Malaysia Personal Data Protection Act to come into force Jan 1

The Star Newspaper reported that the Malaysian Personal Data Protection Act 2010 will be in force on 1 January 2013.

However, at the time of publication of this blogpost, the date of enforcement has not been gazetted in the Government Gazette.

It’s alarming that the Deputy Minister has taken the view that consent to process personal data must be express and cannot be implied or assumed. It is certainly impractical to obtain express consent for all sorts of commercial transactions. For example, when someone visits an eCommerce website and transacts on the website, the website owner must obtain express consent for each personal data collected from the user. This may be some form of pop up or option for the user to click before he can proceed further. Imagine this popup and option appearing everytime new data is collected. Some data are collected in the background in order for the website to work. It’s disruptive to both the owner and user.

Another example is when data is passed to a service provider of the data user for the former to provide services to the data subject. Assuming express consent is required, the service provider will need to approach the data subject for consent. Data subject will have a lot of calls asking for consent!

I hope that the Commissioner will take a different approach ie by recognising implied consent.


Leave a Reply

Your email address will not be published. Required fields are marked *