Covid-19 laws

Advisable for management bodies of high-rise residences to abide by act

I was asked by The Star to comment on whether the Personal Data Protection Act 2010 (PDPA) binds management bodies of high-rises from disclosing details about residents who contracted Covid-19. I said-

Bar Council Intellectual Property Committee co-chairperson Foong Cheng Leong said it was unclear if management bodies were involved in the processing of personal data for commercial purposes.

“There are different views to this. Nevertheless, there is no blanket exemption for JMBs and MCs.

“In light of this uncertainty, it’s advisable for them to comply with the PDPA.

“In any event, disclosure of information of residents with Covid-19 is highly discouraged as it could breach the PDPA and even amount to an invasion of privacy, ” he said.

There are views that management bodies collecting monthly maintenance fee to service the building providing is a form of a “commercial transaction” and thus the PDPA applies. The PDPA only applies to personal data in respect of a commercial transaction.

However, it is noted that the Strata Management Act 2013 empowers a management body to collect charges for the purpose of maintenance and management of the building. It is therefore arguable that they are merely exercising a legal duty and not conducting a “commercial transaction”.

Experts take dim view of Covid-19 ‘vaccine passport’ for Malaysians

I was asked by The Malay Mail to comment on the privacy aspect of a “vaccination passport”, a document (whether electronic or not) showing that a person had been vaccinated. I said-

According to privacy lawyer Foong Cheng Leong, there could be privacy concerns with such a passport, depending on what data is collected and shared by the governments.

“If it is standard information that is being shared when a person travels from country to country, that should be fine.

“However, a person’s medical information is sensitive personal data and the sharing of such information should be limited,” said Foong.

He suggested that for the purpose of combating Covid-19, the information shared should only be limited to matters related to Covid-19 and not a person’s health information in general

Don’t misuse private info in Covid-19 apps, Putrajaya urged

I was quoted by FreeMalaysiaToday regarding the collection of data by the Government through from people using official mobile application aimed at efforts to curb Covid-19. I said-

A lawyer specialising in privacy laws has urged the government to regulate the collection of data from people using official apps for mobile phones aimed at efforts to curb Covid-19.

Putrajaya should review existing laws on data collection, and should set out the steps taken to protect private information provided by users, says lawyer Foong Cheng Leong.

It was necessary to make sure that the information is used only to deal with infectious diseases “and not for other purposes like political campaigning or police investigations for other crimes,” he said.

Punishments should be set out for those who misuse the data, and there should be provisions to guarantee redress for those harmed by the abuse of the data.

Yesterday the health minister launched the MySejahtera app which allows users to perform health self-assessments, monitor their health and enables the health ministry to also monitor the user’s health.

Two other apps, to trace contacts of infected people, are also being developed separately.

Foong said public health and safety should take precedence during a pandemic. However, there was a need to review existing laws to regulate data collection.

“Any laws passed should take into account the rights of the data subject,” he said.

 Scroll to top