Latest news with #PersonalDataProtectionAct2010
The Star
a day ago
- Business
- The Star
Ensuring benefits for the rakyat with responsible use of mobile phone data
RECENT discussions surrounding the Malaysian Communications and Multimedia Commission's (MCMC) Mobile Phone Data Programme have stirred public debate, raising questions over privacy, cybersecurity and the government's role in data stewardship. As someone deeply involved in nation building in the areas of network infrastructure and cybersecurity, I feel it is crucial to bring technical clarity to the Malaysian public regarding this issue and separating speculation from substantiated fact. Understanding the nature of the data First and foremost, the data collected under the Mobile Phone Data Programme is aggregated, anonymised and devoid of any personally identifiable information (PII). The data only provides generalised metadata such as signal strength, network usage trends, location area codes and other non-personal metrics that can help our regulator assess mobile network performance, digital divide issues and emergency response readiness. To equate this programme with intrusive surveillance is technically inaccurate and misleading. The data points collected are no different, if not significantly less granular, than the metadata routinely collected by global platforms like Google, Apple, Meta and numerous other mobile apps for analytics, service optimisation and targeted advertising. Legal and ethical boundaries are intact The Malaysian regulator, MCMC, in line with the Communications and Multimedia Act 1998 and the Personal Data Protection Act 2010, operates within strict regulatory boundaries. This particular programme does not collect names, phone numbers, call logs, browsing history, or message contents. Generally, the participating Mobile Network Operators (MNOs) are very cautious on sharing their data yet, they have had no issues in working closely with MCMC on this project. Furthermore, access to the metadata is limited to selected analytical tools within the Commission, with no commercial or third-party exposure. This makes the dataset fundamentally different from the kind of data typically vulnerable to misuse or monetisation in commercial tech ecosystems. Strategic importance in a digital nation From a technical and policy standpoint, the Mobile Phone Data Programme is strategically very important for national digital infrastructure planning. With Malaysia advancing toward wider 5G deployments and smart city initiatives, regulators require real-time, evidence-based insights into mobile coverage, device density and population mobility to guide resource allocation, spectrum planning, and emergency readiness. For instance, during natural disasters or public health crises, such data can significantly improve our authorities' responses, enabling faster and more targeted assistance being provided to the needy. Several advanced economies, including South Korea, Finland and Estonia, have long adopted similar anonymised data programmes providing effective public benefits and without any complains about infringing on personal privacy. Addressing the misinformation ecosystem It is unfortunate that a narrative of distrust has taken root, largely fuelled by misinformation and a poor understanding of network-level data analytics. In the absence of context, the public is led to fear a 'surveillance state,' even when the technical facts clearly indicate that no such risk exists. MCMC's proactive move to engage cybersecurity experts, telcos and the public through open communication is the correct path forward. Transparency, ongoing stakeholder dialogue and third-party audits should be encouraged, not to defend against wrongdoing, but to reinforce trust in a system that is technically sound and ethically implemented. Final thoughts The integrity of our digital ecosystem must be safeguarded, not only from cyber threats but from disinformation that can undermine our national progress. The Mobile Phone Data Program is not a breach of privacy but instead, an important tool for digital nation-building, designed with checks and balances that preserves user anonymity and protects public trust. Let us not conflate good governance with intrusion, or precaution with paranoia. This part of Malaysia's digital journey uses the carefully redacted data to ensure better mobile coverage and connectivity, amongst other things, to bring better comfort and telco services to the Malaysian public. Prof Emeritus Dr Sureswaran Ramadass APAC IPv6 council chairman and Cybersecurity subject matter expert
Malaysia Dateline
3 days ago
- Malaysia Dateline
'Ensuring Benefits for the Rakyat with Responsible Use of Mobile Phone Data'
by Prof Emeritus Dr Sureswaran Ramadass, Chairman of APAC IPv6 Council & Cybersecurity Subject Matter Expert Recent discussions surrounding the Malaysian Communications and Multimedia Commission's (MCMC) Mobile Phone Data Program have stirred public debate, raising questions over privacy, cybersecurity, and the government's role in data stewardship. As someone deeply involved in nation building in the areas of network infrastructure and cybersecurity, I feel it is crucial to bring technical clarity to the Malaysian public regarding this issue and separating speculation from substantiated fact. Understanding the Nature of the Data First and foremost, the data collected under the Mobile Phone Data Program is aggregated, anonymised, and devoid of any personally identifiable information (PII). The data only provides generalised metadata such as signal strength, network usage trends, location area codes, and other non-personal metrics that can help our regulator assess mobile network performance, digital divide issues, and emergency response readiness. To equate this program with intrusive surveillance is technically inaccurate and misleading. The data points collected are no different, if not significantly less granular, than the metadata routinely collected by global platforms like Google, Apple, Meta, and numerous other mobile apps for analytics, service optimisation, and targeted advertising. Legal and Ethical Boundaries Are Intact The Malaysian regulator, MCMC, in line with the Communications and Multimedia Act 1998 and the Personal Data Protection Act 2010, operates within strict regulatory boundaries. This particular program does not collect names, phone numbers, call logs, browsing history, or message contents. Generally, the participating Mobile Network Operators (MNOs) are very cautious on sharing their data yet, they have had no issues in working closely with MCMC on this project. Furthermore, access to the metadata is limited to selected analytical tools within the Commission, with no commercial or third-party exposure. This makes the dataset fundamentally different from the kind of data typically vulnerable to misuse or monetisation in commercial tech ecosystems. Strategic Importance in a Digital Nation From a technical and policy standpoint, the Mobile Phone Data Program is strategically very important for national digital infrastructure planning. With Malaysia advancing toward wider 5G deployment and smart city initiatives, regulators require real-time, evidence-based insights into mobile coverage, device density, and population mobility to guide resource allocation, spectrum planning, and emergency readiness. For instance, during natural disasters or public health crises, such data can significantly improve our authorities' responses, enabling faster and more targeted assistance being provided to the needy. Several advanced economies, including South Korea, Finland, and Estonia, have long adopted similar anonymised data programs providing effective public benefits and without any complains about infringing on personal privacy. Addressing the Misinformation Ecosystem It is unfortunate that a narrative of distrust has taken root, largely fuelled by misinformation and a poor understanding of network-level data analytics. In the absence of context, the public is led to fear a 'surveillance state,' even when the technical facts clearly indicate that no such risk exists. MCMC's proactive move to engage cybersecurity experts, telcos, and the public through open communication is the correct path forward. Transparency, ongoing stakeholder dialogue, and third-party audits should be encouraged, not to defend against wrongdoing, but to reinforce trust in a system that is technically sound and ethically implemented. Final Thoughts The integrity of our digital ecosystem must be safeguarded, not only from cyber threats but from disinformation that can undermine our national progress. The Mobile Phone Data Program is not a breach of privacy but instead, an important tool for digital nation-building, designed with checks and balances that preserves user anonymity and protects public trust. Let us not conflate good governance with intrusion, or precaution with paranoia. This part of Malaysia's digital journey uses the carefully redacted data to ensure better mobile coverage and connectivity, amongst other things, to bring better comfort and telco services to the Malaysian public.
Borneo Post
3 days ago
- Business
- Borneo Post
Ensuring benefits for the rakyat with responsible use of mobile phone data
The Mobile Phone Data Programme is not a breach of privacy but instead, an important tool for digital nation-building. – AI IMAGE R ecent discussions surrounding the Malaysian Communications and Multimedia Commission's (MCMC) Mobile Phone Data Programme have stirred public debate, raising questions over privacy, cybersecurity, and the government's role in data stewardship. As someone deeply involved in nation building in the areas of network infrastructure and cybersecurity, I feel it is crucial to bring technical clarity to the Malaysian public regarding this issue and separating speculation from substantiated fact. Understanding the Nature of the Data First and foremost, the data collected under the Mobile Phone Data Programme is aggregated, anonymised, and devoid of any personally identifiable information (PII). The data only provides generalised metadata such as signal strength, network usage trends, location area codes, and other non-personal metrics that can help our regulator assess mobile network performance, digital divide issues, and emergency response readiness. To equate this program with intrusive surveillance is technically inaccurate and misleading. The data points collected are no different, if not significantly less granular, than the metadata routinely collected by global platforms like Google, Apple, Meta, and numerous other mobile apps for analytics, service optimisation, and targeted advertising. Legal and Ethical Boundaries Are Intact The Malaysian regulator, MCMC, in line with the Communications and Multimedia Act 1998 and the Personal Data Protection Act 2010, operates within strict regulatory boundaries. This particular programme does not collect names, phone numbers, call logs, browsing history, or message contents. Generally, the participating Mobile Network Operators (MNOs) are very cautious on sharing their data yet, they have had no issues in working closely with MCMC on this project. Furthermore, access to the metadata is limited to selected analytical tools within the Commission, with no commercial or third-party exposure. This makes the dataset fundamentally different from the kind of data typically vulnerable to misuse or monetisation in commercial tech ecosystems. Strategic Importance in a Digital Nation From a technical and policy standpoint, the Mobile Phone Data Programme is strategically very important for national digital infrastructure planning. With Malaysia advancing toward wider 5G deployment and smart city initiatives, regulators require real-time, evidence-based insights into mobile coverage, device density, and population mobility to guide resource allocation, spectrum planning, and emergency readiness. For instance, during natural disasters or public health crises, such data can significantly improve our authorities' responses, enabling faster and more targeted assistance being provided to the needy. Several advanced economies, including South Korea, Finland, and Estonia, have long adopted similar anonymised data programs providing effective public benefits and without any complains about infringing on personal privacy. Addressing the Misinformation Ecosystem It is unfortunate that a narrative of distrust has taken root, largely fuelled by misinformation and a poor understanding of network-level data analytics. In the absence of context, the public is led to fear a 'surveillance state,' even when the technical facts clearly indicate that no such risk exists. MCMC's proactive move to engage cybersecurity experts, telcos, and the public through open communication is the correct path forward. Transparency, ongoing stakeholder dialogue, and third-party audits should be encouraged, not to defend against wrongdoing, but to reinforce trust in a system that is technically sound and ethically implemented. Final Thoughts The integrity of our digital ecosystem must be safeguarded, not only from cyber threats but from disinformation that can undermine our national progress. The Mobile Phone Data Programme is not a breach of privacy but instead, an important tool for digital nation-building, designed with checks and balances that preserves user anonymity and protects public trust. Let us not conflate good governance with intrusion, or precaution with paranoia. This part of Malaysia's digital journey uses the carefully redacted data to ensure better mobile coverage and connectivity, amongst other things, to bring better comfort and telco services to the Malaysian public. * Prof Emeritus Dr Sureswaran Ramadass is Chairman of APAC IPv6 Council & Cybersecurity Subject Matter Expert Data Collection MCMC Metadata mobile data
Barnama
4 days ago
- Business
- Barnama
- Ensuring Benefits For The Rakyat With Responsible Use Of Mobile Phone Data
Opinions on topical issues from thought leaders, columnists and editors. As someone deeply involved in nation building in the areas of network infrastructure and cybersecurity, I feel it is crucial to bring technical clarity to the Malaysian public regarding this issue and separating speculation from substantiated fact. Recent discussions surrounding the Malaysian Communications and Multimedia Commission's (MCMC) Mobile Phone Data Program have stirred public debate, raising questions over privacy, cybersecurity, and the government's role in data stewardship. First and foremost, the data collected under the Mobile Phone Data Program is aggregated, anonymised, and devoid of any personally identifiable information (PII). To equate this program with intrusive surveillance is technically inaccurate and misleading. The data points collected are no different, if not significantly less granular, than the metadata routinely collected by global platforms like Google, Apple, Meta, and numerous other mobile apps for analytics, service optimisation, and targeted advertising. The data only provides generalised metadata such as signal strength, network usage trends, location area codes, and other non-personal metrics that can help our regulator assess mobile network performance, digital divide issues, and emergency response readiness. Legal and Ethical Boundaries Are Intact The Malaysian regulator, MCMC, in line with the Communications and Multimedia Act 1998 and the Personal Data Protection Act 2010, operates within strict regulatory boundaries. This particular program does not collect names, phone numbers, call logs, browsing history, or message contents. Generally, the participating Mobile Network Operators (MNOs) are very cautious on sharing their data yet, they have had no issues in working closely with MCMC on this project. Furthermore, access to the metadata is limited to selected analytical tools within the Commission, with no commercial or third-party exposure. This makes the dataset fundamentally different from the kind of data typically vulnerable to misuse or monetisation in commercial tech ecosystems. Strategic Importance in a Digital Nation From a technical and policy standpoint, the Mobile Phone Data Program is strategically very important for national digital infrastructure planning. With Malaysia advancing toward wider 5G deployment and smart city initiatives, regulators require real-time, evidence-based insights into mobile coverage, device density, and population mobility to guide resource allocation, spectrum planning, and emergency readiness. For instance, during natural disasters or public health crises, such data can significantly improve our authorities' responses, enabling faster and more targeted assistance being provided to the needy. Several advanced economies, including South Korea, Finland, and Estonia, have long adopted similar anonymised data programs providing effective public benefits and without any complains about infringing on personal privacy. Addressing the Misinformation Ecosystem It is unfortunate that a narrative of distrust has taken root, largely fuelled by misinformation and a poor understanding of network-level data analytics. In the absence of context, the public is led to fear a 'surveillance state,' even when the technical facts clearly indicate that no such risk exists. MCMC's proactive move to engage cybersecurity experts, telcos, and the public through open communication is the correct path forward. Transparency, ongoing stakeholder dialogue, and third-party audits should be encouraged, not to defend against wrongdoing, but to reinforce trust in a system that is technically sound and ethically implemented. Final Thoughts The integrity of our digital ecosystem must be safeguarded, not only from cyber threats but from disinformation that can undermine our national progress. The Mobile Phone Data Program is not a breach of privacy but instead, an important tool for digital nation-building, designed with checks and balances that preserves user anonymity and protects public trust. Let us not conflate good governance with intrusion, or precaution with paranoia. This part of Malaysia's digital journey uses the carefully redacted data to ensure better mobile coverage and connectivity, amongst other things, to bring better comfort and telco services to the Malaysian public. --BERNAMA Prof Emeritus Dr Sureswaran Ramadass is the Chairman of APAC IPv6 Council & Cybersecurity Subject Matter Expert
The Star
18-06-2025
- The Star
‘Collection of metadata poses risks'
PETALING JAYA: Like puzzle pieces scattered across a table, bits of digital data may appear meaningless on their own. But with enough time, as well as location and behavioural clues, a recognisable picture can emerge. That is the concern raised by cybersecurity experts over a government initiative to collect anonymised mobile phone data. The Mobile Phone Data (MPD) programme, introduced by the Malaysian Communications and Multimedia Commission (MCMC), is intended to support public policy, particularly in tourism and infrastructure planning. Although authorities have emphasised that the data excludes names and identification numbers, experts warn that by combining the anonymous data with other metadata such as tower location, timestamps and user behaviour, it could still expose individuals to reidentification and cyber threats. According to AI Society president Dr Azree Shahrel Ahmad Nazri, even coarse location data such as cell tower logs can be used to build a person's detailed behavioural profile. 'From just a few days of movement data, researchers can predict who you are with over 90% accuracy,' he claimed when contacted. 'This is why metadata is not truly anonymous.' MCMC, in a media briefing last week, clarified that IMEI numbers and SIM card IDs were not among the data fields requested. However, Azree Shahrel cautioned that even without those identifiers, centralising metadata still poses significant cybersecurity risks. He also warned that such repositories could become high-value targets for hackers, cybercriminals or foreign actors. 'If breached, this data could form a detailed map of user routines, enabling highly targeted attacks or surveillance,' he said. He suggested that persistent identifiers, such as anonymised mobile numbers, be replaced with session-based tags, and that precise timestamps be aggregated to reduce the risk of tracking individuals. Universiti Malaysia Sarawak lecturer Chuah Kee Man echoed those concerns, pointing out that the MPD does not currently violate the Personal Data Protection Act 2010 (PDPA), as anonymised metadata and government agencies fall outside its scope. However, he argued that this legal blind spot still raises red flags. 'The collection is occurring without the public's explicit consent or even knowledge. 'And while it may not breach the PDPA directly, it creates ethical and legal issues surrounding the erosion of privacy rights,' he said. He warned that once data is stored at this scale, it could potentially be used for political profiling, social control or surveillance. 'The integrity of how this data is used relies entirely on those managing it – both now and in the future,' he said. He called for a shift in approach, including the principle of data minimisation, where only essential data is collected, and for the implementation of informed consent policies. 'If the government insists on collecting such data, it must demonstrate a clear need and adopt every possible measure to protect users,' he said. Cybersecurity specialist Fong Choong Fook said public concern about the MPD programme is not unfounded, especially given previous data breaches involving government-linked agencies. 'One of the most notable cases was in 2017, when the personal data of 46 million Malaysians was leaked after the MCMC outsourced work to a contractor. 'Incidents like these continue to shape public scepticism,' he said. The massive data breach in 2017, believed to affect almost the entire population of Malaysia, included lists of mobile phone numbers, identity card numbers, home addresses and SIM card data of 46.2 million customers from multiple mobile phone and mobile virtual network operators. 'Take note that the PDPA does not apply to MCMC. This means that if a data leak were to occur, MCMC would not be held liable,' he said, highlighting a gap in accountability. Fong urged the government to be transparent about the anonymisation process and to release a clear set of guidelines outlining how the data is managed, what safeguards are in place and how privacy is protected. 'There should be a publicly accessible framework, or at least a white paper that can be scrutinised by independent experts. 'We cannot continue operating in a black box,' he said.
