Monthly Archives: May 2011

Personal Data Protection Act 2010

by Foong Cheng Leong and Halina Jael Abu Bakar

After a long wait, the Personal Data Protection Act 2010 [Act 709] (“the Act”) has finally been passed. The Act seeks to regulate the processing of personal data of individuals involved in commercial transactions by data users so as to provide protection to the individual’s personal data, thereby safeguarding the interests of such individual.

The enactment of the Act is timely, for information can be transferred and transmitted seamlessly and sometimes, effortlessly. From the traditional snail mail to the social networking tool of “Tweet-ing”, personal and often very important information can now be easily shared.

New technologies and changing market trends are also contributing to the increasingly important role of information in the global market economy. This information, in particular the personal data of individuals involved in commercial transactions, has become a valuable commodity.

Legislation to protect personal data has been enacted in jurisdictions such as Hong Kong, New Zealand, Canada and the European Union. The Act is similar to legislation enacted in those countries.

Notwithstanding the passing of the Act, it will only come into operation once the Minister responsible for the protection of personal data makes a notification in the Gazette, and he can appoint different dates for different provisions of the Act.[1] As at the date of this article, the Act has not yet come into operation.

Personal data

Under the Act, this means “any information in respect of commercial transactions, which —

(a)               is being processed wholly or partly by means of equipment operating automatically in response to instructions given for that purpose;

(b)              is recorded with the intention that it should wholly or partly be processed by means of such equipment; or

(c)               is recorded as part of a relevant filing system or with the intention that it should form part of relevant filing system,

that relates directly or indirectly to a data subject, who is identified or identifiable from that information or from that and other information in the possession of a data user, including any sensitive personal data and expression of opinion about the data subject; …”.[2]

In view of the above, personal data may take various forms, such as the following:

(1)  name;

(2)  passport/identity card number;

(3)  telephone number;

(4)  photograph;

(5)  fingerprint; or

(6)  DNA.

There may be other data which are used daily by individuals but may not be considered as “personal data” under the Act. For example, e-mail addresses are used daily by individuals and each e-mail address is unique to an individual. However, an e-mail address per se may not be “personal data” as it may or may not directly identify an individual —, for instance, does not directly identify an individual. However, an e-mail address with a person’s full name directly identifies an individual and may be considered as “personal data”.

In a recent decision, the Administrative Appeals Board from the Office of the Privacy Commissioner for Personal Data, Hong Kong held that an e-mail address could be personal data.

Operation and application of the Act

The Act only applies to:

(a)               personal data which is processed;

(b)              any person who processes and any person who has control over or authorizes the processing of any personal data in respect of commercial transactions and such a person is a “data user”;[3] and

(c)               to a person in respect of personal data if —

(1)              the person is established in Malaysia and the personal data is processed, whether or not in the context of that establishment, by that person or any other person employed or engaged by that establishment; or

(2)              the person is not established in Malaysia, but uses equipment in Malaysia for processing the personal data otherwise than for the purposes of transit through Malaysia.[4]

A data user is a party:

“… who either alone or jointly or in common with other persons processes any personal data or has control over or authorizes the processing of any personal data, but does not include a data processor”.[5]

The Act envisages situations where the processing is shared, that is, more than one data user processes the personal data, or when more than one data user is able to access the pool of personal data. As an example, where a number of subsidiary companies in a group share a common database of personal data, each subsidiary company would constitute a “data user” under the Act.
On the other hand, the individual who is the subject of the personal data is a “data subject” under the Act. Following from this, it is arguable that the Act is aimed at protecting the personal data of individuals only, and not that of companies or societies.

The term “process” or “processing” in relation to personal data has a wide meaning to the extent that it can cover almost anything that might or can be done with personal data. It is defined as “collecting, recording, holding or storing the personal data or carrying out any operation or set of operations on the personal data”.[6]

A commercial transaction is one:

“… of a commercial nature, whether contractual or not, which includes any matters relating to the supply or exchange of goods or services, agency, investments, financing, banking and insurance, but does not include a credit reporting business carried out by a credit reporting agency under the Credit Reporting Agencies Act 2010”.[7]

At this juncture, it is unclear whether the Act would apply to an employer-employee relationship. A contract of services may be considered as “supply or exchange of services”. In an abundance of caution, it is advisable that employers adhere to the Act.

The Act would not apply to:

(a)               any personal data processed outside Malaysia unless that personal data is intended to be further processed in Malaysia;[8]

(b)              Federal and State Governments;[9] and

(c)               any personal data collected for non-commercial transactions.

Processing personal data — Seven principles of the Act

Each data user, in processing personal data, must comply with the following principles:[10]

(a)               the General Principle;

(b)              the Notice and Choice Principle;

(c)               the Disclosure Principle;

(d)              the Security Principle;

(e)               the Retention Principle;

(f)                the Data Integrity Principle; and

(g)               the Access Principle.

Failure to abide by the above principles amounts to an offence. Upon conviction, the data user is liable to a fine not exceeding RM300,000 or to imprisonment for a term not exceeding two years or to both.[11]

Below is a summary of each principle:

Section Principle Description
6 General
  1. All personal data other than sensitive personal data can only be processed once the data subject has given his consent to the processing of his personal data.[12]


  1. All sensitive data processed must be done in accordance with s.40.[13]


  1. However, a data user may process personal data about a data subject if the processing is necessary for[14]


(a)   the performance of a contract to which the data subject is a party;

(b)  the taking of steps at the request of the data subject with a view to entering into a contract;

(c)   compliance with any legal obligation to which the data user is a subject, other than a contractual obligation;

(d)  the protection of the vital interests of a data subject;

(e)   the administration of justice; or

(f)    the exercise of any functions conferred on any person by or under any law.


  1. Personal data shall only be processed if it is:[15]


(a)   for a lawful purpose directly related to an activity of the data user;

(b)  necessary for or directly related to that purpose; and

(c)   adequate but not excessive in relation to that purpose.


* The Act does not define “consent”. Although consent can be expressed or implied, it is our view that a positive act should be taken to communicate consent. For example, a form requiring certain information can contain an option for the individual to allow or forbid the processing of his personal data for purposes other than the subject matter to which the form relates. Consent should not be assumed if the individual fails to state his option or reply to state its consent for the personal data to be processed.


Consent, once given, can be withdrawn under s.38.[16]

7 Notice and Choice
  1. All data users must inform a data subject, in writing which shall be in the national and English languages:


(a)   that personal data is being processed and provide a description of it;

(b)  the purpose of the personal data being collected and processed;

(c)   the source of the personal data;

(d)  the data subject’s right to request access to and to request correction of the personal data and contact details of the data user if there are any inquiries or complaints on the personal data;

(e)   the class of third parties to which the data user discloses the personal data;

(f)    of the choices and means offered to the data subject to limit the processing of personal data, including personal data of other data subjects which may be identified from that personal data;

(g)   whether it is obligatory or voluntary for the data subject to supply the personal data; and

(h)  whether it is obligatory for the data subject to supply the personal data and consequences if the data subject fails to provide the personal data.


  1. The notice must be given as soon as practicable —


(a)   When the data subject is asked to provide the personal data;

(b)  When the data user collects the personal data of the data subject; or

(c)   In any other case, before the data user uses the personal data for any other reason than that for which the personal data is collected or discloses the personal data to third parties.


* The data user must inform the data subject of all the information prescribed in s.7(1), and not just part of it.

8 Disclosure
  1. Subject to consent of the data subject, personal data shall not be disclosed:


(a)   for any other purpose other than the purpose for which it was disclosed at the time of collection or a purpose directly related to the purpose it was disclosed at the time of collection; or

(b)  to any party other than the third party of the class of third parties stated in the written notice provided by the data user under s.7(1).


* Notwithstanding the Disclosure Principle, the Act allows disclosure of personal data in circumstances specified in s.39.

9 Security
  1. A data user must take practical steps to protect the personal data from loss, misuse, modification, unauthorized or accidental access or disclosure, alteration or destruction, taking into account:


(a)   the nature of the personal data and potential harm that would result if it is not protected;

(b)  the place or location as to where the personal data is stored;

(c)   the security measures incorporated in any equipment which stores the personal data;

(d)  the measures taken to ensure the reliability, integrity and competence of personnel having access to the personal data; and

(e)   the measures taken to ensure the secure transfer of the personal data.


  1. A data user must ensure that the data processer provides sufficient guarantee in respect of the technical and organisational security measures and ensure that reasonable steps are taken to ensure compliance with the security measures.


*It is not clear what “practical steps” means under the Act but it arguably should be the measures that can be taken by the data user. Thus, the data user would need to identify the appropriate measures taken in respect of the nature and type of personal data processed in adopting “practical steps” to protect the personal data.

10 Retention
  1. The personal data processed shall not be kept longer than necessary for the fulfilment of the purpose.


  1. The data user must take all reasonable steps to ensure that all personal data is destroyed or permanently deleted if it is no longer required for the purpose for which it was processed.
11 Data integrity The data user must take all reasonable steps to ensure that the personal data is accurate, complete, not misleading and kept up-to-date, having regard to the purpose, including any directly related purpose for which the personal data was collected and further processed.
12 Access A data subject must be provided access to his personal data held by the data user and be able to correct his personal data, except where compliance with a request for such access or correction is refused under the Act.


Disclosure of personal data

Although the Act requires the consent of the data subject before any personal data can be disclosed, s.39 also allows disclosure of personal data in the following circumstances:

(a)               the disclosure —

(i) is necessary to prevent crime or for the purpose of investigations; or

(ii) is required or authorized by law or by an order of court.

(b)              The data user acted in reasonable belief that he had the legal right to disclose the personal data to another party;

(c)               The data user acted in reasonable belief that he would have had the consent of the data subject if the data subject had known of the disclosing of the personal data and the circumstances of such disclosure; or

(d)              The disclosure was justified as being in the public interest in the circumstances determined by the Minister.

Sensitive data
Under the Act, a distinction has been made between “sensitive personal data” and “personal data”. “Sensitive personal data” is:

“… any personal data consisting of information as to the physical or mental health or condition of a data subject, his political opinions, his religious beliefs or other beliefs of a similar nature, the commission or alleged commission by him of any offence or any other personal data as the Minister may determine by order published in the Gazette”.[17]

Any disclosure of sensitive personal data must be done in accordance with s.40 of the Act, which requires a data user to be more careful in processing sensitive personal data.

Due to the nature of sensitive personal data, a higher restriction is imposed for data users in processing it. A data user must not process sensitive personal data unless with the explicit consent of the data subject. While “explicit consent” is not defined in the Act, arguably, the data subject should be required to provide his clear and express consent to the processing of his sensitive personal data.

Notwithstanding the requirement for explicit consent from the data subject, s.40 of the Act also allows the processing of sensitive personal data where:

(a)               the processing is necessary —

(i)                to exercise or perform any right or obligation which is conferred or imposed by law on the data user in connection with employment;

(ii)              in order to protect the vital interests of the data subject or another person, in a case where consent cannot be given by or on behalf of the data subject or the data user cannot reasonably be expected to obtain the consent of the data subject;

(iii)            in order to protect the vital interest of another person, in a case where consent by or on behalf of the data subject is unreasonably withheld;

(iv)            for medical purposes and is undertaken by a healthcare professional;

(v)              for any legal proceeding;

(vi)            to obtain legal advice;

(vii)          for the administration of justice;

(viii)        for the exercise of any functions conferred by law; or

(ix)             for any purpose as the Minister thinks fit, or

(b)              the information contained in the personal data has been made public as a result of steps deliberately taken by the data subject.

It is an offence to process sensitive data contrary to s.40 of the Act. If convicted, a data user will be liable to a fine not exceeding RM200,000 or to imprisonment for a term not exceeding two years or both.

Registration of data users

Under s.14, the Minister may, by an order published in the Gazette, specify a class of data users which must register itself as data users under the Act. At present, there is no such specification.

A data user who wishes to register under the Act must apply to the Personal Data Protection Commissioner[18] (“the Commissioner’), who may register the applicant and issue a certificate of registration, or refuse the application.[19] The Commissioner may also impose conditions or restrictions in the certificate of registration.[20]

The class of data users who must be registered under the Act is unknown at the moment. However, we are of the view that these may be telecommunications, insurance, banking, pharmaceutical and entertainment companies.

On the assumption that a data user falls within the class of data users which must register and fails to do so, yet processes personal data without a certificate of registration, the said data user has committed an offence. This offence, upon conviction, is subject to a fine not exceeding RM500,000 or to an imprisonment for a term not exceeding three years or both.[21]

Personal Data Protection Commissioner

The Commissioner will be appointed by the Minister for the purposes of carrying out the functions and powers assigned under the Act.[22] One of the Commissioner’s functions is to receive complaints from the public on any contravention of the Act and to investigate the same. His decision can be appealed by way of an appeal to the Appeal Tribunal.[23]

Transfer of personal data overseas

The Act prohibits the transfer of personal data to a place outside Malaysia unless to such place as specified by the Minister, upon the recommendation of the Commissioner, by notification published in the Gazette.

Notwithstanding the said prohibition, a data user may transfer any personal data to a place outside Malaysia if —

(1)         the data subject has given his consent to the transfer;

(2)         the transfer is necessary for the performance of a contract between the data subject and the data user;

(c)          the transfer is necessary for the conclusion or performance of a contract between the data user and a third party which —

(i)           is entered into at the request of the data subject; or

(ii           is in the interests of the data subject;

(d)         the transfer is for the purpose of any legal proceedings or for the purpose of obtaining legal advice or for establishing, exercising or defending legal rights;

(e)          the data user has reasonable grounds for believing that in all circumstances of the case—

(i)           the transfer is for the avoidance or mitigation of adverse action against the data subject;

(ii)         it is not practicable to obtain the consent in writing of the data subject to that transfer; and

(iii)        if it was practicable to obtain such consent, the data subject would have given his consent;

(f)          the data user has taken all reasonable precautions and exercised all due diligence to ensure that the personal data will not in that place be processed in any manner which, if that place is Malaysia, would be a contravention of this Act;

(g)          the transfer is necessary in order to protect the vital interests of the data subject; or

(h)         the transfer is necessary as being in the public interest in circumstances as determined by the Minister.

A data user who contravenes the above prohibition is liable to a fine not exceeding RM300,000 or to imprisonment for a term not exceeding two (2) years or to both.

Right of data subjects

A data subject has various rights to his personal data kept by data users. These are:

Right of access to personal data[24]

An individual is entitled to be informed by a data user whether personal data of which that individual is the data subject is being processed by or on behalf of the data user. A requestor may, upon payment of a prescribed fee, make a data access request in writing to the data user for information of the data subject’s personal data that is being processed by or on behalf of the data user and to have communicated to him a copy of the personal data in an intelligible form.

A data user must comply with the request not later than 21 days from the receipt of the request but may refuse to comply with the request under a few circumstances. For example, the request does not have enough information for the data user to locate the information.

Right to correct personal data[25]

A data subject has the right to make a data correction request in writing to the data user that the data user makes the necessary correction to the personal data. A data user must comply with the request not later than 21 days from the receipt of the request but may refuse to comply with the request under a few circumstances.

Right to withdraw consent[26]

A data subject may by notice in writing withdraw his consent to the processing of personal data in respect of which he is the data subject. The data user shall upon receiving the notice, cease the processing of the personal data. Failure to comply with this requirement attracts a fine not exceeding one hundred thousand ringgit or to imprisonment for a term not exceeding one year or to both.

Right to prevent processing likely to cause damage or distress[27]

A data subject may, at any time by notice in writing to a data user, require the data user at the end of such period as is reasonable in the circumstances, to cease processing any personal data in respect of which he is the data subject if, based on reasons stated by him —

(i)    the processing of that personal data or the processing of personal data for that purpose or in that manner is causing or is likely to cause substantial damage or substantial distress to him or to another person; and

(ii)  the damage or distress is or would be unwarranted.

The data subject may refuse to comply with the notice under certain circumstances, for example, if the data subject has given consent to the processing of the personal data.

Right to prevent processing for purposes of direct marketing[28]

A data subject may, by notice in writing to a data user, require the data user to cease or not to begin processing his personal data for purposes of direct marketing. “Direct marketing” means the communication by whatever means of any advertising or marketing material which is directed to particular individuals.[29]


The Act provides that where a data user has collected personal data from the data subject or any third party before the date of coming into operation, he shall comply with its provisions within three months from such date.

Notwithstanding the grace period of three months, it is advisable that data users start complying with the provisions of the Act as soon as possible. Any use of personal data by a data user would require consent, hence data subjects should start acquiring consent from data users to use the personal data.

Other than the aforesaid, data users may also want to consider the following:

(1)              All documents such as customer forms should be reviewed to determine whether they comply with the Act;

(2)              Avoid collecting sensitive information;

(3)              For companies that deal directly with individuals, designate a special officer to deal with any personal data matters at the ground level;

(4)              Appoint a privacy officer such as Chief Privacy Officer to deal with privacy-related matters;

(5)              Implement security and procedures to protect personal data from being abused;

(6)              Implement procedures to handle customer complaints and announce the same to all customers; and

(7)              If a third party is appointed to handle the personal data, ensure that terms and conditions are set out properly to control the process of personal data.

* All references are to this Act, unless otherwise stated

[1]           Section 1(2)

[2] Section 4

[3] Section 2(1)

[4] Section 2(2)

[5] Section 4

[6] Ibid

[7] Ibid

[8] Section 3(2)

[9] Section 3(1)

[10] Section 5(1)

[11] Section 5(2)

[12] Section 6(1)(a)

[13] Section 6(1)(b)

[14] Section 6(2)

[15] Section 6(3)

[16] The data subject may withdraw via written notice consent to the processing of personal data of

which he is the data subject. The data user shall cease to process the personal data upon receiving the notice. Failure to comply is an offence.

[17] Section 4

[18] Section 15(1)

[19] Section 16(1)

[20] Section 16(2)

[21] Section 16(4)

[22] Section 47(1)

[23] Section 93

[24] Section 30

[25] Section 34

[26] Section 38

[27] Section 42

[28] Section 43

[29] Section 43(5)

Handling social media disasters

Published on 12 May 2011 in The Star Newspaper

Social media can be a powerful tool to promote your goods or services, but the online world is unpredictable and no matter how good a brand is, there will be someone hating it.

IT is now the norm for brand owners having social media network accounts such as Facebook, Twitter, Wikipedia, forums and blogs to connect with their customers.

With such social media tools, brand owners can communicate with their customers directly on queries, promotions or even in friendly banter.

In the social media world, everything is fast and any delay is a missed opportunity. One does not wait for the board of director’s approval to post a reply to a message.

But with such pace, the risk of misstatement is imminent.

Such accounts could be managed in-house or outsourced to third parties which could be digital agencies, public relations firms or freelance social media managers.

It is important to find parties which have experience in dealing with Internet users.

The recent Energizer Night Race 2011 incident is a wake-up call for all brand owners. In this case, a Facebook page was created to promote the Energizer Night Race.

Unfortunately, some glitches marred the event. Immediately after, hundreds of unhappy comments started flooding the Facebook page. Some users alleged that their comments were deleted and this resulted in more unhappy comments being posted.

Soon, bloggers started covering this incident and even Energizer hate pages were created. Individuals involved in this event were also attacked and insulted.

Energizer was merely a co-sponsor, with the event actually organised by a third party.

It took Energizer and the organiser a few days to issue an apology. Unfortunately, by then, the damage had been done. Never underestimate the wrath of angry Netizens.

Brand owners or service providers are advised to deal with complaints promptly. Complaints should not be ignored or deleted. They should be treated like any other complaint. Sometimes a short statement like, “We’ll get back to you shortly” or a simple apology is sufficient for grieving consumers.

Social media is a powerful tool to promote your brand but can also be the cause of one’s downfall. Social media disaster comes in various forms – through website malfunctions, inaccessibility, becoming uncontrollable or a misstatement by the brand owner.

The legal side also has to be taken care of. Users of social media sites should abide by and agree to the terms of use and also privacy policies.

A contract should always be in place between the brand owner and the social media service provider. A social media service contract is not far different from any normal service level agreement. However, attention must be given to certain clauses.

Brand owners should dictate the format of the content posted by the service provider. Format would include the length of postings, topics to be posted and frequency of updates. Having an inactive social media page defeats the purpose of having one.

The parties must agree to have a guideline for unacceptable postings and comments. Defamatory, spam and sexually explicit contents are some examples of unacceptable postings. Topics relating to politics, religion, race, gender, nationality or sexuality should be avoided.

If there is a need to remove offending content, it should be done immediately. However, there should be some room for minor vulgarity as it is common online.

The parties must decide what postings require an immediate response and who will flag it.

As shown by the Energizer Night Race case, there must be a contingency plan to deal with social media disasters.

There must be an obligation on the service provider to report any incident threatening the integrity of a brand. A prompt response to any complaint or threat would help avoid a massive disaster.

There is also a recent trend called “Tweetjacking”, a minor prank where a friend uses your account to post embarrassing messages. However, such a prank can be damaging if posted using a company account.

This happened in the Singapore Straits Times (@stcom) case where the Twitter handle was used to post vulgarities to its 46,000 followers. Soon, other media started reporting this incident.

The lesson learned: limit access to social media applications.

Personal data is processed during the use of social media sites. Such processes may fall within the ambit of the Personal Data Protection Act 2010 (not in force at the time of writing) and thus the obligations under the PDPA must be fulfilled.

Brand owners should consider doing a privacy impact assessment. As for how personal data is stored (Notice Principle), brand owners may add a Privacy Policy on their Facebook page (e.g. as a Tab) or blog.

Facebook Apps also collects personal data of users, which is sometimes disseminated to other users. In the United States, a company was sued for breaching privacy laws by posting online purchases of their customers on its Facebook page.

In the event of termination of a social media services agreement, the service provider should be compelled to give immediate access to the sites and deliver up all logins and passwords. This will avoid situations where a brand owner’s website becomes inaccessible.

Lastly, brand owners and service providers should discuss whether the latter should indemnify the former in the event that the former suffers damages due to the website. Ideally, the latter should indemnify the former due to the acts of the latter.

This is important especially when, for example, an employee of the social media company posts a defamatory message about another party, which results in that party suing the brand owner.

The steps are non-exhaustive and are merely to reduce the damages and risks. The online world is unpredictable and no matter how good a brand is, strangely, there will be someone hating it.

Being a case study for a social media disaster is a disaster.

Luahan hati penulis blog

Published on Utusan Malaysia on 31 July 2010


KUALA LUMPUR menjadi tuan rumah pertama di Asia bagi Persidangan Penulis Blog Media Sosial yang berakhir kelmarin.

Objektif persidangan berkenaan ialah mengingatkan komuniti blog di Asia supaya lebih bertanggungjawab dalam mengendalikan laman blog masing-masing.

Persidangan tersebut berjaya menghimpunkan penulis blog dan pelbagai profesional dari pelbagai negara untuk berkongsi pengalaman dan fikiran mengenai peranan blog dalam pelbagai aspek.

Profesor Pemasaran dari California State University Amerika Syarikat (AS), Beng Soo Ong menyifatkan pengguna dan pengeluar pelbagai produk perlu memantau dan menggunakan blog dengan bijak.

Ini kerana 48 peratus daripada pengguna di AS menggunakan ulasan berhubung sesuatu produk atau jenama di Internet sebelum membuat pembelian, katanya.

Ketua Pegawai Eksekutif AirAsia, Datuk Tony Fernandes yang turut menjadi penceramah pada persidangan tersebut berkata, 80 peratus daripada pendapatan jualan tiket syarikat penerbangan berkenaan adalah melalui laman web.

“Bermula dengan 20,000 penumpang lapan tahun dulu AirAsia kini mempunyai 27 juta penumpang dan saya amat terhutang budi kepada Internet atas kejayaan ini,” tambah beliau.

Penulis blog dari Malaysia, Ahmad Nazuwan Amran, 27, yang mengendalikan laman blog berkata, seorang penulis blog perlu memahami apa yang dikehendaki oleh pembaca selain mempunyai gaya penulisan tersendiri.

“Ini adalah penting untuk menambah pembaca. Saya gemar menulis isu-isu artis dan hiburan dengan tema Mari Bergosip Secara Berhemah.

“Nama sesebuah blog juga perlu menarik seperti blog saya yang menggunakan nama beautiful nara. Pembaca sering menyangka blog saya adalah mengenai seorang wanita yang cantik dan seksi,” katanya.

Penulis laman blog gayahidup sosial dan parti, Joyce Wong berpendapat blog tidak akan mengatasi peranan media tradisi.

Katanya, media tradisi mempunyai kelas yang tersendiri dan lebih menyentuh pembaca.

Sementara Profesor Madya Michael Netzley dari Singapura menyifatkan Internet sebagai satu medium penting bagi masyarakat menyatakan protes.

Contoh yang beliau berikan ialah protes di Internet mengenai patung zaman kanak-kanak Presiden Barack Obama tidak lama dulu sehingga memaksa patung berkenaan dipindahkan.

“Dalam pemerhatian saya penggunaan Internet adalah lebih baik di Malaysia berbanding di Singapura. Masyarakat di Malaysia lebih ekspresif,” jelasnya.

Penulis blog Filipina, Oliver Bloggie Robillo berkongsi pengalaman dengan peserta persidangan mengenai pilihan raya Filipina baru-baru ini di mana media cetak dan elektronik menghubungi penulis blog untuk mendapatkan berita.

Tambah beliau, selain penulisan laman blog juga boleh dikendalikan melalui penggunaan gambar-gambar dan pendekatan ini biasanya sangat efektif dalam mempromosi makanan.

Menurut penulis blog dari India, Amir Varma, blog mula popular di India ketika tragedi tsunami 2004 apabila laman blog memuat turun pelbagai gambar dengan segera.

“Faktor ruang yang terhad di akhbar dan penerbitan hanya pada keesokan hari mendorong laman blog lebih popular,” jelasnya.

Wartawan akhbar The Star, Nikki Cheong melahirkan harapan supaya laman blog dapat berkolaborasi dengan media tradisional seperti akhbar demi kebaikan pembaca.

“Kewartawanan dan media sosial perlu bergerak seiring pada masa akan datang. Ini kerana kedua-duanya berkait rapat. Media sosial sering membincangkan isu yang dilaporkan media cetak,” katanya.

Justeru, tambah beliau, tanggapan bahawa media cetak akan hilang pengaruh adalah tidak tepat.

Datin Paduka Marina Mahathir yang mengendalikan blog bertajuk Rantings berpendapat mereka yang menulis di laman blog perlu berhujah dengan bijak dan bernas.

“Blog tidak semestinya memberikan fokus kepada isu politik semata-mata,” katanya.

Peguam Foong Cheng Leong mengingatkan biarpun seseorang itu bebas menulis apa saja di blog, batasnya tetap ada.

Beliau memberikan contoh golongan yang menyalahgunakan blog dengan meluahkan rasa tidak puas hati kepada majikan di laman blog sendiri.

Kesemua ahli panel dalam persidangan berkenaan bersetuju bahawa perlu ada batasan dalam penulisan blog.

Sebagaimana tindakan menyerang seseorang secara fizikal atau lisan dengan cara berhadapan menjadi kesalahan dan tidak diterima masyarakat, perkara yang sama perlu diamalkan dalam blog.

Kesedaran ini perlu diamalkan oleh komuniti blog sejagat supaya blog menjadi medan perbincangan yang positif dan tidak menjadi tempat meluahkan segala rasa tidak puas hati dan perkara negatif.

Link to original article.


Sherrina Nur Elena bt Abdullah v Kent Well Edar Sdn Bhd

Kota Kinabalu High Court Suit No.: K22-187-2009-I

The Plaintiff, who was a beauty queen, sued the Defendant for publishing, without consent, her photograph and image appearing on packaging of the Defendants’ products, particularly packages of rice being displayed and sold in various retail shops, grocery stores, supermarkets and hypermarkets in Kota Kinabalu.

The Plaintiff also discovered that her photograph and image on the Defendant’s packagings appeared on a large advertisement board
located at Kota Kinabalu, Sabah.

The Plaintiff sued for for copyright infringement and invasion of privacy.

The High Court held that:-

  1. The Plaintiff’s action for copyright infringement fails because she is not the owner of the copyright. The photographs of her were created by organizers of events where she attended or by the photographers who took them. Therefore, she has no locus standi to initiate the action.
  2. In Malaysia, the law on the invasion of privacy has developed. It is desirable especially in this internet era of Facebook and YouTube where lives can be destroyed by such unwanted invasion of privacy.
  3. Although the Plaintiff is at liberty to sue the Defendant for invasion
    of her privacy, in the instant case the Defendant did not intrude
    onto private property and took the photographs of the Plaintiff
    without her consent.
  4. The photographs were taken many years ago by someone else at beauty pageants where she participated willingly as a contestant and in public. It was not a private affair on a private property. The photographs as exhibited were also not offensive.
  5. The Plaintiff did not complain then that she had been humiliated or ridiculed or scandalized by the photograph or image.
  6. From her affidavits, these pageants were reported and the photographs were published in the local newspapers. The particular photograph or image which the Plaintiff complained was an invasion of her privacy was also published in the book by the Sabah Tourism Board in 1992. It was reproduced by the Defendant on its products. These photographs are in the public domain and cannot amount to an invasion of her privacy.

[Full Judgement: Download]<

 Scroll to top