2 days ago
MCMC's mobile data collection for public good, brings digital governance under spotlight
In today's digital era, data often referred to as the 'new oil' is an asset that drives decision-making, innovation, and economic growth. — Photo by Porapak Apichodilok/Pexels
KUALA LUMPUR (June 12): In today's digital era, data often referred to as the 'new oil' is an asset that drives decision-making, innovation, and economic growth but like any powerful tool, its use requires responsibility, transparency, and public trust.
The recent announcement by the Malaysian Communications and Multimedia Commission (MCMC) on the collection of anonymized mobile data from mobile service providers has indeed sparked widespread national discussion around privacy, governance, and the balance between national interests and individual rights.
According to MCMC and the telecommunications companies involved, the data will only be used for statistical analysis and policy formation, particularly in areas such as network planning, disaster response, and understanding population movement patterns.
The data does not include personally identifiable information such as names, identity card numbers, phone numbers, or message content.
This is not surveillance in the traditional sense, nor is it a breach of privacy as some may assume.
Rather, it is commonly practiced by governments worldwide to make better decisions especially in the context of public services and infrastructure.
Still, public concern is understandable.
In an age where news about data breaches, unauthorized surveillance, and misuse of personal information by commercial entities is common, any initiative involving data collection can raise alarm bells.
The MCMC initiative is not a failure of the system itself but reflects a gap in public awareness and trust.
Many Malaysians still do not fully understand what metadata is, how it's used, or what safeguards are in place to prevent misuse.
This misunderstanding creates room for misinformation and fear.
The truth is, metadata refers to general usage information such as time, location, and level of activity, not detailed personal content.
Kevin Lim
Kevin Lim, Vice President of cybersecurity firm INFRA 365, said metadata is like an envelope showing who sent it, who received it, and when it was sent but not the contents inside.
Lim explained that such data can play a vital role in supporting national security and public policy.
'Other countries, including those with strict privacy laws, also collect mobile metadata for similar purposes,' he said.
'These include monitoring public movement during health emergencies, identifying signal blind spots, and assessing population density for disaster relief operations.
'Yes, it's a common practice, but only under certain conditions. Think of it as a controlled process where authorities are trying to tackle threats or crimes.'
According to him, the difference is the legal and technical framework that governs access to this data.
'There must always be legal oversight and clear protocols to prevent misuse, even with good intentions,' Lim said.
Proper safeguards, he added, should include legal requirements, audit trails to monitor access, limits on who can view the data, and oversight by independent bodies.
He explained that when these protocols are followed, the risk of data misuse can be significantly reduced.
However, he acknowledged that Malaysia's data protection laws are still evolving.
The Personal Data Protection Act (PDPA), introduced in 2010, was a good first step but is more focused on the private sector and does not cover government agencies.
'Malaysia's PDPA was a good start, but it still lags behind the laws of other countries,' said Lim.
This shortcoming, he said, has prompted calls for a more comprehensive legal framework that includes both public and private sectors.
Compared to international standards such as the European Union's General Data Protection Regulation (GDPR) or Singapore's PDPA, Malaysia's enforcement mechanisms are still not robust enough.
Lim said there is currently no legal requirement to notify the public in the event of a data breach.
'Penalties for violations are also still low. These weaknesses undermine public confidence and highlight the need for continuous improvements in our regulatory environment.
'Public trust is not just a legal issue; it's also about communication,' he said.
Meanwhile, SME Association of Malaysia president Chin Chee Seong emphasized that most people still don't understand how their data is collected, stored, or used.
'Most of us don't take privacy seriously when sharing personal data,' he said.
Chin Chee Seong
He noted that many Malaysians share personal information without fully understanding the implications.
As a result, public reactions can lean toward suspicion even if a data initiative is designed with proper safeguards.
Chin believes the government must be more proactive in educating the public about data practices—not just explaining what is collected and why, but also how data is collected and protected.
'The government must clearly state what data is being collected and shared between agencies,' he suggested.
'Explain to the people how their data is used and do so through trusted channels.'
Chin said official channels, including mainstream media, should be utilised to ensure consistent and transparent communication.
A lack of public understanding doesn't mean people don't care, it actually shows that Malaysians are becoming more aware and want to defend their digital rights, he explained.
'This awareness is a positive development and should be supported through policy, education, and open dialogue.
'The government should view public concerns not as resistance, but as an opportunity to strengthen the social contract with the people,' he said.
Chin said involving the public in digital policy discussions reinforces the government's role as the guardian of personal data.
Data collection only when necessary, proper data anonymization, and secure storage should be standard practices and not exceptions, he added.
'Furthermore, during emergencies, access to anonymized digital data can save lives.
'During floods, pandemics, or national security incidents, information about population movement or network congestion can help authorities mobilize resources more effectively,' he explained.
However, Chin emphasized that such access should only occur under clearly defined circumstances, not as a regular practice.
'Some data, such as that collected by the National Registration Department (NRD), can be accessed during emergencies, but only in specific cases and not as a routine,' he said, adding that emergency protocols must be accompanied by strict limits and monitoring.
Chin warned that if data surveillance becomes the norm without legal checks and public accountability, it could gradually erode privacy rights.
'Striking a balance between security and privacy isn't easy, and there is no one-size-fits-all solution. Each society must define its own standards based on its values, legal culture, and technological context.
'What is clear is that openness, accountability, and public participation are non-negotiable principles. Digital governance is about ethics, rights, and trust,' he stressed.
In this context, Chin said MCMC's data initiative should not be seen as a threat but as a catalyst for more meaningful discussions on data, privacy, and Malaysia's digital future.
'There are no easy answers as it's a delicate balance. But continuous transparency and public education are absolutely crucial,' said Chin.
Moving forward, he said, Malaysia must invest not just in digital infrastructure, but also in public literacy and regulatory maturity.
Laws like the PDPA, he said, need to be reviewed and updated to include government agencies, mandate breach notifications, and introduce stronger enforcement powers.
At the same time, educational campaigns should help people understand the difference between metadata and sensitive personal data, and how data anonymization protects individual identities.
'Only when Malaysians are equipped with knowledge and confidence can the nation truly embrace digital transformation without compromising civil rights.
'In conclusion, the debate around MCMC's data initiative is not just about telco records or statistics, it's about the kind of digital future we want to build. Trust, transparency, and security must go hand in hand.
'When these elements align, Malaysia will not only be a connected nation but also an informed and empowered society,' said Chin. Data Collection Digital Governance MCMC Metadata privacy telecommunications
