White Collar Crime Archive

Following the public consultation in 2024, the Personal Data Protection Commissioner has now issued the Personal Data Protection Guideline on Cross Border Personal Data Transfer (Guideline).
The Guideline provides guidance on the operationalization of section 129 of the Personal Data Protection Act 2010 and sets out specific responsibilities of data controllers when transferring personal data to any place outside Malaysia.

The Carbon Capture, Utilization and Storage Bill 2025 has been passed by the Dewan Negara and is, at the time of issuance of this client alert, pending Royal Assent. Once the Royal Assent has been provided, the Carbon Capture, Utilization and Storage Act 2025 will be enacted (CCUSA). The CCUSA establishes a robust legal and regulatory framework for CCUS cycle from carbon dioxide capture, transportation, utilization, and storage.

The Malaysian Personal Data Protection Department recently published three public consultation papers to gather feedback on proposed guidelines on (i) data protection impact assessments, (ii) data protection by design and (iii) automated decision-making and profiling. The guidelines are part of a set of seven guidelines that are being (and have been) developed to complement the Personal Data Protection Act 2010 (PDPA), as announced by Digital Minister Gobind Singh Deo in January last year.

Since the coming into force of Malaysia Cyber Security Act 2024 (“CSA”) on 26 August 2024, there have been substantial developments in the landscape in the past few months.

The Malaysian Communications and Multimedia Commission (MCMC) has announced that it is holding a public consultation on the draft Code of Conduct (Best Practice) for Internet Messaging Service Providers and Social Media Service Providers (“Draft Code of Conduct”).
The objective of the public consultation is to collect public opinion on the Draft Code of Conduct, which outlines the best practices for applications service provider class licence holders who offer Internet messaging and social media services in Malaysia to address harmful online content and other relevant conduct requirements.

Malaysia is slated to have a comprehensive framework to regulate, implement and enforce actions/initiatives that is aimed to lead towards a low-carbon economy. The Ministry of Natural Resources and Environmental Sustainability is leading the initiative for the proposed enactment of the Climate Change Act by issuing a consultation paper to obtain comments and feedback. The introduction of a Climate Change Act is the result of Malaysia’s determination to honor its commitment under the Paris Agreement and also to reduce greenhouse gas emissions in Malaysia.

Malaysia’s Cyber Security Bill 2024 was passed by both houses of the Malaysian Parliament on 27 March 2024 (Dewan Rakyat) and 3 April 2024 (Dewan Negara) respectively. Subsequent to its Royal Assent on 18 June 2024 and publication in the Official Gazette on 26 June 2024, the Malaysia Cyber Security Act 2024, together with four subsidiary regulations, came into force on 26 August 2024.

Following the passing of the Personal Data Protection (Amendment) Bill 2024 by the Malaysian Parliament in July 2024, three public consultation papers have been issued in relation to the implementation of the following impending new legal obligations:

• Notifying the Personal Data Protection Commissioner and affected data subjects for personal data breach.
• Appointing data protection officer(s).
• Effecting the data subject’s right to data portability.

The deadline to provide feedback is 6 September 2024 (Friday).

On 26 July 2024, the Ministry of Energy Transition and Water Transformation announced the introduction of the Corporate Renewable Energy Supply Scheme, set to commence in September 2024. This initiative aims to enhance corporate companies’ access to green electricity supply through an open grid access system whereby third parties can supply or purchase electricity via the grid network system with a predetermined system access charge.

The Malaysian Communications and Multimedia Commission (“MCMC”) has announced its intention to introduce a new licensing regime for social media services and internet messaging services on 1 August 2024, with enforcement effective from 1 January 2025 onwards.

Under the current licensing framework, social media services and internet messaging services are exempted from the licensing requirement under the Communications and Multimedia Act 1998 (“CMA”) pursuant to the Communications and Multimedia (Licensing) (Exemption) Order 2000.

On 12 July 2024, the Tribunal for Anti-Sexual Harassment (“Tribunal”) established under the Anti-Sexual Harassment Act 2022 (“Act”), issued its first award in a sexual harassment case involving a male employer and a female employee. This development is a timely reminder that sexual harassment cases occurring within the workplace can still be heard by the Tribunal under the Act, and that employers owe legal duties to its employees in managing workplace sexual harassment.

The long-awaited Personal Data Protection (Amendment) Bill 2024 has now been made publicly available. Among the key changes it seeks to introduce are: direct obligations for data processors, mandatory data breach notification, requirement to appoint data protection officer(s), new data subject rights on data portability, an expanded definition of sensitive personal data, and a general legal basis for cross-border transfers.

The Malaysia Cabinet has approved the proposed amendments to the Personal Data Protection Act 2010 (Act 709). These amendments are expected to be tabled in the current Parliamentary session taking place up until 18 July 2024.

The implementation of the beneficial ownership reporting obligations, administered by the Companies Commission of Malaysia (“CCM”), came into effect on 1 April 2024. These statutory and reporting requirements imposed the obligation on companies to notify the CCM of their beneficial owners via the dedicated e-BOS portal. The CCM provided a transition period of three months (from 1 April 2024 to 30 June 2024) for companies to complete this reporting obligation.

The amendments to the Occupational Safety and Health Act 1994 (OSHA) and the repeal of the Factories and Machinery Act 1967 (FMA) will come into effect on 1 June 2024.
The amendments introduce significant and wide-ranging changes to the OSHA (which incorporate provisions of the FMA). These changes include the introduction of new duties and obligations on employers and increased penalties for non-compliance.