12 hours ago
MCMC data collection: No personal info involved, say minister and telcos
SHAH ALAM – The Malaysian Communications and Multimedia Commission (MCMC)'s collection of mobile phone data (MPD) has drawn public attention in recent days, following reports about requests for call data from telecommunications companies.
Both the commission and major telcos have since issued statements clarifying that no personally identifiable information (PII) is being accessed or shared.
The initiative, part of a government-approved effort to strengthen evidence-based policymaking, aims to produce official statistics that will support planning in both the ICT and tourism sectors.
All submitted data is anonymised and complies fully with the Personal Data Protection Act 2010 (PDPA).
According to MCMC, the MPD is used solely to generate indicators such as mobile broadband subscription rates and domestic visitor movements. The data is not intended to track individual behaviour.
"No individual subscriber can be identified through the data collected," MCMC reiterated in its June 6 statement.
Telecommunications companies either process the data internally and submit aggregated outputs to MCMC, or, if lacking in-house capability, anonymise it before submission for processing by the commission. No individual subscriber can be identified from the data collected.
The initiative follows international best practices and is modelled on similar projects in countries such as Indonesia and Brazil.
Concerns arose after a report revealed a directive requesting call data for all mobile phone calls made between January and March 2025, prompting public concern over privacy.
Communications Minister Datuk Fahmi Fadzil later clarified that the data collected does not include personal identifiers. Instead, it is intended to improve telecommunications services, bridge the digital divide and inform infrastructure planning.
"It does not contain any personal information but focuses on trends," he said on June 8.
The data helps assess service quality, user engagement, and penetration at sub-district and regional levels.
The Statistics Department (DOSM), various ministries and international partners have been involved in related workshops since 2023.
The MPD initiative contributes to the government's broader Coverage of Populated Areas (COPA) policy, which shifts focus from general to more detailed, location-specific data.
This refined understanding is expected to enhance planning and policy decisions to better meet public needs.
Fahmi confirmed that the data collection agreement was reached through mutual understanding between MCMC and telcos, with involvement from DOSM. Communications Minister Datuk Fahmi Fadzil clarified that the data collected does not include personal identifiers. Photo by Bernama
He emphasised that telcos will not provide any data containing personal information, only anonymised datasets, processed internally wherever possible, will be submitted.
Telecommunication providers involved, U Mobile, Telekom Malaysia (TM), CelcomDigi, YTL Communications and Maxis have each issued statements reaffirming their commitment to data privacy and regulatory compliance.
U Mobile stated that protecting customer data is a top priority, with strict policies ensuring any shared data is anonymised, aggregated, and compliant with applicable laws. The company confirmed that no PII is ever shared or processed and reiterated its support for the initiative while upholding the highest data governance standards.
"No personally identifiable information has been shared or processed," U Mobile said in a statement.
TM similarly confirmed that the MPD submitted to MCMC is fully anonymised, handled under strict governance and security protocols, and in full compliance with internal policies and national laws. It stressed its ongoing commitment to safeguarding customer data with integrity.
"TM remains fully committed to safeguarding the safety and privacy of customer data with responsibility and integrity," it noted.
CelcomDigi also reported close collaboration with MCMC in support of the government's initiative, noting that it processes requested data within its own secure environment.
"When required, CelcomDigi will process requested data within our own secure environments and provide a limited sample on relevant fields comprising anonymised and aggregated output to the commission," it said.
YTL Communications confirmed compliance with MCMC's directive to submit mobile network usage records for Q1 2025. The company ensured all data was anonymised before submission and affirmed that customer privacy remains its highest priority.
Maxis also confirmed that at no stage is there any access to, processing of, or sharing of PII. All data had been anonymised and processed in aggregate form within a secure environment, in full compliance with the PDPA.
"All data is anonymised by Maxis and processed in an aggregated manner within a secure environment, in full compliance with the Personal Data Protection Act 2010 (PDPA)," Maxis said in a statement.
The MPD initiative supports the government's Coverage of Populated Areas (COPA) policy, which aimed to enhance the accuracy and granularity of connectivity data.
Fahmi also said these improvements would ultimately ensure that planning and policy decisions are better aligned with real public needs.
