We are looking for interns!

As an intern, you will be exposed to matters relating to cyberlaw, intellectual property, franchise and data protection laws.

Law students and graduates are encouraged to apply.

Please send your CV to mail@fcl-co [dot] com.

Malindo Air’s Data Breach

I was asked to comment on Malindo Air’s latest data breach incident by South China Morning Post, Malaysian Reserves and Global Data Review.

Malindo Air, a subsidiary of low-cost airline Lion Air, has suffered a massive data breach, resulting in the information of millions of passengers – including passport details, home addresses and phone numbers – being leaked onto data exchange forums last month.

In South China Morning Post’s article title ” Malindo Air confirms data breach, exposing millions of passengers’ personal data“, it was reported-

Cyber law and technology lawyer Foong Cheng Leong said that companies in breach of Malaysia’s Personal Data Protection Act are not under any legal obligation to notify the authorities, the public, or the victim of the leak, although this lacuna is being reviewed.

There is no data breach notification rule in Malaysia under this Act. However, there is of course a moral obligation on the part of the company to notify the subject and the public,” said Foong.

Unfortunately in Malaysia these data breaches happen often, but if nobody knows about it nothing happens. During past breaches, there were some investigations but no prosecutions and no repercussions.

In the Malaysian Reserve’s article titled “Experts call for tougher law on data breach as Malindo Air becomes latest victim“, I said-

“There should be a data breach notification law. Data subjects have the right to know that their information has been compromised and take steps to secure the data,” Bar Council’s information technology and cyber laws committee deputy chairman Foong Cheng Leong told The Malaysian Reserve in an earlier report.

He added that the Personal Data Protection Commissioner had introduced a consultative paper to propose the mandatory disclosure, but the progress has been muted so far.

Currently, parties suffering from a data leak in Malaysia are not obliged to notify the authorities or the victims.

“In Europe, under the general data protection regulation, any companies including foreign firms with an office and/or serve the European region are required to lodge a report of any data breach within 72 hours.

“Organisations face the risk of a fine up to 4% of global revenue in the event of a data breach,” Foong said.

Lastly, in Global Data Review’s article titled “Lion Air Group data breach affects more than 30 million customers“, it was reported-

Foong Cheng Leong, a partner at Foong Cheng Leong & Co in Kuala Lumpur, said Malindo Air may have fallen foul of the country’s Personal Data Protection Act. This can attract criminal sanctions: a fine up to 300,000 ringgit (€65,000) and prison sentences of up to two years.

In spite of this, Leong said enforcement may not be forthcoming. He said that the government has yet to make a prosecution under the law for a data breach in spite of “numerous high-profile data breaches” in Malaysia since the law came into force.


Leong said Malindo Air might be liable under other data protection laws in the region. “However, it is not known if the data protection authorities will take or have the power to take any action against Malindo Air”, he said.

Leong said that the issue has drawn attention to the absence of notification requirements in Malaysia’s data protection law.


I was interviewed by BFM Radio over a statement by Parti Sosialis Malaysia Chief Dr Jeyakumar Devaraj regarding a warning notice by Biotropics Malaysia Berhad which has taken out a patent for the bioactive component of Tongkat Ali (Patent No. MY-134867-A – corresponding patent can be seen here). In gist, Dr Jeyakumar said that patent laws have been misused to create monopolies over a natural product like Tongkat Ali which has been used for its medicinal properties “for centuries”.

I was asked to explain what this patent is about and the scope of it.

MESTECC and Massachusetts Institute of Technology (MIT) have joint ownership of a Tongkat Ali extract- what does that mean and will this impact communities that harvested the traditional herb for centuries? We speak to an IP lawyer.

Produced by: Tasha Fusil
Presented by: Kelvin Yee, Kam Raslan, Aiman Rashad


With the rise of Android TV boxes in Malaysia, content developers as well as local film bodies are keen on shifting responsibility to users to curb piracy. Finas is taking it a step further by proposing a new paper that would hold homeowners accountable for pirated content that’s streamed on their property, regardless if they’re the tenants.

Produced by: Christine Wong
Presented by: Richard Bradbury, Arvindh Yuvaraj, & Audrey Raj

Pay just RM150 for details of 200,000 people, RM350 for 10 million

I was interviewed by Free Malaysia Today on the issue of the unlawful sale of personal data in Malaysia which is an offence under the Personal Data Protection Act 2010 (PDPA), in particular, s. 130 of the PDPA.

A lawyer told FMT that the sale of personal data is not surprising.

Foong Cheng Leong, who chairs the Kuala Lumpur Bar’s information technology committee, said while the sale of data is common, it is no longer done as openly as before due to PDPA which came into force in 2013.

But he said enforcement has been poor.

Despite media reports on data breaches such as the leakage of millions of mobile phone numbers two years ago, no action has been taken, Foong said.

In 2017, mobile phone numbers, identification card numbers, home addresses, IMEI and SIM card data of 46.2 million customers of at least 12 Malaysian mobile phone operators were leaked online.

“We do not know why there has been no prosecution. Perhaps due to the difficulty of conducting a data leakage investigation, data may be held by numerous data processors and rogue employees may have accessed them without permission,” said Foong.

E-hailing firms must protect data

I was interviewed by The Star and Free Malaysia Today on an e-hailing firm’s new user requirement to submit “selfie” for verification purposes.

In The Star’s article titled “E-hailing firms must protect data“, it was reported-

Weak enforcement of the Personal Data Protection Act (PDPA) has made it vital for e-commerce firms and e-hailing providers to protect such information, according to the Bar Council.

Its Information Technology and Cyber Laws Committee deputy chairman Foong Cheng Leong said there had not been much news on the enforcement of the Act .

There were cases of companies being fined, but high-profile cases such as the data breach involving telecommunications companies two years ago have yet to be resolved,’’ he said.

Welcoming the requirement of selfie verification on e-hailing passengers as an effective mechanism to protect the drivers, he said those concerned with data privacy breaches could not do much if they wanted to use the service.

Foong’s comments were in light of the concerns over data privacy following a law introduced by the Transport Ministry in July last year, requiring passengers to submit their identity credentials upon registration with any e-hailing platform

While in Free Malaysia Today’s article titled “Password better than selfie for Grab driver safety, says consumer group“, it was reported-

Foong Cheng Leong, a lawyer, says the requirement does not run afoul of the Personal Data Protection Act 2010 as it involved obtaining the user’s consent.

“The use of Grab or any ride-hailing service is optional. Those who do not wish to submit their picture may opt not to use the service.”

In addition to the above, I would like to add that the submission of “selfie” can be a concern if there is a high risk that the data is misused. The selfie can be paired with other data for profiling purposes. Such data can be used for surveillance purpose, matching with other data, etc.

Perhaps such providers should announce how, in detail, personal data is protected, where exactly it will be stored, what measures are taken to ensure data is safe, and report whenever there is a data leakage or third party request. Most data users publish such information on their privacy policy. However, most data users publish very general information and the bare minimum, as required by the Notice & Choice Principle provided by the Personal Data Protection Act 2010.

Since it is mandatory for e-hailing users, the only choice available for users now is to not use such e-hailing services unless there is a change in policy. Users should consider filing a complaint to the Personal Data Protection Commissioner or Transport Ministry over the new rules.

Bread & Kaya: 2018 Malaysia Cyber-law and IT Cases PT4 – Commercial cases

By Foong Cheng Leong
May 10, 2019

– 2018 saw the first decision on the liability of online marketplace providers
– Damages can be granted in the case of a software delivery delay

IN THIS last of a four-part series, I will focus on commercial cases in 2018.

Short-term lodging – the Airbnb Effect

An online marketplace for accommodation and hospitality such as Airbnb enables people to lease or rent short-term lodging including vacation and apartment rentals, homestays, hostel beds and hotel rooms.

Currently, there are no specific laws to govern the conduct of these online marketplace providers.  However, joint management bodies and management corporations have taken action to stop apartment owners from operating short-term lodging by, among others, imposing rules to stop this practice.

In Salil Innab & Anor v Badan Pengurusan Bersama Seti Sky Residences & 5 Ors (Kuala Lumpur High Originating Summons No: WA-24NCVC-776-04/2018), the 1st Defendant, the Joint Management Body of Setia Sky Residences, took steps to stop the Plaintiffs’ services of short term rentals. The Plaintiffs, tenant and landlord of an apartment unit at a building, filed an action against the Joint Management Body to stop them from interfering or stopping any owners, tenants of any short term rental and/or any person representing the Plaintiffs from operating a short term rental at Setia Sky Residences.

The 1st Plaintiff is also a director of a company called Innab Trade Sdn Bhd. Through Innab Trade Sdn Bhd, the 1st Plaintiff had also rented other units in Setia Sky Residences for the purposes of sub-letting the same to members of the public.

The 1st Defendant contended that the business operated by the 1st Plaintiff, through Innab Trade Sdn Bhd, at Setia Sky Residences is in reality a hotel business and not merely the business of letting out short-term tenancies.

In so contending, the 1st Defendant made reference to how bookings for the short-term tenancies were made through the internet, how the units were described and marketed by using the name “KL Suites” and how they were portrayed in Innab Trade Sdn Bhd’s website, including the contention that these “KL Suites” could be booked through other websites. It is contended that all of these are similar to and in effect, the management of a hotel service.

The High Court granted an interlocutory injunction to stop the Defendants from interfering or stopping any owners, tenants of any short term rental and/or any person representing the Plaintiffs from operating a short term rental at Setia Sky Residences.

The High Court held that the 1st Plaintiff’s short-term tenants will be adversely affected and they are in reality victims of the conflict between the Plaintiffs and the Defendants. In addition, the continued interference with or obstruction of the 1st Plaintiff’s short-term tenants would also be likely to cause irreparable damage to the goodwill that the 1st Plaintiff would have built in his business.

However, the Court of Appeal allowed the Defendants’ appeal (Civil Appeal No. W-02(IM)(NCVC)-1811-09/2018) on the ground that the injunction order was too wide and damages is an adequate remedy.

In Verve Suites Mont’ Kiara Management Corporation v Innab Salil & 8 Ors (Kuala Lumpur High Originating Summons No: WA-22NCVC-461-09/2017), the Plaintiff, the Management Corporation of Verve Suites Mont Kiara, passed and adopted a resolution in an Extraordinary General Meeting to prohibit the use of residential units in the Verve Suites for business, including paid short-term rentals. The prohibition was then incorporated into the House Rule 3.

House Rule 3.0 states that any unit for short term rental is prohibited. House Rule 3.1(i) states any stay for which a booking was made through services/applications/websites etc, such as AirBnb, booking.com, agoda.com, klsuits.com and other similar services is considered as a short-term rental agreement.

The Defendants had allegedly caused their respective residential units in Verve Suites to be turned into a hotel room with large numbers of guests coming to check in and check out with a flurry of activities interfering with the security, quiet enjoyment and overall wellbeing of the residents in the Verve Suites.

The Plaintiff then initiated an action against the Defendants compelling them to abide by all times and not violate the House Rule and be restrained from advertising, contracting for, booking and/or allowing, dealing with the residential units to be used for business including paid short term rental and/or transient use for tourist, or hotels, among others.  

The High Court held that the Plaintiff can enforce House Rule 3 and prohibited the Defendants from running the short-term rental business.

E-commerce – Suing online marketplace operators

We saw the first decision on the liability of online marketplace providers.

In Nexgen Biopharma Research & Innovation SARL v Celcom Planet Sdn Bhd (Kuala Lumpur High Court Suit No. WA-22IP-3-01/2018), the Intellectual Property High Court had to decide whether an online marketplace provider is liable for trademark infringement for the sale and advertisements of its Merchants’ products published on its website.

The brand owner was granted an order for summary judgement against the Defendant that operates an online marketplace by the name of “11Street” for infringing their trade mark “MFIII”. 11Street had published the MFIII trade marks and numerous sellers had posted unauthorised MFIII products for sale on 11Street. Besides, 11Street had also advertised the MFIII trade mark together with products bearing the MFIII trade marks on various third-party websites.

Similarly, in Jeunesse Global Sdn. Bhd. v Ecart Services Malaysia Sdn Bhd (Kuala Lumpur High Court Suit No. WA-22IP-16-02/2018), the Plaintiffs, who are in the direct selling business of skin care products and supplements, sued the operator of online marketplace operator, Lazada, for trade mark infringement, passing off, copyright and unlawful interference with their business, among others. The Plaintiffs discovered that Lazada had been selling products bearing the 1st Plaintiff’s registered trade marks and publishing the 1st Plaintiff’s copyright works. However, the parties settled the matter amicably and the matter was withdrawn.

Last year, I reported that a luxury watches brand owner sued a web hosting company for trademark infringement for hosting websites that sold counterfeit products (Officine Panerai AG v Shinjiru Technology Sdn Bhd (Kuala Lumpur High Court Suit No. WA-22IP-2-01/2018)). The interesting question in this case is whether a webhoster is liable for trade mark infringement for what their subscribers do. However, the parties also settled the matter amicably and the matter was withdrawn. 

Contractual matters – Software delivery delay and online agreements

This is an important case for the software industry. Delay in delivering a software is a common occurrence in the industry and in the High Court case of Tex Cycle Technology (M) Berhad v Fact System (Malaysia) Sdn Bhd (Kuala Lumpur High Court Suit No. WA-22NCVC-379-06/2016) provides what a customer can do if there is such delay.

In this case, the Plaintiff sued the Defendant for failing to install a software which could cater for the implementation of Goods and Services Tax (GST) required by the Government within the date of enforcement of GST.

The Defendant had allegedly represented to the Plaintiff in meetings and exchanges of emails that the Defendant could meet the enforcement date of GST and also that two important service requirements of the contract entered into could be fulfilled.

The Plaintiff claimed that due to the Defendant’s failure, they had no alternative but to switch to manually entering the data and generating documents manually and, in the process, incurring significant costs and expenses.

The Plaintiff sued for the loss and damages and the refund of the sum of RM191,572 paid by the Plaintiff to the Defendant for the software. The High Court found in favour of the Plaintiff and ordered the refund of the money paid plus general damages of RM100,000.

On appeal (Civil Appeal No. W-02(NCvC)(W)-1297-06/2018), the Court of Appeal allowed the appeal in part and disallowed the general damages of RM100,000. The Court of Appeal held that the High Court Judge is plainly wrong in allowing RM100,000 as general damages as there were no evidential basis.

In Wong Wei Pin v Malayan Banking Berhad [2018] 6 AMR 933, the High Court dealt with an interesting point whether general terms and conditions published on a website can be incorporated into an agreement.

In this case, the Plaintiff had accumulated credit card points via business and commercial purposes which ran foul of the Defendant’s terms and conditions of the credit card which provides that the cardmember can only use the credit card for purposes of personal consumption only, i.e. non-business and non-commercial related consumption. The Plaintiff argued that the Defendant’s Product Disclosure Sheet (PDS) which did not explicitly state that the terms and conditions of the Credit Card can be found at www.maybank2u.com.

The learned Judge held that although the PDS did not set out that the general terms and conditions are set out at Maybank’s website, it is accordingly the obligation of the Plaintiff to ascertain what the general terms and conditions are as she will be bound by them in the usage of the Credit Card. Accordingly, the High Court held that the Plaintiff is bound by the terms and conditions found on the Defendant’s website, and even if the Plaintiff chose not to read them, she is bound by them by her usage of the card.

In closing

In 2019, we can expect more interesting developments in the cyberlaw and IT sphere –

  1. The Council of Auctioneers Malaysia is challenging a decision by the High Court Registrar to implement electronic bidding or e-Lelong in all courts in West Malaysia (Majlis Pelelong Malaysia v. Pendaftar Mahkamah Tinggi Malaya (Kuala Lumpur Judicial Review Application No. WA-25-313-10/2018). Leave to challenge the High Court Registrar’s decision has been granted by the High Court. The High Court will now hear the substantive application in due course;
  2. Pursuant to the Capital Markets and Services (Prescription of Securities) (Digital Currency and Digital Token) Order 2019, digital currencies and digital tokens which are not issued or guaranteed by any government body or central bank, and fulfils other specific features, are prescribed as securities. The effective result of this order is that the digital currencies and digital tokens will now be primarily regulated by the Securities Commission. The Securities Commission’s Guidelines on Recognised Markets has now been amended to regulate digital asset exchange operator;  
  3. The Government will be taxing digital services beginning from Jan 1, 2020 at 6% per annum. Pursuant to the Service Tax (Amendment) Bill 2019, foreign registered persons providing digital services to consumers in the country will need to pay service tax;
  4. The introduction of the new Legal Profession Act 2018 to replace the old Legal Profession Act 1976 will see the introduction of the legal technology provision. S. 35 seeks to regulate the provision of legal technology by legal technology service provider. Legal technology is defined as any technological product or service used or to be used, (1) in the provision of any service or any act which is within any function or responsibility of any advocate and solicitor, or (2) places at the disposal of any other person the services of an advocate and solicitor. The Bar Council is given the power to regulate legal technology; and
  5. Across the causeway, Singapore has introduced the Protection from Online Falsehood and Manipulation Bill 10/2019. This new law seeks to, among others, criminalise false statements, control inauthentic behaviour and other misuses of online accounts and bots and regulate blocking orders. This new law also introduced a new way to punish persons who disseminates false statements i.e by cutting their income and starving them financially.

First published on Digital News Asia on 10 May 2019.

Bread & Kaya: 2018 Malaysia Cyber-law and IT Cases PT3 – Cyber-crimes and -offences

By Foong Cheng Leong
May 3, 2019

  • Laws introduced to regulate e-hailing services
  • Sexual grooming enters the books as a new offence 

IN THIS third of a four-part series, I will discuss cyber-crime cases and other cyber offences.

Communications and Multimedia Act 1998

The establishment of Cyber Courts in the Kuala Lumpur Sessions Court saw the growth of judgements relating to the Communications and Multimedia Act 1998.

In Pendakwa Raya lwn Dato’ Mohd Zaid Bin Ibrahim (Kuala Lumpur Criminal Sessions Court Case No. 63-003-12/2015), the learned Sessions Court Judge gave a comprehensive judgement regarding a charge under s. 233(1)(a) of the Communications and Multimedia Act 1998.

The accused, a former Minister of Law, was charged for publishing a statement which is offensive in nature on his blog with an intent to annoy another person. The statement consists of a transcript of the accused’s speech given at a luncheon relating to the conduct of the then Prime Minister Najib Razak.

The learned Sessions Court Judge acquitted the accused at the prosecution stage based on the following grounds, among others:-

(1) In determining whether the article is offensive in nature, the article must be examined as a whole and not by looking in a few paragraphs or words. This is because the accused was charged for uploading the article and thus the entire article is considered as offensive in character. The prosecutor cannot pick and choose the relevant paragraphs or words favourable to them and conclude that the article is offensive in character.

(2) The learned Sessions Court Judge looked into the object of the Communications and Multimedia Act 1998 set out in s.3 of the said Act. One of the objectives of the Act is to promote a civil society where information-based services will provide the basis of continuing enhancements to quality of work and life. The learned Sessions Court Judge also considered that the said Act addressed the issue of censorship where nothing in the said Act shall be construed as permitting the censorship of the Internet.

(3) None of the Prosecution’s witnesses stated that they found that the entire article is offensive in character. Two (2) of the prosecution’s witnesses referred part of the article and not the whole article. In fact, the complainant’s police report against the accused had only stated that the article is seditious in nature which is different from offensive in character.

(4) Such article must be examined and not taken without further examination without critical thinking. This is one of the objectives that s. 3 of the said Act seeks to achieve. The attitude of receiving news blindly should be avoided and the new culture in accordance with the purpose and objective of the said Act ought to be promoted.

(5) In respect of the element “with intent” to annoy another person, the learned Sessions Court Judge held that that intent has to be proved and no evidence has been adduced to prove the same. As for the element “annoy another person”, the learned Sessions Court Judge found that the complainant did not feel annoyed when he read the article. The learned Sessions Court Judge held that annoyance or anger or dissatisfaction would appear spontaneously when the article is read. The learned Sessions Court Judge found that the article is intended for blog readers to garner support for what it is written for i.e. to give support to Prime Minister Dr Mahathir.

(6) The charge is defective as the prosecution failed to state clearly in the charges sheet who is the person intended to be annoyed by the accused when the article was uploaded. The charge sheet had only stated “with the intent to annoy another person”. The person in the charge sheet must be named clearly.

(7) The Prosecution should have also called the person intended to be annoyed by the article to testify whether the victim felt annoyed by the article. Without evidence from the victim, the Court is left wondering whether the victim felt annoyed by the article.

In Sivarasa Rasiah v Pendakwa Raya (Kuala Lumpur Criminal Sessions Court Case No. 63-001-04/2016 & 63-002-04/2016, Criminal Application No: 64-085-07/2016) and Premesh Chandran a/l Jeyachandran v Pendakwa Raya (Kuala Lumpur Criminal Sessions Court Case: WA-64-155-12/2017), the two accused were charged under s. 233(1) of the Communications and Multimedia Act 1998. They filed an application to refer a few constitutional issues to the High Court pursuant to s. 30 of the Courts of Judicature Act 1964 on the ground that s. 233(1) of the Communications and Multimedia Act 1998 is in contravention of Article 8 and 10(2)(a) of the Federal Constitution.

The Prosecution raised a preliminary objection against this application on the ground that s. 233(1) of the Communications and Multimedia Act 1998 is settled and not in contravention of the Federal Constitution. The same Sessions Court Judge dismissed the application on the ground that the case of Nor Hisham Osman v PP [2010] MLJU 1429 has already determined that s. 233(1) of the Communications and Multimedia Act 1998 is reasonable and not unconstitutional.

Fortunately for the two accused, the charges were withdrawn against them after the change of Government after the 14th General Election.

Sedition – Sex bloggers on trial

In Lee May Ling v Public Prosecutor & Another Appeal [2018] 10 CLJ 742, the Appellant, also known as Vivian of the Alvivi duo, was found guilty by the Sessions Court for an offence under s. 4(1)(c) of the Sedition Act 1948 and sentenced to an imprisonment term of five (5) months and twenty (22) days.

Vivian and her co-accused, Alvin Tan, had published a picture of themselves with the words “Selamat Berbuka Puasa (dengan Bak Kut Teh. wangi,enak, meyelerakan!!!) with the Halal logo on the Facebook page “Alvin and Vivian-Alvivi”.

She appealed against her conviction and sentence. There was also a cross-appeal by the prosecution against the inadequacy of sentence meted out by the Sessions Court Judge.

The co-accused absconded through the trial and was absent until the conclusion of the trial.  

The High Court dismissed the appeals. The learned Judge found that Vivian and Alvin Tan had a common intention to publish the picture, and that Vivian was a willing participant. Although no one saw Alvin or Vivian posting the picture, the learned Judge also made an inference from the evidence showing that the picture was kept in Alvin’s notebook and the Facebook page was registered in the name of Alvin and Vivian.

The High Court however substituted the sentence of five (5) months and twenty (22) days imprisonment with a fine in the sum of RM5,000 in default, imprisonment of six (6) months. The High Court in the same vein dismissed the prosecution’s appeal on the inadequacy of the sentence.

Official Secrets Act 1972 – Liability for receiving forwarded messages

Last year, I reported that one Subbarau @ Kamalanathan (Pendakwa Raya v Subbarau @ Kamalanathan (Court of Appeal Criminal Appeal No. N-06B-55-09/2016) was charged in the Sessions Court under s. 8(1)(c)(iii) of the Official Secrets Act 1972 (OSA 1972) for having possession in his Samsung mobile phone soft copies of 2014 UPSR examination papers.

In the same year, the Court released two more judgements relating to the possession of Ujian Penilaian Sekolah Rendah (UPSR) examination papers which they had received via forwarded messages on WhatsApp.

In Pendakwa Raya lwn Uma Mageswari A/P Periasamy @ Mayandy (Kuala Kangsar Sessions Court Criminal Case No. 61-1-11-2014) and Pendakwa Raya v Anparasu al Kadampiah (Kuala Kangsar Sessions Court Criminal Case No. 61-2-11-2014), the two school teachers were charged with possession of a few pages of examination papers for Ujian Penilaian Sekolah Rendah (UPSR) for Science 018 under s. 8(1)(c)(iii) of the Official Secrets Act 1972. Both were acquitted as the photographs of the examination papers were forwarded to them and stored automatically on their mobile phones, and they had no use for them, among others.

The prosecution of persons who possess information received via forwarded messages is a dangerous precedent. The law should make exception to those who had not knowingly received such information and chose not to delete those information thereafter.

Online and phone scams – Scammer or victim?

Online and phone scams have become common in Malaysia. The authorities had been tracking and arresting these scammers but many of them are based outside Malaysia. Instead, these scammers use the services of Malaysians, whether knowingly or not, to receive and dissipate money.

In Pendakwa Raya lwn Charles Sugumar a/l M. Karunnanithi (Kota Bharu Magistrate Court Kes Tangkap No: MKB (A) 83-43-02/2016), the accused was charged under s. s. 424 of the Penal Code for dishonestly concealing money of a scam victim in his bank account knowing that the said money does not belong to him. The victim had befriended a person by the name of Alfred Hammon from UK through Facebook. Alfred Hammon then made the victim transfer money to the accused’s bank account on the pretence that he needed the money to cash his cheque of three million dollars. Alfred Hammon promised that he will return the money together with interest. However, after transferring the money, the victim realised that she was scammed.

The accused claimed that he is not part of the scam and that when he was working as a tour driver, he was requested by his customer to receive money on the customer’s behalf. The accused claimed that he did it to give his customer the best service so that he can attract more customers. He said that he was informed by the customer that the customer’s friend had to transfer money to him so that the customer can continue his tour in Malaysia. The accused said that he did not make any remuneration or commission from that assistance.

The Magistrate acquitted the accused as the Magistrate found that, among others, the accused’s evidence is consistent and he is a credible witness. The Magistrate agreed that the accused was made a scapegoat by the customer who took advantage of his goodness and sincerity in giving the best service as a tour driver.

In Pendakwa Raya lwn Sabariah Binti Adam (Magistrate Court Criminal Trial No. 83RS – 206 – 08 / 2016), the accused was charged with two counts of knowingly concealing stolen property, an offence under s. 414 of the Penal Code. The victim was duped by a Facebook user by the name of Nasir to bank in her money into the accused’s bank account. The accused claimed that she was a victim of the same trumpery scheme and not the perpetrator. She has no control and custody over her bank account. The Court however drew inference that an account holder must be held responsible for all transaction initiated or authorised using her account number including transaction by another person whom the account holder has given permission to. The Court sentenced the accused twelve (12) months imprisonment for each charge.

However, in Pendakwa Raya lwn Hasimah Binti Aziz (Kuala Lumpur Criminal Sessions Court Case No. WA-62CY-052-08/2017), the accused was charged under s. 4(1)(b) of the Computer Crimes Act 1997 for allowing access without authorisation to her Maybank bank account and thereafter assist a scam against the complainant.

The complainant was tricked into transferring money to the accused to pay for charges to release a present purportedly sent by a person she knew from Facebook. The investigating officer found that the accused had given her automatic teller machine (ATM) card to a person she knew from Facebook. That person claimed he could not open a bank account in Malaysia.

The Court held that based on the evidence produced, it is clear that the complainant and accused were online scam victims themselves. The accused was deceived into giving her account number, ATM card and PIN number. The complainant on the other had was deceived into paying courier charges, among others. If detailed investigation was made, the main character of the scam would be revealed. There was no attempt to obtain the CCTV recording of who had taken the money from the ATM machine. The bank officer had testified that CCTV recording are stored by the bank for three (3) months. If the CCTV recording was obtained, it would reveal who had used the ATM card.

Sexual grooming – A new offence

In Syed Naharuddin Bin Syed Hashim v Etiqa Takaful Berhad (Award No.: 3143/2018), the Claimant was dismissed after the Company received an anonymous email alleging that the Claimant had been operating as a sexual predator and targeting girls as young as thirteen-years-old.

The anonymous author also alleged that the Claimant, using the pseudonym, “KBoy”, carried out his meetings with girls. It was also alleged that the Claimant’s conversations had been recorded and featured in an undercover expose by the Star newspaper team of journalists know as STAR R.AGE Team. An investigation by the Company revealed that there were two video recordings featuring K-Boy which had been uploaded onto the STAR R.AGE online website and the videos had gone viral on YouTube. The Claimant admitted that he was the individual in the video.

The Industrial Court held that the actions of the Claimant can amount to a sexual communication under the Sexual Offences Against Children Act 2017. The facts of the case which are largely admitted to by the Claimant, are that he communicated with the intended “victim” in social media and then met up with the person (who informed him that she was a young girl of 15). The setting, the time and the locale were such that a person of his standing in society and representing an insurance company should have been wary of. Further, the conversations were explicitly related to sex and sexual exploits which a man of his age has no business to discuss with a young lady, notwithstanding her real age.

The Court found that the termination was with just cause or excuse and the Claimant’s case is therefore dismissed.

E-hailing services – Naughty GrabCar driver

In Pendakwa Raya lwn Muhamad Izuwan Bin Kamaruddin (Mahkamah Magistrate Ampang No Kes: 85-55-09/2017, 83JS-16-09/2017 dan 83-780-09/2017), a GrabCar driver was charged under ss. 323, 354 and 506 of the Penal Code for assaulting his passenger. He pleaded guilty and was sentenced to a total of 3 years and five (5) months.

In deciding the sentence, the learned Magistrate took into account of the negative effect on the e-hailing provider GrabCar which may cause difficulty to female passengers to trust a GrabCar driver. The learned Magistrate imposed a deterrence sentence to send a message to all drivers so that they will drive ethically and treat their passengers with respect and not take advantage of then.

On another note, the Commercial Vehicle Licensing Board (Amendment) Act 2017 and Land Public Transport (Amendment) Act 2017 came to force on 12 July 2018.

These new laws introduced the licensing of intermediation business. Intermediation business is defined as “business of facilitating arrangements, booking or transactions of e-hailing vehicle (pursuant to the new amendment to CVLBA) and for the provision of land public transport services (pursuant to the new amendment to LPTA). These amendments were introduced to regulate e-hailing services such as Grab and also e-hailing vehicles.

Part 4 which focuses on commercial cases will be published on May 10.

First published on Digital News Asia on 3 May 2019

Bread & Kaya: 2018 Malaysia Cyber-Law And IT Cases – Cyber-Defamation

By Foong Cheng Leong
April 26, 2019

  • In cyber-defamation cases, the High Court has granted damages between RM50K to RM100K
  • Court assumes that you have published something if it originates from your email, Facebook, etc

IN THIS second, of a four-part series, I will talk about the rise of cyber-defamation. The number of cyber-related tort cases filed in the Kuala Lumpur High Court in 2018 increased to 60 over from over 50 cases. Most of these cases were related to cyber-defamation.

The Court dealt with numerous defamatory online postings that went viral. In these cases, the High Court has granted damages between RM50,000 to RM100,000.

In Datuk May Phng @ Cho Mai Sum & 2 Ors v Tan Pei Pei [2018] 4 AMR 784, HC, the High Court was tasked to assess the damages to be granted to the Plaintiff against the Defendant for publishing defamatory statements in an email to at least four recipients.

It was not disputed that the said email has been circulated among the public via the internet to as many people as possible and the Defendant invited the recipients to read and spread its contents as widely as possible.

The Court held that the said e-mail was not an ordinary email directed to one person, but the said e-mail was written in the context to address the public, to have the said e-mail widely circulated among the public. Therefore, the Court was of the view that the said e-mail had been widely circulated and/or presumed to be so.

The Defendant’s attempt to prove that the e-mail was sent only to the four individuals named therein or five individuals as a whole as contemplated by the Plaintiffs does not change the scenario or fact that such publication in the internet via email is deemed to be wide circulation because the Defendant intended the wide circulation of the said e-mail based on her statements in the said e-mail where the Defendant requested the public to circulate the said e-mail.

The Court held that it is practically impossible to prove exactly to whom the said e-mail had been circulated, there is a presumption by law that such circulation over the internet is presumed to be wide publication and the onus is on the Defendant to prove the limited publication as alleged.

The High Court granted RM80,000 as general damages.

In Mohamed Hafiz Mohamed Nordin v Eric Paulsen and Another Appeal (Court of Appeal Civil Appeal No. W-02(NCVC)(W)-1668-08/2017), the Plaintiff filed an action against the Defendant for defamation arising from an article published on the internet via the website of Portal Islam & Melayu at www.ismaweb.net which went viral on social media.

The Plaintiff is the executive director of ‘Lawyers for Liberty’, a human rights lawyers’ non-governmental organisation, and a well-known human rights lawyer and activist in Malaysia.

The Defendant is a member of the Pertubuhan Ikatan Muslimin Malaysia (Isma), a non-governmental organisation established in 1997. Isma’s main focus is Islamic propagation in the country.

The Plaintiff alleged that the Defendant had uttered a defamatory statement which was published in an article entitled “Jangan Biar Eric Paulsen bebas tanpa perbicaraan” on www.ismaweb.net.

The High Court found that the Plaintiff had failed to prove that the impugned statement was defamatory as he had failed to prove that his reputation has been adversely affected and tainted. The High Court also dismissed the Defendant’s defence of justification and fair comment.

On appeal, the Court of Appeal found that the impugned statement is derogatory, calculated to incite hatred and anger amongst the multi-religious groups and ethnicity in Malaysia.

The impugned statement not only described the Plaintiff as a fraudster, a liar who incites hatred of the Islamic religion, but also as a person funded and supported by foreign entities, such as the United States of America and the European Union.

In their natural and ordinary meaning, impugned statement meant and was understood to mean by reasonable and ordinary readers of the article that the Plaintiff is anti–Islam. Therefore, taking the bane and the antidote of the article published the defamatory statement had only one purpose, that is, to tarnish the plaintiff’s character and reputation.

The Court of Appeal granted damages of RM100,000.00.

In Mohd Khaidir Ahmad v. Mohd Iqbal Zainal Abidin [2018] 1 LNS 1150, the Court of Appeal upheld the High Court’s decision in finding the Defendant liable for defaming the Plaintiff on his Facebook page.

The Defendant had alleged that the Plaintiff, an Assistant District Officer of Temerloh, had abused his power and was corrupt, among others. One of the Facebook postings had an uploaded photograph of the Plaintiff, his son and car together with defamatory statements.

The Facebook postings attracted responses, negative ones at that, on his Facebook page. The allegation of abuse of power and corruption appeared to resonate with the netizens who posted their comments, generally agreeing with the same.

The Defendant denied that the words were defamatory of the Plaintiff, that they were fair comments and disclaimed responsibility for the negative comments by the netizens.

The Court of Appeal upheld the High Court’s decision in dismissing the Defendant’s defence and also upheld the damages of RM50,000 granted by the High Court. The Court of Appeal agreed with the High Court that the Defendant failed to prove that the Plaintiff had received bribes, and rejected the defence of qualified privilege as the postings were made without there being a duty to do so for they were done for his own interest, not that of the public.

Pre-action discovery – Finding out who defamed you

A pre-action discovery application is an action filed in Court against parties who are in possession of information of a wrongdoer. In usual cases, such an action is filed against a website operator, whose users had published defamatory comments, to divulge the identity of their user.

This is what had happened in the case of Kopitiam Asia Pacific Sdn Bhd v Modern Outlook Sdn Bhd[2018] MLJU 1450. The Plaintiff filed a pre-action discovery application against the three Defendants after it discovered a defamatory article relating to it on the websites connected to the Defendants. The Plaintiff stated that it intends to file an action for slander of goods against certain parties and required particulars of the said parties from the Defendants.

The 1st Defendant is a company dealing with activities related to payment and to up services via the internet portal industry. The 2nd Defendant is a company providing website registration services. The 3rd Defendant is the provider of the server where the website where the defamatory article was placed.

The 2nd Defendant did not object to the application subject to the information to be released being confined to only information in their possession and/or the release of the said information is within the ambit of law in particular the Personal Data Protection Act 2010.

The High Court granted the order against the 1st and 3rd Defendant as the Plaintiff had indeed stated the material facts pertaining to the intended proceedings which relates to a cause of action for slander of goods. They have also identified the persons against whom the order is sought and is likely to be a party in the subsequent proceedings in the High Court apart from specifying and describing the documents needed.

Other than a website operator, the High Court held that a domain name reseller can be compelled to divulge information of their customer.

In Nik Elin Zurina Binti Nik Abdul Rashid v Mesra.net Sdn Bhd (Kuala Lumpur High Court Suit No. WA-24NCvC-179-02/2018) (Unreported), the Plaintiff sought a pre-action discovery order against the Defendant, who was a reseller of Mynic Berhad, the sole administrator for web addresses that end with .my in Malaysia. The Defendant had assisted in the registration of the domain name Menara.my and the Plaintiff claims that Menara.my had defamed her through a few articles. The Plaintiff wanted the Defendant to divulge the identity of the owner, operator and registrant of the domain name.

The High Court allowed the Plaintiff’s application and ordered the Defendant to divulge the identity of the owner of the website.

Interlocutory injunction – Stopping a person immediately

An interlocutory injunction is an order restraining a person from doing an act pending the disposal of the matter in trial. A trial date is usually fixed a few months after a legal suit is filed. If a person wants a tortfeasor to stop publishing further defamatory statements immediately pending the disposal of the matter in trial, he can file such an application with the Court.

Any person who does not adhere to a Court order can be cited for contempt. In Maria Faridah Atienza v. Hadijah Mohamaed Mokhtar & Anor [2018] 3 CLJ 655, the High Court fined the 1st Defendant RM30,000 and sentenced the 1st Defendant to prison for two weeks after she had failed to pay the fine. The Defendant breached the Court’s injunctive order restraining her from making or publishing any statement against the Plaintiff. She had done so by publishing certain statements on her Instagram account.

In Dato’ Sri Mohd Najib Bin Tun Haji Abdul Razak v Tony Pua Kiam Wee (Kuala Lumpur High Court Suit No. WA-23CY-17-04/2017), the Plaintiff, the former Prime Minister of Malaysia, sued the Defendant, a member of Parliament of Malaysia, for defamation. The Defendant had allegedly uttered and published defamatory statements on a live video which was published as a post entitled “BN Govt abandons all Bills to give precedence to PAS RUU355 Private Member’s Bills” on his Facebook account. 

The Facebook post went viral with 82,434 video views. The Defendant has 310,256 Facebook followers. The Plaintiff also filed an application was interlocutory injunction to stop the Defendant from uttering or publishing the defamatory statement.

The High Court granted the said application and held that the Defendant did not deny that he had published those alleged statements, and such statements are indeed defamatory.

On appeal, the Court of Appeal in Tony Pua Kiam Wee v Dato’ Sri Mohd Najib Bin Tun Haji Abdul Razak [2018] 3 CLJ 522 upheld the High Court’s decision.

[Edit: 29 April 2019 – Leave to appeal to the Federal Court (Civil Appeal No. 08(i)-107-03/2018(W)) has been granted for the following questions-

(i) Whether the test for an interim injunction in defamation proceedings laid down in The News Straits Times Press (M) Bhd v Airasia Bhd [1987] 1 MLJ 36 is good law given the freedom of expression guaranteed by Article 10(1)(a), Federal Constitution?

(ii) Whether in light of Article 10(1)(a), Federal Constitution, an application for an interim injunction in defamation proceedings to restrain the further publication of impugned statements must be dismissed where the defendant has:

(a) pleaded and particularized the defences of justification and fair comment on matters of public interest in his Defence; and/or

(b) stated, on oath, his belief as to the truth of the impugned statement, and his ability and willingness to justify the impugned statement?

(iii) Whether the fact that the Speaker of the House of Representatives had ex facie exercised powers under the Standing Orders of the Dewan Rakyat, precludes the entitlement of a plaintiff to establish at trial, the fact that the exercise of such powers was not bona fide, in private law proceedings that refer to such exercise of power?

(iv) Whether a court is entitled in private Jaw proceedings to treat the fact of the Attorney General not having commenced prosecution under Article 145(3), Federal Constitution and/or the explanation for such decision as exonerating the impugned conduct, and such as to allow the court to further conclude by way of judicial notice under section 56, Evidence Act 1950 that no wrongdoing was committed?

Electronic evidence

Presumption of publication – Court assumes that you’ve published it

In Thong King Chai v. Ho Khar Fun [2018] 1 LNS 374, the Plaintiff sued the Defendant for defaming him via email and a closed Facebook Group.

In determining whether the statements were published, the High Court applied the presumption of publication under s. 114A of the Evidence Act 1950. The High Court held that pursuant to s. 114A, the presumption of fact is that the email was published by the Defendant as it had originated from his email address. Similarly, there is also a presumption of fact that the Facebook posting was published by the Defendant through his Facebook account.

The High Court also applied the presumption of fact raising a prima facie inference that postcards and telegrams, in the ordinary course of events, have been published to third parties unless the Defendant proves otherwise (as held in the case of Matchplan (M) Sdn Bhd & Anor v. William D Sinrich & Anor [2004] 2 MLJ 424). Applying the decision in Matchplan to the internet age of publication by email and Facebook, the High Court found that the email and the Facebook posting were published to the persons named in the email’s address list and cc list and also to the persons who had access to the Facebook Group. The Defendant did not provide any evidence to rebut this presumption of fact.

However, the High Court dismissed the action on the ground that the statements were not capable of bearing defamatory meaning and are in fact not defamatory of the Plaintiff. Even if the statements are defamatory of the Plaintiff, the Defendant would be able to rely on the defence of justification and/or the defence of fair comment.

Admissibility of Screenshots

In Norazlanshah Bin Hazal v Mohd Dziehan Bin Mustapha (Kuala Lumpur High Court Suit No. WA-23CY-14-03/2017), the Plaintiff sued the Defendant for defaming him on Facebook.

The Defendant disputed the authenticity of the screenshots which contained the alleged defamatory Facebook posting. However, the learned Judicial Commissioner refused to admit the screenshots as evidence as no evidence was led as to the maker of the contents of these screenshots and none were called to testify, no testimony as to how the screenshots were produced although there as admission that the documents were computer generated and no attempt to admit those screenshots under s. 90A of the Evidence Act 1950.

Part 3 which focuses on cyber-crime cases and other cyber offences will be published on May 3.

First published on Digital News Asia on 26 April 2019

1 2 3 4 5 32  Scroll to top