Contradictheory: A buffet of personal data up for grabs?


We need to appoint an independent oversight body where people can lodge complaints if their rights to data privacy are violated. —AFP

It must have been about 25 years ago when I attended a talk about the power of integrating databases, and back then we were lucky governments hadn’t quite figured it out yet. But obviously all that has changed now.

The speaker was from Canada, and he illustrated the concept with an example: On one hand, the government struggled to catch welfare recipients who were quietly nipping across the border to work in the United States. On the other hand, it would have been trivially easy to catch them if someone just thought to cross-reference the welfare database with weekday border crossing records. 

The technology wasn’t the issue. The stumbling block was getting different government departments to cooperate. But while this was an opportunity begging to be taken, the speaker also highlighted the potential dangers: The power inherent in data sharing, when coupled with the reach and authority of national governments, could lend itself to a wide scope of abuses.

Which is precisely what is happening in the United States at the moment. Reports indicate that Elon Musk’s Department of Government Efficiency (DOGE) has equipped agents with “backpacks full of laptops, each with access to different agency systems... to combine databases currently maintained separately by multiple federal agencies”.

Why are they doing this? Because DOGE wants to collate immigration data and cross-reference it with tax records, welfare claims, and even state voting records. According to critics, they allegedly want to target immigrants not just for tracking, but possibly for persuasion, prosecution, and persecution. Civil liberties groups are sounding the alarm, pointing out that this level of cross-agency integration is ripe for abuse.

Truth is, this isn’t something new or foreign for Malaysia. Back in 2018, politician Rafizi Ramli openly discussed how his startup, Invoke, was leveraging big data to support the then Opposition candidates. Using electoral roll data, phone polls, and surveys, they constructed detailed voter profiles based on age, postcode, gender, race, and religion to create a “microtargeting” strategy to identify and win over swing voters with a 40%-60% chance of flipping.

Fast-forward to today, and the government’s interest in big data is no secret. From the MyDigital Blueprint to the freshly minted Data Sharing Act 2025, the rhetoric is all about “digital transformation” and “evidence-based policymaking”. Then in April, the Malaysian Communications and Multimedia Commission (MCMC) told telcos to hand over mobile network usage data, down to your call records, IP connections, and yes, your location coordinates.

Failure to comply could result in a fine of RM20,000 or up to six months in jail.The official line is that this is for the “generation of official statistics to support evidence-based policymaking” in the ICT and tourism sector. (Specifically, to identify the number of mobile broadband subscriptions, and to track the number of visitors and “domestic tourist trips”.)

The government assures us that all data handed over is anonymised and contains no personally identifiable information. But I’ve learned to be sceptical following alleged breaches that reportedly had data from millions of Malaysians in government databases being sold online.

Now we are to trust the authorities when they say they want the data for policymaking? It’s a bit of an overkill, like queuing up for an hour for a free plate of nasi kandar. (Which I have done before.) But why settle for a plate when you could have the whole buffet of personal information data?

A tech news website said what many of us might be thinking: “What just happened doesn’t feel like planning. It feels like surveillance.” Local technologist and computer scientist Dinesh Nair was more colourful, labelling MCMC’s explanation as (if I may paraphrase) horse excrement, noting that location data coupled with the time could be used to positively identify individuals.

This isn’t theory. We’ve known for decades how it’s possible to do “data re-identification”. In 1997, MIT computer scientist Latanya Sweeney famously cross-referenced public voter records with anonymised health data to identify then-governor of Massa-chusetts, Bill Weld. She even mailed him his own medical records as proof.

And a few years later, I was reviewing drafts of what would eventually become Malaysia’s Personal Data Protection Act (PDPA). While the PDPA was a good step forward in defining personal data rights – like requiring consent and allowing individuals to revoke it – it had one gaping hole: it doesn’t apply to government entities. Section 3(1) of the Act explicitly exempts federal and state bodies.

I was told at the time that government departments handled so much data, it would bog them down in red tape to comply. That was the official line. I suspect the unofficial thinking has evolved into: “Why would we give up control of such a rich treasure trove?”

Fixing this isn’t hard. Step one: remove the PDPA exemption for government agencies. Just cross out a paragraph. Step two: appoint an independent oversight body where people can lodge complaints if their rights are violated. The latter’s nearly in place, given that the current government has promised an Ombudsman Bill this year that could serve this very function.

At the very least, amending the Act would allow us to point to a breach and say, “That’s illegal”, instead of shrugging and saying, “Well, it’s the government. What can you do?”

Because we were warned. We just didn’t listen.

In his fortnightly column Contradictheory, mathematician-turned-scriptwriter Dzof Azmi explores the theory that logic is the antithesis of emotion but people need both to make sense of life’s vagaries and contradictions. Write to Dzof at lifestyle@thestar.com.my. The views expressed here are entirely the writer's own.

Get 20% OFF The Star Digital Access

Monthly Plan

RM 13.90/month

RM 11.12/month

Billed as RM 11.12 for the 1st month, RM 13.90 thereafter.

Best Value

Annual Plan

RM 12.33/month

RM 9.87/month

Billed as RM 118.40 for the 1st year, RM 148 thereafter.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In Living

What’s in your dog’s food? How to make sure your pet is getting quality meals
'Dutch sashimi': Getting the young to swallow herring
Winemakers on the Greek island of Santorini try to adapt to heat and drought
Common home cleaning practices that lead to hidden wear and damage
Security education should start early, especially for girls, say experts
Sunny Side Up: None of us can be blank slates
De-extinction company hatches live chicks from an artificial eggshell
Food vendors across Asia struggle over rising costs of plastic
Solar-powered charging station in central Cuba brings life to a darkened island
'Wiped out': Ukraine's bird lovers long for peaceful skies

Others Also Read