• Home
  • News
    • Press Statements
    • Speeches
    • Bar News
    • AGMs and EGMs
    • In Memoriam
    • Legal and General News
    • Court Judgments
    • Highlights from the Appellate Courts
  • Members
    • Circulars
    • Peer Support Network
    • Sijil Annual and Payments
    • Benefits
    • Practice Management
    • Professional Development
    • Opportunities for Practice
    • Mentor-Mentee Programmes
    • Laws, BC Rulings and Practice Directions
    • Resources
    • Become a Member
  • Find
    • Legal Directories
    • BC Legal Aid Centres
    • State Bar Committees
    • Law Firms | Areas of Practice
    • Jobs
    • Useful Forms
  • About Us
    • Malaysian Bar and Bar Council
    • President's Corner
    • Committees
    • Previous Committees
    • Contacts
    • Advertising
    • Malaysian Bar Lifetime Achievement Award
  • Public
    • Complaints
    • Legal Aid
    • Notices
    • Compensation Fund
  • Search
  • Login
Search for

New login method: If first-time login, the password is your NRIC No. Call 20502191 for help.

 
Lost your password? Remember Me

 
No User ID/Password for firm? Click here for more information. Forgot Firm Username/Password?

Set a new password

If you have lost your password, you must set a new password. To begin this process, please key in your 12-digit NRIC No. below.

Forgot Firm Username/ Password?

Please enter name of firm or registered email address, indicate whether you want to retrieve your firm's username or password, and click "Submit".

Username Password
 
Access to Member Portal

Please key in your membership number, and click "GO"

BC
Resume Practice Request

Please key in your membership number, and click "GO"

BC
Newly-Called Request

Please key in your pupil code, and click "Submit"

Pupil Code

Change Password

Please enter your Password and Confirm Password then click on the Change Password button.
You will receive a new password shortly. Use this new password to access the site.
Password:
Confirm Password:
 
Change Password


Shortcut
  • Legal Directory
  • Find a Job
  • CPD
  • Online Shop
  • Payments
  • Complaints
  • Committees

Search the site

  • Search Me
Member Login
  • BC Online Facilities
  • Login Type 2
  • Login Type 3
  • Login Type 4
  • About Us
  • President's Corner
  • Press Statements
About Us
Malaysian Bar and Bar Council
  • About Us
  • Bar Council Members
  • Malaysian Bar Secretariat
  • Elections
President's Corner
  • Roll of Presidents
  • Press Statements
Committees
  • * Committees | Introduction
  • Ad Hoc Committee on Conditional Fee Rules (Re Non-Personal Injuries)
  • Ad Hoc Committee on Conditional Fee Rules (Re Personal Injuries)
  • Ad Hoc Committee on Contempt of Court
  • Ad Hoc Committee on Corporatisation of Law Firms and Multi-Disciplinary Practice
  • Ad Hoc Committee on Legal Services Blueprint
  • Ad Hoc Committee on Personal Data Protection
  • Ad Hoc Committee on Sectoral Law and Practice Integration
  • Ad Hoc Committee on Sectoral Law and Practice Integration
  • Ad Hoc Committee on Statelessness
  • Ad Hoc Committee on Touting
  • Ad Hoc Pandemic Response
  • Ad Hoc Parliament Liaison Committee
  • Ad Hoc Peer Support Network
  • Ad Hoc Waqf Committee
  • Advocacy Training
  • AMLA Training Committee
  • Animal Rights Committee
  • Anti-Touting Committee
  • Arbitration
  • Art and Law Committee
  • Bahasa Melayu
  • Building
  • Child Rights
  • Civil Law and Law Reform Committee
  • Committee on AMLA
  • Committee on Orang Asli Rights
  • Committee on Persons with Disabilities
  • Committee on Reform to the Legal Sector
  • Common Bar Course
  • Constitutional Law Committee
  • Construction Law
  • Conveyancing Practice Committee
  • Corporate and Commercial Law Committee
  • Court Liaison
  • Criminal Law Committee
  • Cyber and Privacy Laws Committee
  • Cyberlaw
  • Digital and Communications Committee
  • Enforcement Committee
  • Environment and Climate Change Committee
  • Family Law
  • Finance Committee
  • Human Rights Committee
  • Industrial and Employment Law Committee
  • INSAF Committee
  • Integration
  • Intellectual Property
  • International Affairs Committee
  • International Professional Services Committee
  • Islamic Finance
  • Joint Committee on Environmental, Social and Governance (“ESG”)
  • Joint Working Committee on ELEVATE
  • Law Reform and Special Areas
  • LAWASIA Conference 2024 Organising Committee
  • LawCare
  • Legal Databases Liaison
  • Legal Profession
  • Legal Tech, AI and Sandbox Committee
  • Mediation
  • Migrants, Refugees and Immigration Affairs Committee
  • MyBar Academy
  • MyBar Ageing Rights Advisory ("MBARA") Committee
  • MyBar Carnival Organising Committee
  • National Legal Aid
  • National Young Lawyers and Pupils
  • Personal Injury Claims and Awards
  • Professional Indemnity Insurance Committee
  • Professional Standards and Development
  • Publications
  • Risk Management
  • Shipping and Admiralty Law
  • Small Firms Practice
  • Solicitors' Remuneration Enforcement
  • Sports
  • Sports and e-Sports Law Practice Committee
  • Strategic Litigation Committee
  • Syariah Court Liaison Committee
  • Syariah Law
  • Task Force on Independent Police Complaints and Misconduct Commission ("IPCMC") and Police Accountability
  • Tax and Customs Committee
  • Tender Review Committee
  • Trade in Legal Services Committee
  • Women's Rights
  • Yayasan Bantuan Guaman Kebangsaan Committee
Previous Committees
  • * Previous Committees | Introduction
  • Ad Hoc Committee on Amendments to the LPA
  • Ad Hoc Committee on Anti-Money Laundering
  • Ad Hoc Committee on Benchmarking Law Firms
  • Ad Hoc Committee on Judicial Commission
  • Ad Hoc Committee On National Legal Aid Foundation
  • Ad Hoc Committee on Quality and Standards
  • Ad Hoc Committee on Rules and Regulations
  • Alternative Dispute Resolution
  • Gender Issues & Equal Opportunities (2005-2007)
  • Institutional and Law Reform
  • International Malaysia Law Conference 2012
  • International Malaysia Law Conference 2014
  • International Malaysia Law Conference 2016
  • International Malaysia Law Conference 2018
  • International Malaysia Law Conference 2020
  • International Malaysia Law Conference 2022
  • International Malaysia Law Conference 2023
  • LawCare Fund Management
  • Library
  • Malaysian Law Conference 2007
  • Malaysian Law Conference 2010
  • Motor Insurance Review Ad Hoc Committee
  • No-Fault Liability Scheme
  • Practice Management Support
  • Safer Malaysia
  • Standing Committee for the Promotion of Best Practices by Detaining Authorities (2005-2007)
  • Standing Committee on Court Rules (2005-2007)
  • Standing Committee on Eliminating Discrimination (2005-2007)
  • Standing Committee to Review LPA 1976
  • Study Loan
  • Task Force on Combined Rules of Court
  • Task Force to Review the Compendium of Personal Injury Awards
Contacts
  • Web Administrator
  • Complaints
  • Legal Aid Centres
  • State Bar Committees
  • Malaysian Bar Secretariat
  • Bar Council Members
  • Bar Council
Advertising
  • Advertise with Bar Council
Malaysian Bar Lifetime Achievement Award
  • Malaysian Bar Lifetime Achievement Award
  • Go back to list
Press Statement | Rebuilding the Public Trust Deficit With Regard to Personal Data Collection 25 Jun 2025 10:32 am

The Malaysian Bar applauds and welcomes the Federal Government’s recent efforts to enhance transparency and public engagement in matters concerning the protection of personal data.  In particular, we welcome the proactive clarifications through the media, over the past week, explaining the objectives, scope, purpose, and safeguards of the Mobile Phone Data (“MPD”) Programme.1

We also commend the Federal Government’s ongoing legislative reforms, such as the passing of the Data Sharing Act 2025 (“DSA”),2 Online Safety Act 2025,3 Cyber Security Act 2024,4 amendments to the Penal Code5 and Criminal Procedure Code6 to further combat bullying, amendments to the Personal Data Protection Act 2010 (“PDPA”),7 and amendments to the Communications and Multimedia Act 1998 (“CMA”).8 These developments collectively reflect the Federal Government’s resolve to protect, preserve, and uphold personal privacy, amongst others.

However, the Malaysian Bar notes with concern the growing public unease regarding the recent collection and use of mobile phone metadata by the Malaysian Communications and Multimedia Commission (“MCMC”), and the Department of Statistics Malaysia, under the MPD Programme.  It was reported that MCMC recently issued a directive to mobile network operators (“MNOs”), instructing them to disclose mobile phone data to the Federal Government for official statistical purposes, including mobile call records from the first quarter of 2025.9  The directive, reportedly issued in April 2025, may have stated that non-compliance could constitute an offence under the CMA, carrying penalties of up to RM20,000 in fines or six months’ imprisonment.10

MCMC stated that the MPD Programme was approved by the Federal Government’s Cabinet of ministers in April 2023 as a national initiative under Projek Data Raya Nasional, aimed at generating real-time data insights for planning purposes in areas such as infrastructure, health, and tourism planning.11  Eight categories of mobile metadata are reportedly being collected from MNOs, including anonymised subscriber identifiers, timestamps, cell tower coordinates, data type (call or internet), and network type.12

MCMC stated that the data collected are anonymised and aggregated, and therefore falls outside the scope of the PDPA as these allegedly cannot be used to identify individuals.13  This view has been echoed by several MNOs,14 who affirm that policies and processes are in place to ensure the data shared is strictly anonymised, aggregated, and handled in compliance with applicable data protection laws and regulations.  They further assert that no personally identifiable information is shared or processed at any point.

The CMA allows MCMC to collect anonymised data from licensees.  Section 73 of the CMA enables MCMC to collect data through the issuance of a directive following section 51 of the CMA.  MCMC may also share such data with the Department of Statistics Malaysia following section 80(3) of the CMA, or sections 12 and 13 of the DSA.  Section 16 of the DSA provides for the protection of privacy for all data shared between public sector agencies such as MCMC and the Department of Statistics Malaysia.  Section 18 of the DSA provides for penalties in the event that third parties divulge any of such data without authorisation.

Nevertheless, notwithstanding such legal safeguards, in the absence of an opt-out mechanism, and as a result of Cabinet approval,15 concerns have been raised about consent, oversight, and accountability, including the purpose and limitations of why such data is collected.16  There are also some concerns that whilst anonymisation is an important and recognised safeguard, it is not infallible.

This is notwithstanding MCMC confirming that MNOs are to anonymise and aggregate data prior to transmission, or to transmit anonymised data that is not aggregated for MCMC to aggregate.17

Some members of the public have raised serious concerns about the scope of MCMC’s access to such anonymised datasets, particularly those involving rich metadata.  These may be re-identified in certain contexts, to individuals, especially if MCMC has access to auxiliary information that could enable such re-identification.18  The amount of media reports regarding such concerns and the fact that MCMC had to re-clarify shows that the public do have serious concerns.

Such concerns are exacerbated by the limited visibility into the processes surrounding data anonymisation and aggregation, as well as a perceived lack of enforcement in past data breach incidents.19  Public confidence in the Federal Government’s ability to safeguard personal data has been severely undermined by recent events.  For instance, it was alleged in 2022 that the personal data of 22.5 million Malaysians (including full names, MyKad numbers, and addresses) was extracted from the National Registration Department via the MyIdentity API (application programming interface) and offered for sale online;20 in 2024 another breach reportedly involved 17 million MyKad records being circulated on the dark web; and recent reported cyberattacks targeting PERKESO21 and Prasarana Malaysia Berhad22 allegedly exposed sensitive internal data.  This pattern of repeated leaks, perceived opaque investigations, and also the possible absence of meaningful accountability has entrenched a trust deficit amongst the Malaysian public regarding the management of personal data by the government machinery.23

The Malaysian Bar requests the Federal Government to address such trust deficit with the following recommendations:

(1) MCMC and the participating MNOs should publicly disclose the specific standards, methodologies, and safeguards applied to ensure effective anonymisation and aggregation of mobile phone data.  This may include the relevant technical documentation, data governance protocols and risk assessments, which are published on MCMC’s portal or other accessible public platforms.  Independent audits and/or oversight by trusted third-party bodies, such as the Public Accounts Committee in Parliament, would further reinforce public confidence.

(2) Section 3(1) of the PDPA currently excludes the Federal Government and State Governments.  This section should be amended to expressly include jurisdiction over the Federal Government, State Governments, and all statutory and regulatory bodies, since they collect and process large volumes of personal data.

(3) The Federal Court in Sivarasa Rasiah v Badan Peguam Malaysia recognised that the right to personal liberty under Article 5(1) of the Federal Constitution also includes the right to privacy.24 In today’s data-driven environment, it is imperative that this right be enshrined in the Federal Constitution as a basic fundamental liberty.

(4) The perceived absence of visible or timely enforcement action in response to previous high-profile data breaches undermines public trust.  A robust, transparent, and independent enforcement regime must be established, including fast-track complaint and redress mechanisms, proactive investigations, and meaningful sanctions for mishandling or misuse of data.

(5) Meaningful public consultation and engagement should not be an afterthought.  All future phases of the MPD Programme and similar national-level data initiatives ought to be preceded by transparent, inclusive and genuine consultations, and dialogue with stakeholders, including civil society organisations, professional bodies, and academia.

While we acknowledge and respect the Federal Government’s good faith efforts to modernise digital governance and strengthen national data infrastructure, it is clear that further action is required to rebuild public trust.  The Malaysian Bar remains committed to engaging constructively with all stakeholders, including the Federal Government, State Governments, regulators, statutory bodies, industry, and civil society, to help shape a digital future that respects individual rights, safeguards privacy, upholds our constitutional rights, and meets international best practices.

 

Mohamad Ezri b Abdul Wahab
President
Malaysian Bar

25 June 2025

1 “Cabinet approved mobile data collection in 2023; no opt-out for Malaysians — MCMC”, The Edge, 9 June 2025; “MCMC Clarifies on Collection of Mobile Phone Data for Official Statistical Purposes”, Malaysian Communications and Multimedia Commission website, 6 June 2025.

2 Data Sharing Act 2025, Attorney General’s Chambers, 20 February 2025.

3 Online Safety Act 2025, Attorney General’s Chambers, 22 May 2025.

4 Cyber Security Act 2024, Attorney General’s Chambers, 26 June 2024.

5 Penal Code (Amendment) Act 2025, Attorney General’s Chambers, 25 February 2025.  

6 Criminal Procedure Code (Amendment) Act 2025, Attorney General’s Chambers, 25 February 2025.

7 Personal Data Protection (Amendment) Act 2024, Attorney General’s Chambers, 9 October 2024.

8 Communications and Multimedia (Amendment) Act 2025, Attorney General’s Chambers, 27 January 2025.

9 “MCMC calls up logs of all phone calls, says no personal info accessed”, Free Malaysia Today, 6 June 2025

10 Ibid.

11 “Cabinet approved mobile data collection in 2023; no opt-out for Malaysians — MCMC”, The Edge, 9 June 2025; “MCMC Clarifies on Collection of Mobile Phone Data for Official Statistical Purposes”, Malaysian Communications and Multimedia Commission website, 6 June 2025.

12 “MCMC: Only eight data types required from telcos in Mobile Phone Data collection initiative”, The Star, 9 June 2025.

13 “MCMC says anonymised mobile phone data not classified as ‘personal data’”, New Straits Times, 9 June 2025.  

14 “Telcos assure public over privacy following MCMC’s mobile data collection”, Malay Mail, 8 June 2025.  

15 “Cabinet approved mobile data collection in 2023; no opt-out for Malaysians — MCMC”, The Edge, 9 June 2025.

16 “MCMC Mobile Phone Data: A look into its data sample, lack of public consultation, no opt out option”, Soya Cincau, 10 June 2025.

17 “Cabinet approved mobile data collection in 2023; no opt-out for Malaysians — MCMC”, The Edge, 9 June 2025.

18 “MCMC order to share phone data sparks concern”, The Sun, 11 June 2025.   

19 “Cover Story: Personal data in jeopardy”, The Edge, 10 February 2025.  

20 “Investigation ongoing on MyIDENTITY data breach, no arrests yet”, The Edge, 25 July 2022. 

21 “Perkeso confirms cybersecurity breach since Saturday”, New Straits Times, 8 December 2023.   

22 “Prasarana confirms cybersecurity incident”, New Straits Times, 26 August 2024.   

23 “Why Malaysia’s Phone Data Plan Could Go Wrong – Commentary”, Malaysian Wireless, 13 June 2025.   

24 [2010] 3 MLJ 507, paragraph 15: “It is patently clear from a review of the authorities that “personal liberty” in art. 5(1) includes within its compass other rights such as the right to privacy.”

© Copyright Reserved 2025. Malaysian Bar.
Wisma Badan Peguam Malaysia, 2 Leboh Pasar Besar, 50050 Kuala Lumpur, Malaysia
Terms and Conditions.
 

I'm a

 
 
 
 
 

I'm a