Malaysia: First Comprehensive Data Protection Bill Passed by House
To link to this article, copy this persistent link:
http://www.loc.gov/lawweb/servlet/lloc_news?disp3_l205401926_text
http://www.loc.gov/lawweb/servlet/lloc_news?disp3_l205401926_text
(Apr 16, 2010) Malaysia's House of Representatives (Dewan Rakyat) passed a bill on April 5, 2010, that would for the first time codify a comprehensive data protection framework for Malaysian enterprises. The bill will now proceed to the Senate (Dewan Negara) for further deliberation. (Donald G. Aplin & Newley Purnell, Malaysia Data Protection Framework Bill Passes House, Country Eyes EU Adequacy, BNA PRIVACY LAW WATCH, Apr. 9, 2010, available athttp://news.bna.com/pwdm/PWDMWB/split_display.adp?fedfid=16965006&vn
ame=prabulallissues&fn=16965006&jd=a0c2r5b3p8&split=0.)
ame=prabulallissues&fn=16965006&jd=a0c2r5b3p8&split=0.)
The bill's seven privacy protection principles, e.g., providing notice to and obtaining the consent of data subjects for use of their data (under the "notice" and "disclosure" principles), are reportedly modeled on those established by the Asia-Pacific Economic Cooperation (APEC) (Malaysia is a member) and the European Union Data Protection Directive (95/46/EC), and the legislation shares certain features of the data protection laws of a number of EU Member States. (Id.; APEC SECRETARIAT, APEC PRIVACY FRAMEWORK (2005), Australian Government Attorney General's Department website, available athttp://www.ag.gov.au/www/agd/rwpattach.nsf/VAP/(03995EABC73F94816C2AF4AA
2645824B)~APEC+Privacy+Framework.pdf/$file/APEC+Privacy+Framework.pdf; Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data, European Commission Justice and Home Affairs website,http://ec.europa.eu/justice_home/fsj/privacy/law/index_en.htm (last visited Apr. 13, 2010) .)
2645824B)~APEC+Privacy+Framework.pdf/$file/APEC+Privacy+Framework.pdf; Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data, European Commission Justice and Home Affairs website,http://ec.europa.eu/justice_home/fsj/privacy/law/index_en.htm (last visited Apr. 13, 2010) .)
The bill includes provisions that require registration of data users, allow for data-user forums and their preparation of codes of practice, set forth the rights of data subjects, regulate direct marketing and personal data transfers outside Malaysia, set up a Personal Data Protection Fund, and establish an Office of the Data Protection Commissioner (ODPC). The ODPC will have limited powers of investigation and enforcement; among other duties, the ODPC will be responsible for monitoring credit reference agencies' activities. The bill also provides for a Personal Data Protection Advisory Committee and an Appeal Tribunal. Inspection, complaint, and investigation procedures, as well as enforcement measures, are also outlined in the legislation. (Aplin & Purnell, supra; Personal Data Protection Bill 2009, Parliament of Malaysia website,http://www.parlimen.gov.my/billindexbi/pdf/DR352009E.pdf (last visited Apr. 13, 2010).)
According to Information Communication and Culture Minister Datuk Seri Dr Rais Yatim, the permissible time frame for retention of personal data will be determined once the legislation is implemented. (Personal Data Protection Bill Passed, THE MALAYSIAN INSIDER, Apr. 5, 2010, available at http://www.themalaysianinsider.com/index.php/malaysia/58789-personal-dat
a-protection-bill-passed.) Rais stressed that the bill had no compensatory provisions for unauthorized use of personal data, but "[c]omplainants can institute civil action for remedy if personal data is abused for commercial transactions." (Id.) He added that upon the law's entry into force, credit reference agencies would have to apply to the ODPC before being allowed to retain in their databases any personal data on individuals. (Id.)
a-protection-bill-passed.) Rais stressed that the bill had no compensatory provisions for unauthorized use of personal data, but "[c]omplainants can institute civil action for remedy if personal data is abused for commercial transactions." (Id.) He added that upon the law's entry into force, credit reference agencies would have to apply to the ODPC before being allowed to retain in their databases any personal data on individuals. (Id.)
| Author: | Wendy Zeldin More by this author sent by: farah hannan binti ahmad sanusi |
