Lawyers for Liberty (LFL) refers to minister for the economy Rafizi Ramli’s statements on 4 January in relation to the Padu scheme that there is no need to subject data collected by government to the Personal Data Protection Act 2010 (PDPA) and that there is a “difference between PDPA 2010 and public data” and that each government agency has its own regulations on data.
He said this in response to LFL’s call for the controversial Padu scheme to be suspended pending amendments to the PDPA.
Rafizi’s response is ignorant and irresponsible and is completely oblivious to the role and necessity of PDPA legislation in governing personal data.
First, the protection of personal data cannot be left to ad-hoc and superficial regulations of individual government agencies or departments, as Rafizi suggested.
This is a reckless suggestion. Such regulations, even where they exist, do not provide the effective and comprehensive protection afforded by the PDPA itself.
- Sign up for Aliran's free daily email updates or weekly newsletters or both
- Make a one-off donation to Persatuan Aliran Kesedaran Negara, CIMB a/c 8004240948
- Make a pledge or schedule an auto donation to Aliran every month or every quarter
- Become an Aliran member
The PDPA protects data according to carefully laid out principles, including the disclosure principle, the security principle, the retention principle and the data integrity principle.
Rafizi must understand that government agencies’ regulations have no such safeguards, thus exposing the public’s personal data to potential abuse and misuse.
In fact, the minister failed to even give one example of any such regulation. Is he speaking of the Official Secrets Act, which is totally unsuited for this purpose?
Throughout the world, government data has been subjected to PDPA-type regulations; and yet the minister claims the Malaysian public’s personal data does not require such protection.
His claim that it is impossible or impractical for government data to be subjected to the PDPA is nonsensical, as globally countries have subjected government data to personal data protection legislation.
The fact is, Malaysia and Singapore are the only countries that have exempted government data from a personal data protection legislative regime.
This is not just an embarrassment to our country, but also affects trade and business with entities from countries which have stricter personal data protection regimes.
Surely the minister should be concerned about this. The minister’s refusal to subject government data to PDPA governance is incomprehensible and goes against the global trend.
Further, Rafizi’s claim that there’s a difference between PDPA and government data reflects a serious lack of understanding and logic. The nature and value of personal data is the same, irrespective of whether it is used by private businesses or by the government, and must be equally protected whether in the hands of the government or the private sector.
Finally, data protection has become a global concern which cannot simply be brushed aside. There have been a slew of serious criticisms against Padu, apart from the lack of PDPA protection.
In the public interest, we strongly reiterate and urge the government to suspend immediately Padu, pending amendment of the PDPA.
Zaid Malek is director of Lawyers for Liberty