Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


II. Legal framework

Constitutional Protections for Privacy

The Malaysian constitution does not provide for the protection for privacy, although it provides for other related rights, including rights to assembly, speech and association  (Article 10) and freedom of movement (Article 9). However, legislation is in place to negate the above provisions in the event of a threat to public order.

Article 5 (1) of the Constitution provides that "No person shall be deprived of his life or personal liberty save in accordance with law." In 2010, Federal Court Judge Gopal Sri Ram ruled in the case of Sivarasa v Badan Peguam Malaysia & Anor that the right to personal liberty includes right to privacy. The case was in relation to the lawyer Sivarasa Rasiah holding office in both the Bar Council Malaysia and also in a political party, Parti Keadilan Rakyat (PKR).

Statutory Protections for Privacy

The Communications and Multimedia Act (CMA) disallows unlawful interception of communications, and also stipulates rules for searches of computers, access to encryption keys. It also provides the police with the authority to intercept communications without a warrant if a public prosecutor believes a communication is likely to contain information relevant to an investigation.

Although this law is in place, enforcement is another issue altogether. While the police may use the CMA to aid them, they are also known to ignore it altogether, due to the existence of other laws such as the all-powerful Internal Security Act, and the Computer Crimes Act.

There are other laws in Malaysia that have an impact on privacy, including the Anti-Corruption Act and the Companies Act. Under the former, the Attorney General can authorize searches as well as wiretapping and interception in cases where it is deemed warranted.

Supervisory Authority for Privacy Laws and Complaints

The Personal Data Protection Act (PDPA) provides for a commission as an advisory body to handle complaints or queries arising out of the Act, but has not yet been established.  The commission will be headed by a commissioner who will be someone who is trained in interrogation techniques and cross-examinations in court proceedings. The PDPA works on the premise that personal data cannot be processed without the consent of data subject. There are a few basic principles that this would cover: the notice and choice principle (according to which the data user should inform the data subject that his data is being processed and will be used), the disclosure principle (data processed cannot be used for other purposes), the retention principle (personal data should not be kept for longer than necessary), the data integrity principle (the data user must take reasonable steps to ensure that personal data is accurate, complete, kept up-to date and not misleading) and the security principle (the data user should take practical steps to protect the personal data from any loss, misuse, modification, unauthorised or accidental access or disclosure, alteration or destruction).

Freedom of Information Laws

Until recently, Freedom of Information laws were non-existent in Malaysia. However, because of recent changes in government, Penang and Selangor states have  adopted FOI legislation. Although the laws adopted were weaker than the initial recommendations, these acts serve to declassify certain documents within the purview of the state government and make them available for public consumption. The FOI Acts ensure transparency in governance and government accountability, even though they only encompass information held by departments, local councils and entities fully owned and under full control of the state governments.

The Selangor legislation, for example, provides for the following:

  • Acknowledgment of the right to information, rather than an opportunity given by the state;
  • Establishment of an obligation to reveal information;
  • Providing for the possibility of review by the courts;
  • Establishment of a more independent State Information Board (to replace the Appeals Board);
  • A narrower list of exemptions, with a public interest override;
  • Protection from prosecution, sanctions, suit etc. for Information Officers or government officers who disclose information in good faith; and
  • A 20-year time limit for keeping information confidential.


There have been a number of cases in Malaysia related to the right to privacy. Some of those (including the cases of Chua Soi Lek, Helen Wong and Saiful Bahri) concerned the publication of photos, videotapes or other documentation of illicit activities performed by political figures.