional distress or annoyance to another person.

This is not intended to be an exhaustive definition of the term but rather one that sufficiently encompasses the facts of the present case in order to proceed with a consideration of the law.

It would be interesting to see how far the tort of harassment could help victims of stalking, harassment and cyberbullying.

The common form of online harassment and cyberbullying nowadays is to set a mob of netizens against a person, or what is known as cyber-lynching.

Many have become victims of such cyber-lynching, and they may not have a legal redress as the attacks are not done by a single person – they could be shared by thousands of people and acted upon by numerous vigilante netizens independently.

Victims would have a hard time finding the perpetrators, and the legal costs would be prohibitive.

It is high time for Malaysia to legislate against harassment.


First published on Digital News Asia on 28 June 2016.

Malaysia must adopt new laws that are more focused on social media abuse

I was quoted by The Rakyat Post on laws and regulations relating to social media in Malaysia.


The sharing of information taken from another individual, without their awareness or knowledge, containing elements of incitement and slander are offences punishable by law, said legal expert Foong Cheng Leong.

He said Malaysia currently had laws on communication offences involving social media, but the government faced difficulties in detecting all the cases that occurred.

“The sharing or dissemination of any information that is libelous or slanderous are clear offences under the law. Doing these things intentionally or unintentionally is completely irrelevant in cases that involved social media.

“Malaysia has the legislation (needed), but it is difficult for the government to control the activities in social media as there is no party monitoring all the data that goes in and out,” he told The Rakyat Post when contacted recently.

He added that all social media users should take their own precautions to avoid becoming victims, apart from depending on the law, because it was impossible for authorities to track every movement in the social media.

“Users must be very careful in using these social media platforms as it is becoming more and more difficult for authorities to track down misconduct by offenders.

“However, the function of social media cannot be reduced as it should be viewed as a healthy approach. If we withdraw the ‘comment’ box on Facebook, then there will not be any healthy discussion,” he said.

Bread & Kaya: Uber and GrabCar services legal in Malaysia?

Bread & Kaya: Uber and GrabCar services legal in Malaysia?

By Foong Cheng Leong
Aug 12, 2015

– The apps appear legal under current laws, but are the drivers?
– Public transport services need to be regulated to ensure they are safe

ON Aug 7, Malaysia’s Land Public Transport Commission (SPAD) announced on its Facebook page that it had seized 12 cars alleged to have been providing public vehicle services without a licence, under Uber and GrabCar.

SPAD said it would bring the matter to court.

This is not the first time the Commission has acted. According to a March 3 report in theSun, No escape for operators violating Land Public Transport Act, 39 private vehicles that were used to offer taxi-like services through different mobile applications like Uber, MyTeksi and Blacklane, were seized.

App-based transportation network companies such as Uber have been subject to ongoing protest and legal actions around the world. Uber has been banned in numerous countries such as Australia, India and Thailand, as well as certain parts of the United States.

GrabCar and Uber are essentially a service which connect users for rides on private cars. For the purpose of this article, I’ll focus on Uber which I am familiar with. I’ve used Uber when I was in the United States and Singapore.

If you’re wondering whether Uber and GrabCar services are legal in Malaysia, there is no express prohibition under the law to have software to connect users for rides on private cars.

According to a report in automotive portal paultan.org, SPAD chairman Syed Hamid Albar said that existing laws are silent on mobile apps offering public transport services, and this meant that SPAD was finding it difficult to rein in foreign and local mobile apps such as Uber and GrabCar, which it claimed were offering illegal public transport services.

However, Uber and GrabCar’s positions are quite clear: They do not provide transportation services but merely connect their users with drivers.

In the Recital of Uber’s Transportation Provider Service Agreement, it is stated:

Rasier does not provide transportation services, and is not a transportation carrier. In fact, the Company neither owns, leases nor operates any vehicles. The Company’s business is solely limited to providing Transportation Providers with access, through its license with Uber, to the lead generation service provided by the Software, for which the Company charges a fee (“Service”).

In GrabCar’s Terms of Use, it states:

The Company is a technology company that does not provide transportation services and the Company is not a transportation provider. It is up to the third party transportation providers to offer transportation services to you and it is up to you to accept such transportation services.

However, the problem lies with the drivers providing the transportation services. Under Section 16 of the Malaysian Land Public Transport Act 2010 (Act), no person shall operate or provide a public service vehicle service using a class of public service vehicles unless he holds an operator’s licence issued under said Act.

A person is deemed to be operating or providing a public service vehicle service if he:

(a) uses or drives a public service vehicle of a class of public service vehicles himself; or
(b) employs one or more persons to use or drive a public service vehicle of a class of public service vehicles,

to operate or provide a public service vehicle service, and

(a) he owns the said public service vehicle; or
(b) he is responsible, under any form of arrangement with the owner or lessor of the said public service vehicle to manage, maintain or operate such public service vehicle.

Based on the above definition, Uber and GrabCar do not seem to fall within the scope. Hence, Uber and GrabCar apps are legal in Malaysia.

Notwithstanding that Uber and GrabCar apps are legal in Malaysia, are Uber and GrabCar’s drivers legal in Malaysia?

Uber and GrabCar drivers can legally provide public transportation service if they are licensed under the Act.

In fact, Uber’s Transportation Provider Service Agreement (PDF) states that an Uber driver (pic above) must “possess a valid driver’s licence and all licences, permits and other legal prerequisites necessary to perform rideshare or P2P (peer-to-peer) transportation services, as required by the states and/or localities in which you operate.”

From this agreement, it is clear that Uber requires its drivers to have a valid licence to provide “rideshare or P2P transportation services” which are essentially transportation services. Drivers without such a licence are committing an offence under Section 16 of the above Act, or can even be considered as breaching Uber’s own Transportation Provider Service Agreement.

Section 16 of the Malaysian Land Public Transport Act 2010 (Act) provides that any person, not being a corporation, who commits an offence shall, on conviction, be liable to a fine of not less than RM1,000 but not more than RM10,000, or to imprisonment for a term not exceeding one year, or to both. [RM1 = US$0.25]

The court may also order the vehicle to be forfeited to the Government under Section 80(4) of the Act.

In Reza Kianmehr v. PP [2013] 7 CLJ 265, Reza Kianmehr was convicted and sentenced to a fine of RM2,000 in default of two months’ imprisonment for the offence of operating a public service vehicle service (in local terms, kereta sapu) without a licence under Section 16 of the Act. His car was also ordered to be forfeited to the Government under the same Act.

The reason for regulating public transport service vehicles is simple. We need to make sure public transport is safe to the public. Details of drivers must be recorded and they must meet the minimum qualifications.

Those who escape the system are a risk to users and those on the streets.

Assuming an accident is caused by an unlicensed public transport vehicle driver where the passenger and person on the streets are injured, would the driver’s insurance cover such injuries, or even death?


First published on Digital News Asia on 12 August 2015

1 2 3 9  Scroll to top