Lawyers for Liberty (LFL) refers to the controversial release of the Pangkalan Data Utama (Padu) platform by the government to centralise information from different government agencies.
Whilst there are valid reasons advanced why this initiative is necessary, there are legitimate and serious concerns regarding the protection and security of the data collected.
As it stands, Section 3(1) of the Personal Data Protection Act 2010 (PDPA) exempts the government from its application, meaning that the data collected by Padu can be disseminated or used by the government beyond its declared purpose of targeted subsidies.
There have been cases of misuse of data by the government before where personal data were used to disseminate propaganda by way of SMS messages to the public. It would be a massive betrayal of trust should data collected from the public be used by the government for any political purposes.
Furthermore, with the data collected being centralised on a single platform, the security of the data must be made a priority. The government unfortunately has a bad track record of data protection; there are numerous reports of data being stolen from multiple government agencies, exposing users to scams and data fraud with no legal recourse as the government is exempt from liability under the PDPA.
This puts the public in a terrible disadvantage and danger of loss and damage.
Minister Rafizi Rafizi talked about bringing in an “omnibus bill” to deal with these matters. But details of this bill are lacking. And surely it is obvious that the so-called omnibus bill should have come in before implementing the Padu scheme?
- Sign up for Aliran's free daily email updates or weekly newsletters or both
- Make a one-off donation to Persatuan Aliran Kesedaran Negara, CIMB a/c 8004240948
- Make a regular pledge or periodic auto-donation to Aliran
- Become an Aliran member
It is thus not enough for the government to make verbal assurances that the data collected under Padu is not misused or will be protected.
There is a need for an immediate amendment to the PDPA to place responsibility and liability on the government, as well as the agencies responsible for the protection and security of the data collected. Whether there is an omnibus bill or not, the amendments to the PDPA must be done.
There also must be a system in place for a public inquiry should any data breach occur so that affected users can be informed of the breach and take necessary action against anyone responsible for the breach.
Without the amendments being made before the launch of Padu, the public cannot be assured that their data will be protected from misuse by the government or scammers and unscrupulous individuals who will undoubtedly target the massive database. This type of criminality is notoriously widespread now and has become regional.
It is strange that the government has proceeded without fixing the law, as this is tantamount to putting the horse before the cart.
Hence, we call upon the government to suspend the implementation of Padu until necessary amendments are made to the PDPA.
The government must hold itself responsible in law before it can launch any data collection platform to ensure that the data collected is protected and secured.
Any exemption from liability is unacceptable and shows a lack of confidence by the government in its own platform and its ability to protect the collected public data from misuse or theft. – LFL
Zaid Malek is director of Lawyers for Liberty