Malaysia’s digital transformation efforts look good on paper but an access to information act is still nowhere in sight.
Malaysia is gearing up to revolutionise its digital infrastructure. In September, a private company launched a new data centre worth over US$50 million to complement existing data centres in accelerating digital transformation across the country. But more needs to be done before Malaysia has something to cheer about. The country’s digital ambitions will not progress beyond buzzwords unless an Access to Information (ATI) act is enacted.
Malaysia’s Digital Economy Blueprint, launched in 2021, details the country’s vision to become a regional leader in the digital economy by 2030. The blueprint recognises the need to review and amend laws including on intellectual property, competition, and internet infrastructure. However, the federal government it yet to table an ATI motion in Parliament. There is no better time for Malaysia to adopt and implement the said law if it wants to uphold the country’s democratic rights.
The Digital Economy Blueprint acknowledges open data as a requirement for digital transformation with data being an asset for innovators to develop digital solutions. The open data agenda involves proactive disclosure of data whereas an ATI law is typically a by-request disclosure.
ATI laws create a foundation for a consistent supply of data, without which, business models that rely on open data would not work. An ATI law compels the disclosure of data that relates to the public sector’s activities, including information that the government may be hesitant to share. Such data is needed by civic technologists to come up with solutions in the public interest.
An ATI law, which is also known by different names such as freedom of information (FOI) or right to information (RTI), formalises the right of people to access information held by public and in some cases private entities. It provides clear processes for people to request information and for government bodies to respond to such requests.
As of 2021, about two-thirds of countries globally have an ATI decree, whether in the form of a law or an actionable regulation. Around 91 percent of the world’s population and 96 percent of the population in the Asia Pacific live in a country with an ATI decree. Thailand, Indonesia, Timor-Leste, Vietnam, and the Philippines are among those countries. Malaysia still does not have an ATI decree at the national level.
In Malaysia, the overarching law protecting public and state information is the Official Secrets Act (OSA). The OSA provides broad authority to individual government bodies to declare information as restricted, confidential, or secret. In contrast to an ATI law that sets openness as the standard approach towards information sharing, the OSA implies restriction.
Many public servants are hesitant to share information due to legal uncertainty. In July this year, a group of 36 civil society organisations, including Greenpeace Malaysia, called for the disclosure of reports including an environmental impact assessment on a proposed durian plantation at Gunung Inas Forest Reserve, Kedah after around 1,500 villagers were displaced and three people died in a massive flood in Baling, Kedah. The flood was suspected to be linked to the land-clearing for the plantation. Responding to the tragedy, the co-chair of the Bar Council Environment and Climate Change Committee, Kiu Jia Yaw, noted that the OSA is partly the root of the problem.
“The Official Secrets Act makes it a crime for people to disclose [sensitive information], so it has become instinctive to hide information. That’s the current culture, and it’s completely dystopian”, stressed Kiu. The OSA has also been used to suppress reports related to government procurements including reports by the Public Accounts Committee (PAC).
Only two states, Selangor and Penang have an FOI law, but both state-level FOI laws have no power over the federal-level OSA. Many ATI laws around the world embody the ‘open by default’ principle by listing specific grounds on which information is exempted from disclosure such as due to privacy and security reasons. Unfortunately, both state laws also have wording that implies analogue format for information access, which is no longer appropriate for the digital age.
Meanwhile, the Personal Data Protection Act (PDPA), which is the only data privacy law in Malaysia, is very limited in its scope. It only covers data for commercial transactions and does not apply to data that is processed by the federal and state governments. Without a strong data privacy law, the risks of privacy infringement and data misuse are high.
While many stakeholders in developing countries cite privacy considerations as the obstacle to open data, these countries do not have strong privacy laws. Two scenarios then become possible: opening up data without strong privacy laws may cause harm that results in pushback and a reversal of the open data agenda. Or, privacy concerns would continue being an excuse for governments not to disclose data against the backdrop of weak privacy laws. The answer to both these scenarios is to strengthen privacy laws.
Without legislative preparedness, the country’s digital ambitions are mere buzzwords. In an increasingly digitalised society, digital threats such as loss of privacy and misuse of data are inevitable. Recently, a group of hackers claimed to have broken into the ePenyata Gaji (ePaySlip) system and threatened to sell civil servants’ personal data. Previously, a cybersecurity expert claimed that personal data of vaccine recipients was (mistakenly) published on the Ministry of International Trade and Industry (MITI)’s website before it was later taken down.
The potential harms due to the loss of privacy include psychological harm, loss of insurability and employability, and market and political discrimination. The public may be less inclined to contact government agencies if they are not confident that their data will remain confidential or if they worry that their data will be misused by the government. A more robust legal landscape would allow Malaysia to optimise its digital potential while mitigating the negative consequences of digitalisation.
Ashraf Shaharudin (@ashraf_aaas) is a PhD candidate at the Delft University of Technology, Netherlands. He receives financial support from the European Union’s Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement No 955569.
Editors Note: In the story “Your right to information” sent at: 27/09/2022 10:40.
This is a corrected repeat.