Search for:
Author

Kherk Ying Chew

Browsing
Kherk Ying Chew heads the Intellectual Property and Dispute Resolution Practice Groups of Wong & Partners. She has decades of experience in IP, commercial litigation, corporate compliance, information technology and Internet regulatory issues. She is ranked in Tier 1 for IP in Malaysia by Chambers Asia Pacific which has noted that Kherk Ying is "an acclaimed figure in the sector, drawing praise as a lawyer who is 'really commercial, very practical' and 'knows her subject impressively well." Asia Pacific Legal 500 inducted her into its Hall of Fame in 2021 for IP, it had commented that she is "highly respected for contentious and non-contentious work". Kherk Ying was also named in Benchmark Asia-Pacific’s Top 100 Women in Litigation for IP and Commercial Transactions (2020-2021). Kherk Ying won the Women Lawyer of the Year at the ALB Malaysia Law Awards in 2019. She is highly regarded for IP litigation, and has been named the "Best Female Lawyer in IP Litigation" by Euromoney Asia Women in Business Law Awards 2014. She is also recognised as a Tier 1 lawyer in enforcement and litigation by the World Trademark Review 1000, and ranked as a Tier 1 litigation and transactions professional by IAM Patent 1000. Kherk Ying is a registered trade mark, patent and design agent in Malaysia and the principal author of the CCH published Intellectual Property Laws of Malaysia. She is among the few selected trainers for an IP valuation course by Intellectual Property Corp of Malaysia (MyIPO) and is an accredited IP valuer by the World Trade Institute.

In a move towards regulating digital platforms, the Malaysian Communications and Multimedia Commission (MCMC) announced on 5 September 2023 that it:
a. Had been in discussions with certain online platforms to address the challenges posed by the evolving landscape of online media
b. May be seeking to introduce a regulatory framework (in the manner of Australia and Canada) to ensure that news content creators are fairly compensated by online platform providers who use their content
c. Aims to implement “rules of the road” for implementation of artificial intelligence technology (AI)

The Anti-Sexual Harassment Act 2022 passed by the Dewan Negara on 11 August 2022. On 28 March 2023, several provisions of the Act came into effect, and it is anticipated that the rest of the Act will come into effect in stages. This is a positive development to be lauded, considering that it is the first to many steps in having an anti-sexual harassment legislation in Malaysia, to increase the prevention and awareness of sexual harassment (in addition to the sexual harassment provisions in the Employment Act).

In brief
Change may be upon the horizon for data protection in Malaysia. An effort which started with a public consultation exercise in 2020 to align the Personal Data Protection Act 2010 (“PDPA”) with other data protection laws across the globe, will hopefully, translate into law in 2023 under the new Minister of Communications and Digital.

In this alert, we look back at the proposed changes to the PDPA, the latest developments under the new administration so far and what to expect in the days ahead.

In depth
A look at the recent past
The public consultation paper on the review of the PDPA issued by the Personal Data Protection Department (“JPDP”) in 2020 had identified 22 proposed improvements to the PDPA. In 2022, the then Communications and Multimedia Minister had indicated that certain amendments to the PDPA was due to be tabled with the Malaysian Parliament for approval in October 2022. Some of these include:

The requirement for data users to appoint a data protection officer
Mandatory data breach notification
Data processors being obligated to comply with the security principle under the PDPA
Introduction of data portability
Introduction of blacklisted countries such that transfers of personal data to these countries will be prohibited
(collectively, the “2022 Proposals”).

The dissolution of the Malaysian Parliament on 10 October 2022 and subsequent general election, put this on hold.

Developments in the last 90 days
On 2 December 2022, Fahmi Fadzil became the new Minister of Communications and Digital (“Minister”), with oversight of the JPDP. There has been substantial developments in this space since then, and which we highlight in more detail below.

Introduction of the General Code of Practice of Personal Data Protection (“General CoP”)

The General CoP was issued by the Personal Data Protection Commissioner (“Commissioner”) and took effect from 15 December 2022. The General CoP (which appears to apply to selected classes of data users) introduces new legal requirements to be complied with, including additional mandatory information for inclusion into personal data protection notices, and further seeks to provide best practice recommendations with respect to the implementation of principles under the PDPA and its subsidiary legislation. More information on the General CoP can be found in our previous alert.

Proposed Upgrades to the JPDP and New Cybersecurity Commission

The Minister had announced his plans of turning the JPDP into a statutory department to ensure that it has sufficient resources to tackle among others, personal data leaks and execute its functions more effectively. At present, the JPDP is merely a government department under the Ministry of Communications and Digital (“Ministry”).

There are also plans to establish a Malaysian Cyber Security Commission as a move to strengthen cyber security, with the Ministry working together with related agencies such as CyberSecurity Malaysia to set up such a commission. This proposal is currently still at preliminary stages but may be tabled with the Malaysian Parliament in June 2023.

MoU between Malaysia and Singapore on cooperation in personal data protection, cybersecurity and digital economy

In January 2023, a Memorandum of Understanding (MoU) was signed by Singapore and Malaysia to co-operate on areas of personal data protection, cybersecurity and digital economy. As part of this MoU, the countries agreed to:

An exchange of knowledge and expertise on personal data protection policies and regulations (including monitoring and reduction of cybersecurity incidents)
Facilitate the promotion of cross-border data flows (including to develop and implement the Asean Cross-Border Data Flow Mechanism under the Asean Framework on Digital Data Governance).
Amendments to the PDPA: Redux
These latest developments all provide an indication that the protection of personal data is a key focus of the Minister. Particularly, the Minister had during an interview with a local radio station highlighted that only about 20 companies had been fined for data breaches in the past six years, at RM 24,000 each on average. Lamenting this, the Minister opined on the need to review the laws related to data protection given that data is a national treasure.

Accordingly, the Minister announced that the JPDP is seeking to improve on the 2022 Proposals before tabling a draft bill to amend the PDPA. In addition to the likely retention of the 2022 Proposals, some of the proposed improvements include increasing the amount of fines and penalties against data users found to be misusing data. Timeline wise, the Minister intends to present a draft amendment bill to the PDPA, at the Malaysian Parliament before the end of 2023.

Concluding remarks
With the increasing prevalence of data breaches in Malaysia, the proposals to have an empowered JPDP (with the ability to impose higher fines), alongside a more robust PDPA framework (which requires mandatory data breach notifications), is welcomed. All organisations who process personal data may therefore wish to take pro-active steps to, assess, review and update their existing data processing policies, systems, procedures and processes, against these proposals in anticipation of it being rolled-out in the near future.

* * * * *

This client alert was issued by Wong & Partners, a member firm of Baker McKenzie International, a global law firm with member law firms around the world. In accordance with the common terminology used in professional service organizations, reference to a “partner” means a person who is a partner or equivalent in such a law firm. Similarly, reference to an “office” means an office of any such law firm. This may qualify as “Attorney Advertising” requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome.

The General Code of Practice of Personal Data Protection introduces new legal requirements to be complied with by data users caught within its ambit. It also seeks to provide best practice recommendations with respect to the implementation of principles under the Personal Data Protection Act 2010 and its subsidiary legislation.
Some of the new legal requirements include providing additional mandatory information in a personal data protection notice, complying with any data subjects’ written request not to process their personal data for direct marketing within reasonable time, maintaining a personal data system, and establishing a PDPA compliance framework.

The interim chairman of Malaysian Communications and Multimedia Commission announced that MCMC is undertaking a review of the current online content regulation and framework. This was shared following recent publication of online content deemed to be harmful to national security and harmony. He also noted that countries in the region such as Indonesia, Singapore and Australia have introduced direct regulatory oversight on social media service providers, holding them to greater accountability and responsibility when managing harmful content.

Explore Data PULSE, a platform which helps you to navigate the complex landscape of data, regulatory and IP protection concerns at each stage of the medical product life cycle. As you navigate through each key issue, Data PULSE will help you to identify and mitigate risks across multiple jurisdictions and optimize your strategy through research, market authorization and post-market study phases.

Earlier this year, the Malaysian Personal Data Protection Department released several documents to aid data users in their compliance with the Malaysian Personal Data Protection Act 2010 – these include a guide on privacy notices, new codes of practice applicable to the private healthcare industry and the water utilities industry, as well as circulars reminding prescribed classes of data users of their registration obligations.