This marks a new series of articles that I am writing, with the aim of providing you with a snapshot of important legal developments to keep you informed of the significant legal developments in the technology, media and telecommunications sphere in Malaysia on a quarterly basis.
Issuance of Compounding Regulations pursuant to the Personal Data Protection Act 2010
On 15 March 2016, the Commissioner issued the Personal Data Protection (Compounding of Offences) Regulations 2016 (“Compounding Regulations”). The Compounding Regulations provides a list of offences which are prescribed to be “compoundable offences”.
For offences which are compoundable, the Commissioner may offer data users an opportunity to pay a monetary penalty (which penalty can be up to half of the maximum fine stipulated in the Personal Data Protection Act 2010 (“PDPA”) within the time period stipulated in the offer. If no payment is received within the stipulated period, prosecution for the offence will be instituted against the data user.
It is important to note that only some and not all offences under the PDPA and its regulations are compoundable.
The issuance of the Compounding Regulations points to the focus of the Commissioner and the Personal Data Protection Department (“PDP Department”) moving to the next phase of implementation of the PDPA, namely investigation and enforcement. Most data users would favour the use of compounds as it is likely to reduce the penalties for not complying with the PDPA significantly, as well as save both the prosecution’s and alleged offender’s time and costs, as parties would be spared the time and expense of court proceedings.
Malaysia to step up cybersecurity measures in the capital market and national defence sectors
On 21 March 2016, the Securities Commission Malaysia (“SC”) published a consultation paper seeking public feedback on the proposed regulatory framework relating to the management of cyber security risk by capital market participants.
The SC recognises that with the increased dependency on information technology and Internet connectivity, there is a need to put in place cyber security policies and procedures to safeguard and protect the confidentiality, integrity and availability of information systems used by capital market participants.
Sound management of cybersecurity risk has been identified as a critical component to further strengthen the resilience of the Malaysian capital markets.
Towards this objective, the SC intends to introduce regulatory requirements to guide the capital market participants to achieve a certain state of cybersecurity resilience.
The SC recommends that the board of directors of capital market participants set a clear direction and give adequate priority in their respective board’s agenda for the effective management of cybersecurity risk and require their senior management to develop and implement appropriate cybersecurity frameworks (which includes policies, procedures, awareness programmes and risk reporting mechanisms) throughout their organisations.
On the defence front, the Deputy Defence Minister Datuk Seri Mohd Johari Baharum, during his keynote address at the Cyber Security Conference in conjunction with the 15th Defence Services Asia Exhibition and Conference on 20 April 2016, proposed a three-pronged approach to enhance cybersecurity in Malaysia.
The three-pronged approach consists of:
- reorientation of the design philosophy of the Information Communications Technology (ICT) systems, in particular focusing on cyber defence systems to ensure all computing systems reflect uniform reliance;
- establishment of inter-disciplinary centres, specifically on the need to connect academia, the private sector, national laboratories and the government in sharing information and offering innovative and creative solutions; and
- getting the military defence and security community to provide “leadership by example” and “provide support to the national and global efforts in meeting cybersecurity challenges to the defence and security domains”.
The above announcement was made in response to the rising threat of cyber-attacks in Malaysia. Cyber Security Malaysia (a government agency tasked with being Malaysia’s Cyber Security Reference and Specialist Centre) reported that 11,900 cybersecurity-related cases were recorded in 2015, as compared to only 1,038 cases recorded in 2007, which may lead to some legislative reforms to bolster and/or to introduce new legislation that deals with cybersecurity threats to Malaysia’s critical information infrastructure.
Land Public Transport Commission to regulate ride-sharing and taxi-booking apps by Q4 of 2016
Following an endorsement by the Special Economic Committee chaired by the Prime Minister of Malaysia, ride-sharing and taxi-booking apps such as Uber and Grab may be subject to a new regulatory framework to be introduced by the Land Public Transport Commission (“SPAD”) by Q4 of 2016.
This proposal was made in response to the rising tide of a new form of competition introduced by these third party ride-sharing and taxi-booking apps and complaints filed by the incumbent taxi companies.
Although no draft of the regulatory framework has yet been circulated, it is understood that for the conventional taxi industry, a profit-sharing concept or guaranteed percentage of the day’s income for the taxi drivers will be introduced.
For the private car drivers, they would be required to obtain a public service vehicle license and register themselves with SPAD for vetting purposes, before they are allowed to offer their services. Private car drivers are also required to send their vehicles for annual inspections and take up passenger insurance coverage, much like what taxi drivers are currently required to adhere to.
It is also understood that this third-party ride-sharing and taxi-booking companies may be subject to local taxation laws when the regulatory framework is introduced, as the government has realised that there is a potentially massive outflow of the Ringgit due to the widespread use of these booking apps.
Several laws, such as the Land Public Transport Act 2010, Road Transport Act 1987 and Communications and Multimedia Act 1998, will need to be amended to facilitate these new changes.
The Amendment Bills may be tabled in Parliament during its sitting in October 2016, and “if everything goes well, a new dawn of taxi industry may begin the end of the year,” SPAD chairman said.
Spectrum reallocation in the telecommunications industry
On 27 January 2016, the Prime Minister of Malaysia, Dato Sri Mohd Najib bin Razak, during the Budget 2016 recalibration, announced that spectrum for the telecommunications industry will be reallocated in a move to optimize revenue.
Following that announcement, the Malaysian Communications and Multimedia Commission (“MCMC”) announced on 1 February 2016 that the 900 MHz and 1,800 MHz frequency bands will be reallocated among the four major telecommunication operators, namely Maxis, Celcom, Digi and U Mobile for a fee for 15 years.
The MCMC explained that the four operators were chosen because they already have sufficient infrastructure to expand on for them to increase competition in the industry.
The MCMC also explained that the reallocation will provide more certainty on the length of time these four operators will have to use this spectrum and ensure that the spectrum will be used in the most efficient manner. All affected operators are required to start migrating from their existing apparatus assignments to the new spectrum assignments with full migration and implementation to be completed by 1 July 2017.
As a result of the reallocation exercise, Celcom and Maxis will see their existing spectrum being reduced while Digi and U Mobile will benefit from getting additional spectrum.
Regulating peer-to-peer lending
As part of the Securities Commission (“SC”) continued effort to nurture and facilitate market-based innovation in FinTech, the SC has recently introduced a new regulatory framework to facilitate peer-to-peer (“P2P”) lending in Malaysia.
P2P lending facilitates the raising of funds by businesses or companies from both retail and sophisticated investors through an online platform. Individuals are not allowed to seek personal financing via a P2P lending platform.
With the introduction of this new regulatory framework, investors may now use P2P lending platforms to buy securities in the form of an investment note or Islamic investment note, which are issued by businesses or companies. Once purchased, the issuer of the investment note or Islamic investment note will be obliged to pay the investors over a period of time, with interest or profits.
There is no limit imposed by the SC in relation to the number of funds an issuer may raise on a P2P lending platform.
An issuer is allowed to keep the funds raised provided that it must have at least raised 80% of its targeted amount. There is also no investment limit imposed on sophisticated and angel investors. Operators interested in operating a P2P platform may submit their application to the SC from 2 May 2016 to 1 July 2016. All P2P lending operators must be locally incorporated and have a minimum paid-up capital of RM5 million.