Malaysia: ASEAN's First Data Privacy Act in Force

(2013) 126 Privacy Laws & Business International Report, pgs. 11-14, December 2013

UNSW Law Research Paper No. 2014-12

10 Pages Posted: 6 Mar 2014 Last revised: 15 May 2014

See all articles by Graham Greenleaf

Graham Greenleaf

University of New South Wales, Faculty of Law

Date Written: April 1, 2014

Abstract

Malaysian Ministers periodically since 1998 announced their intentions to introduce comprehensive data protection legislation. In 2010 the Personal Data Protection Act 2010 (PDPA) was enacted, but not brought into force. A new Personal Data Protection Department was created to oversee the implementation of the Act in 2011.

It was not until 15 November 2013 that the Act was brought into force and Abu Hassan Ismail (previously Director-General of the Department) was appointed as Personal Data Protection Commissioner. A number of Regulations came into force on the same day. Data users had three months to 15 February 2014 to comply with Act and Regulations. It is the first data privacy Act in the ASEAN region to be fully in force. This article analyses the main features of the new Act.

While the PDPA has many deficiencies, this data privacy legislation will be a significant step forward for Malaysians. In the hands of a Commissioner committed to privacy protection, and a government which does not impede this, much will be achievable. However, the range of enforcement methods is insufficient: there are no provisions by which complainants may seek compensation or most other remedies.

If the Act is well managed and gains credibility, Malaysian politics may deliver further improvements to it in future, particularly in expansion of scope to cover the public sector, and provision of some avenue for compensatory damages. For Malaysians to be able to focus on real issues in data protection, because of the existence of this Act, will inevitably increase the demand for better protection.

Keywords: privacy, data protection, Malaysia, Asia, ASEAN

Suggested Citation

Greenleaf, Graham, Malaysia: ASEAN's First Data Privacy Act in Force (April 1, 2014). (2013) 126 Privacy Laws & Business International Report, pgs. 11-14, December 2013; UNSW Law Research Paper No. 2014-12. Available at SSRN: https://ssrn.com/abstract=2404893

Graham Greenleaf (Contact Author)

University of New South Wales, Faculty of Law ( email )

Sydney, New South Wales 2052
Australia
+61 2 9385 2233 (Phone)
+61 2 9385 1175 (Fax)

HOME PAGE: http://www2.austlii.edu.au/~graham

Register to save articles to
your library

Register

Paper statistics

Downloads
218
Abstract Views
1,426
rank
139,017
PlumX Metrics