Personal Data Protection Law: The Malaysian Experience

In 1998, the Malaysian government introduced a draft Data Protection Bill. This Bill has never made it to Parliament due to heavy opposition from the communication and multimedia industry. In a surprise move, the government abandoned the European Union approach for a more 'industry friendly' set of regulations. The exact nature of the proposed draft bill is yet to be seen as, unlike its predecessor, the whole process of drafting is being kept confidential. This article discusses the Malaysian initiative in introducing specific data protection laws in the years following the archived draft Personal Data Protection Bill. It is the hypothesis of this article that the lack of protection for data privacy stems largely from the widespread lack of recognition of the right of privacy in general. With regards to data protection, for example, some view the current sectoral approach to data protection is adequate in providing the minimum security needed in the industry. Others, however, view the sectoral approach as rather piecemeal and hardly sufficient to provide the required security. As to the general rights of privacy, the non-recognition of a general right of privacy is hardly surprising. In a country where individual freedom of expression is effectively not guaranteed, the European-style notion that an individual should be free from unnecessary intrusion and snooping from the state is a luxury. In a country that professes to adhere to Islamic teaching as its major religion, this proposition is entirely not acceptable. Leaving religious concerns aside, the truth is that many in the industry feel that having a stringent data protection law would be detrimental to the overall industry's needs and interests. Furthermore, other laws relevant to data privacy exist, and they provide the minimum security required by the industry without unduly inhibiting its growth.