Government's mobile phone data grab is not harmless and Malaysians deserve a say — Woon King Chai

Malay Mail

18-06-2025

JUNE 17 — In 2018 and again in 2022, Malaysians voted for reform, demanding greater transparency, democratic rights, and a government that listens.
That is why the public backlash to recent revelations about the Malaysian Communications and Multimedia Commission's (MCMC) mobile data request has been swift and entirely justified.
According to local and international media reports, including The Edge Malaysia and South China Morning Post, MCMC issued directives to five major telcos requesting mobile phone metadata for the first quarter of 2025.
The fields listed include anonymised user IDs (MSISDN), precise date and time stamps, base station identifiers, GPS coordinates, data type (calls or internet), service type (2G–5G), and mobile country code. On paper, names or Identity Card (IC) numbers were excluded, but in practice, metadata is never truly anonymous.
What the data reveals and why it matters
Let's consider what this sample allows. A user who connects to a transmitter in Taman Tun Dr Ismail every weekday at 7.20am and another in Putrajaya at 8.45am reveals a consistent home-to-work pattern.
Add weekend connections to a location near a cancer centre or a temple, and you have sensitive behavioural data, like one's health or religious beliefs, without ever knowing the person's name.
Even if MSISDNs are masked, consistent patterns over time function like a fingerprint. When combined with public sources such as social media check-ins, delivery logs, or workplace directories, the data can be reverse-engineered and individuals re-identified. The time and location data from one's daily mobile phone use is essentially like an 'invisible IC'.
This is not hypothetical. A peer-reviewed study published in 2013 found that just four spatiotemporal points, such as where and when someone used their phone, are sufficient to uniquely identify 95 per cent of individuals in large anonymised datasets.
Four distinct location points are enough to identify most individuals because human movement patterns are highly distinctive. Just like fingerprints, each person's daily travel routine tends to follow a unique and recognisable path. In other words, location and time are as personal as a name.
These risks are compounded by the absence of legal safeguards. There is no statutory opt-out. The public was never notified, and no clear retention limits or independent oversight mechanisms have been disclosed.
Why the public reacted swiftly
The backlash to MCMC's metadata directive was immediate and cut across political, professional, and generational lines. Civil society organisations, digital rights advocates, opposition leaders, and ordinary citizens voiced strong concerns about the scale of the data requested and the manner in which it was done — quietly and without public consultation or opt-out provisions.
The move was seen as part of a worrying pattern: the use of regulatory powers without adequate transparency, oversight, or legal safeguards. Critics pointed out that the government's explanation, that the data would be used for tourism and digital infrastructure planning, did not justify the level of detail requested.
The controversy intensified when individuals who publicly questioned the programme were subjected to investigations and enforcement action, further fuelling fears that the initiative was less about planning and more about control.
To be fair, the government's intention may not be malicious. There is genuine value in data-driven policymaking. However, without credible safeguards and the absence of open dialogue, what might have been a technical data exercise quickly became a public crisis of trust.
When fear replaces trust
This incident reflects a broader erosion of democratic norms. When governments collect sensitive data without consent or consultation, people stop feeling safe. They self-censor. They avoid dissent. They begin to fear the very institutions meant to protect them.
Malaysia's international standing on civil liberties is already under scrutiny. In the 2024 World Press Freedom Index by Reporters Without Borders, Malaysia dropped to 107th place out of 180 countries, with specific concerns over growing pressure on online platforms. The Straits Times also reported a spike in content takedown requests and censorship during Prime Minister Anwar Ibrahim's first year in office.
The metadata issue cannot be separated from this broader context. When citizens are punished for speaking up, and when data is collected quietly and forcefully, public trust quickly erodes.
Reform is the only path forward
If the government is serious about reform, it must act now to restore public confidence. First, all metadata initiatives must be subject to independent technical audits. The public has a right to know what data is being collected, how long it is stored, and who has access.
People must be given the legal right to opt out of non-essential data collection.
Malaysia's Personal Data Protection Act should be extended to government bodies.
Public consultation must be institutionalised, not reactive. And above all, an independent oversight mechanism must be established — one with enforcement powers and complete political neutrality.
Finally, we must defend freedom of expression. No citizen should face investigation for raising concerns about government policy. If fear has gripped the public, it is not because of misinformation but because of silence.
The stakes are clear
This is no longer a technical matter; it is a democratic one. A country cannot claim to value liberty while quietly collecting personal data without consent. A government that wants to be trusted must first act in ways that are trustworthy.
Metadata may seem harmless to the untrained eye, but in the wrong hands or without rules, it becomes a tool of profiling, exclusion, or control. It is not the data alone that threatens us; it is the lack of oversight and the slow erosion of public voice.
Let data serve the people, not control them.
*Woon King Chai is the Director of the Institute of Strategic Analysis and Policy Research (INSAP)
** This is the personal opinion of the writer or publication and does not necessarily represent the views of Malay Mail.