Following the public consultation in 2024, the Personal Data Protection Commissioner has now issued the Personal Data Protection Guideline on Cross Border Personal Data Transfer (Guideline).
The Guideline provides guidance on the operationalization of section 129 of the Personal Data Protection Act 2010 and sets out specific responsibilities of data controllers when transferring personal data to any place outside Malaysia.
The Malaysian Personal Data Protection Department recently published three public consultation papers to gather feedback on proposed guidelines on (i) data protection impact assessments, (ii) data protection by design and (iii) automated decision-making and profiling. The guidelines are part of a set of seven guidelines that are being (and have been) developed to complement the Personal Data Protection Act 2010 (PDPA), as announced by Digital Minister Gobind Singh Deo in January last year.
Since the coming into force of Malaysia Cyber Security Act 2024 (“CSA”) on 26 August 2024, there have been substantial developments in the landscape in the past few months.
The Malaysian Communications and Multimedia Commission (MCMC) has announced that it is holding a public consultation on the draft Code of Conduct (Best Practice) for Internet Messaging Service Providers and Social Media Service Providers (“Draft Code of Conduct”).
The objective of the public consultation is to collect public opinion on the Draft Code of Conduct, which outlines the best practices for applications service provider class licence holders who offer Internet messaging and social media services in Malaysia to address harmful online content and other relevant conduct requirements.
Malaysia’s Cyber Security Bill 2024 was passed by both houses of the Malaysian Parliament on 27 March 2024 (Dewan Rakyat) and 3 April 2024 (Dewan Negara) respectively. Subsequent to its Royal Assent on 18 June 2024 and publication in the Official Gazette on 26 June 2024, the Malaysia Cyber Security Act 2024, together with four subsidiary regulations, came into force on 26 August 2024.
Following the passing of the Personal Data Protection (Amendment) Bill 2024 by the Malaysian Parliament in July 2024, three public consultation papers have been issued in relation to the implementation of the following impending new legal obligations:
The deadline to provide feedback is 6 September 2024 (Friday).
The Malaysian Communications and Multimedia Commission (“MCMC”) has announced its intention to introduce a new licensing regime for social media services and internet messaging services on 1 August 2024, with enforcement effective from 1 January 2025 onwards.
Under the current licensing framework, social media services and internet messaging services are exempted from the licensing requirement under the Communications and Multimedia Act 1998 (“CMA”) pursuant to the Communications and Multimedia (Licensing) (Exemption) Order 2000.
The long-awaited Personal Data Protection (Amendment) Bill 2024 has now been made publicly available. Among the key changes it seeks to introduce are: direct obligations for data processors, mandatory data breach notification, requirement to appoint data protection officer(s), new data subject rights on data portability, an expanded definition of sensitive personal data, and a general legal basis for cross-border transfers.
The Malaysia Cabinet has approved the proposed amendments to the Personal Data Protection Act 2010 (Act 709). These amendments are expected to be tabled in the current Parliamentary session taking place up until 18 July 2024.
Proposed licensing of social media and internet messaging services providers and a new draft bill on digital safety – these are some of the recent updates in the online content space for Malaysia.