Malaysia assures users their privacy is protected in mobile data grab
The detailed call and internet logs are supplied without any personal identifiers, communications chief insists
Malaysia’s communications regulator has assured the public that their privacy remains intact, despite a government move to hoover up data on mobile phone and internet usage as part of widening controls over online activity.
The Malaysian Communications and Multimedia Commission (MCMC) said that the data being compiled under the government’s Mobile Phone Data project was all anonymous. There were no markers to indicate the identity of users, such as names or mobile numbers.
“At the point of submission [of data by telecommunications firms] … [the information] is already anonymised,” MCMC Deputy Managing Director Zurkanain Mohd Yasin told a media briefing on Monday. “The MCMC affirms that the data from [mobile network operators] is anonymous and does not contain personal identifiers.”
Industry sources on Friday said they had been instructed to hand over detailed records of phone calls and internet usage, ostensibly to generate statistics under the project.
The telecoms companies were told to furnish detailed call and internet logs for the first three months of this year, according to a letter seen by This Week in Asia. If they failed to comply, they could be fined 20,000 ringgit (US$4,700) or jailed for six months, the commission said in the letter.
The MCMC said data collected would be limited to details like the date of calls made via local networks or mobile internet, the location of transmission towers handling the calls, and the quality of the network used, such as 4G or 5G.
So far, Celcom-Digi and Maxis, the country’s two largest mobile network operators, have submitted full reports with anonymous data. The remaining six are in the process of doing so.
“We are in full compliance with existing laws within our country, as well as standards set that have been accepted by international bodies,” Zurkarnain said.
Experts, however, have warned that any mass collection of data must come with strictly enforced data and cybersecurity measures – more so given the government’s poor record of data security.
In one of the worst cases, the personal data of 22.5 million Malaysians was stolen from government servers in 2022 and sold on the dark web.
Others have raised fears of the creep of a surveillance state.
“This smells like unethical practice. For official statistics or not, you should ask the user’s permission. Not via telco or [mobile network operators],” read a comment on a social media post about the issue.
Zurkarnain said the project was still at the pilot stage. “We want to show that everything is in order and that the data is truly anonymous,” he said.
“Once we build confidence internally, and are assured that it is secure, then we can go to the public and give assurances that we have taken the necessary steps to make sure their data is safe.”
