Earlier this week, Comparitech, a British technology website, published its assessment of privacy protection and state surveillance in 47 countries to examine where governments are failing to protect privacy or are creating surveillance states. The assessment was made based on several criteria, which included constitutional and statutory protection, privacy enforcement and government access to data.
Out of the 47 countries, Malaysia was ranked in the bottom five, with a score of 2.64 out of five points for having "some safeguards but weakened protections". The main contentions against Malaysia are that more in-depth privacy laws are required to adapt to technological advances, the mandatory national ID poses data exposure risks, the government is able to share personal data between agencies without constraint and that there have been multiple large data breaches in the country.
Admittedly, there are some gaps in Malaysia's Personal Data Protection Act 2010 ("PDPA"), including that it only applies if personal data is processed for commercial transactions. Further, there is a blanket exemption for the government, which means that the government would not need to comply with the PDPA when processing personal data. That being said, the Department of Personal Data Protection has indicated its intention to amend the PDPA, for greater effectiveness.