THE tech landscape witnessed major strides in the past year, marked by decisions that favoured consumers over companies, with these changes anticipated to make an impact this year.

Although the regulatory changes primarily unfolded in Europe, their effects are anticipated to reverberate globally, including in Malaysia.

Late last year, Apple preemptively released its first iPhone with the ubiquitous USB-C charging port instead of its proprietary Lightning connector as a result of the European Union’s common charger directive, which will come into effect later this year.

The directive designates USB-C as the “common port” for charging, to be used on all devices irrespective of brand and required not only on smartphones but also gadgets such as tablets, digital cameras, headphones, and video game consoles by Dec 28.

This marks a significant victory in terms of convenience, as the universal USB-C port allows effortless recharging and data transfer across all devices.

Dr Tan Chin Ike, associate professor and head of the School of Computing at the Asia Pacific University of Technology and Innovation (APU), says that the move will ultimately benefit the environment in the long run.

However, due to USB-C cables not being built the same, he says the support for data and power transfer may vary.

“This is going to be an interesting debate as to whether the move will generate less electronic waste or, in the short run, produce more waste as consumers discard their old Lightning cords. Personally, I have more than a dozen of these cables lying around the house,” he says.

Cross-platform compatibility will allow users to send texts across different messaging services using one account, eliminating the need for multiple accounts with different companies.

Sending a strong message

Apart from hardware, the EU also made strides in regulating the digital space with the implementation of the Digital Markets Act (DMA).

Consumers are expected to experience the impact of the Act firsthand by March 6, which serves as the deadline for chat apps owned by “gatekeepers” such as WhatsApp and Messenger to be interoperable with other third-party chat applications like Telegram and Signal.

This cross-platform compatibility will enable users on one chat platform to send texts to users on different messaging services using just one account, eliminating the need to create multiple accounts with different companies. This is also expected to promote competition and prevent monopolies.

In this context, “gatekeepers” denote the six major tech companies identified under the DMA: Alphabet (the parent company of Google), ecommerce giant Amazon, Apple, TikTok maker ByteDance, Meta (owner of Facebook, WhatsApp and Instagram), and software giant Microsoft.

The Act also mandates firms to foster a fair and competitive digital market. In addition to ensuring cross-compatibility among messaging apps, it encompasses obtaining explicit consent for advertisement tracking, preventing the unfair promotion of a company’s products on its own platform, and addressing other relevant concerns.

It also stipulates that users must not be restricted to downloading apps from only the company’s official store, and this is expected to hit Apple the hardest primarily because of its closed and tightly controlled ecosystem, often referred to as the “walled garden”.

Industry experts anticipate that the company will adapt by permitting the introduction of third-party app stores on iOS or enabling users to sideload apps using source files.

App developers would also be liberated from the commission (up to 30%) on in-app purchases imposed by Google and Apple on their app stores.

Also, last month, Epic Games, the maker of the popular Fortnite game, achieved a legal victory when a US jury ruled in its favour, concluding that Google was, in fact, a monopoly on Android.

This decision contradicted Google’s assertions of competition with the Apple App Store and other Android alternatives.

As of now, no decision has been reached regarding the actions Google will need to take in response to this ruling. However, Epic is optimistic about gaining full freedom to launch its own app store and billing system.

This would liberate it from the 15% app subscription fee and the up to 30% in-app purchase fee imposed by Google.

Ultimately, the DMA and court ruling could lead to more affordable apps and subscriptions on mobile platforms, giving consumers more options for app stores and payment services.Tan emphasises that it’s important to look at both sides of the coin.

“From a developer’s point of view, I understand the need to maximise profits as they rely heavily on microtransactions as a primary point of revenue,” he says, adding that platform providers, however, view the fee as a service for providing access to a larger user base.

The EU’s Digital Services Act (DSA), on the other hand, aims to regulate “very large” digital platforms. The Act mandates greater transparency regarding how their algorithms function, granting users the right to opt out of content recommendations.

It requires Big Tech to disclose parameters for ad targeting and necessitates the removal of illegal content (while also empowering users to report such content).

It also prohibits ads intended for children and targeting based on sexual orientation, religion, ethnicity and political beliefs.

The local legal landscape

When updating the CMA, Malaysia could look at how countries like Singapore and South Korea balance technological innovation and regulation, according to Lee. — EDWIN LEE

The country is waiting in the wings for the forthcoming revisions to the Communications and Multimedia Act 1998 (CMA) and the Personal Data Protection Act 2010 (PDPA) and a new Cyber Security Bill, all of which are expected to be introduced in early 2024.

Edwin Lee, a technology lawyer and deputy managing partner at Lee & Poh Partnership, believes that local regulators can glean valuable insights from similar policies implemented in other countries.

“When updating the CMA, Malaysia could look at how countries like Singapore and South Korea balance technological innovation and regulation.

“Both countries have robust yet flexible regulatory frameworks that encourage innovation while protecting consumer rights. This balance is crucial in areas like digital communication and media, ensuring that regulation does not stifle technological advancements,” he says, predicting that the country is likely to emulate Singapore’s Online Criminal Harms Bill.

Introduced last May, the Bill allows the Singapore government to remove and prevent the dissemination of online content suspected of being used to carry out a crime. It also empowers the authorities to disable access to a site or remove an app from a store.

Lee also sees the EU’s General Data Protection Regulation (GDPR) as a benchmark when making amendments to the PDPA.

“The EU’s GDPR is a leading framework in data protection. Malaysia can benefit from examining GDPR’s approach to consent, data subject rights, and the regulation of data processors.

“For instance, GDPR’s stringent consent requirements and the concept of ‘right to be forgotten’ (which allows one’s information to be removed from search engines and directories) could strengthen the PDPA, especially in the digital age where data privacy is paramount,” he says.

Lau highlights that oftentimes, data collectors request users' consent without distinctly specifying how their personal data will be collected, used and stored. — LAU CHER HAN

Dr Lau Cher Han, CEO of Accio Technologies, shares the opinion that the amended PDPA could enhance transparency on all fronts.

“Often, data collectors only seek our consent, but they do not clearly state how the data will be collected, used and stored.

“I also think that the enforcement of the law is sometimes unclear to consumers,” he says, citing the recent alleged data breach at Socso (Social Security Organisation).

“It is essential for companies managing sensitive personal data to undergo regular audits and disclose their findings.”Lau says transparency makes citizens aware of what actions were taken by the Personal Data Protection Department (JPDP), the consequences of the incident, and the next course of action for Socso members.

Tan also identified data protection as a significant challenge that the country must address.

Referring to a late January 2023 statement by Communications Minister Fahmi Fadzil, Tan expressed concerns about the fines imposed on 25 companies since 2017 – averaging RM24,000 each – stating that it’s a “paltry amount”.

“Compared to how much consumer data is sold and resold on the open market, one must wonder if this indeed is a deterrent. Perhaps the issue is not so much the law but the execution and implementation of the law,” he says.

Tan notes that according to Section 5(2) of the PDPA, any violation of data protection principles constitutes an offence under the Act, carrying penalties of up to RM300,000, a maximum of two years’ imprisonment, or a combination of both.

Despite these stringent penalties, Tan expresses frustration at the circulation of his personal data among telemarketers.

He hopes for the implementation of a regulation similar to the EU’s DMA in Malaysia, tailored to the local context and with better enforcement mechanisms.

He envisions a framework that empowers users to control the use of their data, coupled with more severe fines for companies that violate regulations.

Tan advocates for stricter enforcement of the PDPA that’s accompanied by stiffer penalties for breaches of data protection. — APU

He points out that firms are collecting more in-depth and broader consumer data, including “personal information, location and especially online spending and searching patterns”.

“All these are rich consumer data for any company to exploit if given the opportunity. The EU regulation requires that the collection of customers’ data be limited to only what is relevant and necessary for the gatekeeper’s purposes and nothing more.

“This is called data minimisation, and this is something that should be practised in Malaysia as well.

“There should be strong regulation to discourage companies from trading consumer data in return for value-added benefits or convenience and to state very clearly how the data would be used,” he says.

On the upcoming Cyber Security Bill, Lee suggests looking at varied approaches, such as those implemented in Singapore.

“Singapore’s Cybersecurity Act focuses on protecting critical information infrastructure (CII) across various sectors such as energy, water, banking and finance, healthcare, and transport.

“Organisations in CII sectors are required to prevent, manage, and respond to cybersecurity threats and incidents, and share information with the Cyber Security Agency of Singapore in the event of a cyberattack. This approach underscores the importance of proactive protection and information sharing,” he says.