‘E-hailing firms must protect data’


PETALING JAYA: Weak enforcement of the Personal Data Protection Act (PDPA) has made it vital for e-commerce firms and e-hailing providers to protect such information, according to the Bar Council.

Its Information Technology and Cyber Laws Committee deputy chairman Foong Cheng Leong said there had not been much news on the enforcement of the Act.

“There were cases of companies being fined, but high-profile cases such as the data breach involving telecommunications companies two years ago have yet to be resolved,’’ he said.

Welcoming the requirement of selfie verification on e-hailing passengers as an effective mechanism to protect the drivers, he said those concerned with data privacy breaches could not do much if they wanted to use the service.

“The onus will be on ride-sharing companies to protect their users’ personal data,” he said in an interview.

Foong’s comments were in light of the concerns over data privacy following a law introduced by the Transport Ministry in July last year, requiring passengers to submit their identity credentials upon registration with any e-hailing platform.

The Star reported on Sunday that e-hailing giant Grab has made it mandatory for passengers to submit a one-time selfie verification by July 12 in an effort to make its platform safer for both drivers and passengers.

However, the selfie verification is not an alternative to the ministry’s e-hailing regulations.

Passengers have expressed concern over possible breach and abuse of their personal data by a third party, although other e-hailing companies have been using selfies and photos of MyKad for verification before the regulation was announced.

Bar Council Personal Data Protection Committee chairman Deepak Pillai said one should always be concerned when submitting personal data online.

“They should be clear as to the organisation they are providing their personal data to, what the personal data can be used for and to whom it can be disclosed,” he said.

Pillai said such information should be provided upfront by the provider of the e-hailing services and definitely within their Privacy Notice, which is a mandatory requirement of the PDPA.

“In my own view, it is clear that the PDPA applies to all e-hailing service providers and the onus is on them to comply with the minimum security requirements set out in the Act and more.

“If there is a breach, they would be subject to complaints, investigations and penalties provided for under the Act,’’ he said.

Cybersecurity expert Fong Choong Fook said there were not many successful prosecutions on data management negligence in Malaysia.

“A good example was the telco data leak, where over 40 million phone records were exposed and traded under the dark web with no prosecution against the party at fault. That is why the general public is still sceptical about the execution of PDPA,” he said.

Get 20% OFF The Star Digital Access

Monthly Plan

RM 13.90/month

RM 11.12/month

Billed as RM 11.12 for the 1st month, RM 13.90 thereafter.

Best Value

Annual Plan

RM 12.33/month

RM 9.87/month

Billed as RM 118.40 for the 1st year, RM 148 thereafter.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In Nation

Govt agrees to review e-invoicing and EPF 2% for migrant workers
Cabinet restores TAR UMT's 10-year tax break after Dr Wee raises issue
76-year-old dies after car plunges into river in Segamat
Immigration raids two luxury residences used as transit homes for illegal immigrants
Motorcyclist killed after crashing into lorry in JB
Tanjung Embang deep-sea port to anchor Sarawak's transformation beyond 2030
Deputy Minister sets record straight following misunderstanding over abortion remarks
Government agrees to proposed amendments to strengthen Public Prosecutor's independence
Johor Immigration nabs 155 in Pandan Wholesale Market sweep
Firefighters foil theft attempt on injured teacher at Alor Gajah crash scene

Others Also Read