Celcos-sponsored SMSes sent out by Government is clear breach of Personal Data Protection Act

When winding up for the Ministry of Information, Communications and Culture during the policy stage of the Budget 2013 debate on October 16, 2012, Deputy Minister Joseph Salang revealed that BN government sent 5,782,000 Merdeka celebration invitations by SMS to members of the public via cellular service providers Celcom, Maxis, DiGi and U-mobile in late August.

In a written reply to me, Minister of Information, Communications and Culture Dato' Seri Utama Dr. Rais Yatim further revealed that the cost of sending these SMSes was RM332,599, but was borne entirely by the service providers mentioned.

Even though the SMS did not cost taxpayers a single sen, it is questionable whether the said telecommunication service providers have breached the Personal Data Protection Act 2010 which came into force in June this year.

Section 6(1)(a) of the Personal Data Protection Act states that “a data user shall not process personal data about a data subject unless the data subject has given his consent to the processing of the personal data.”

Section 6(2) of the Act also states that:

“A data user may process personal data about a data subject if the processing is necessary —

(a) for the performance of a contract to which the data subject is a party;

(b) for the taking of steps at the request of the data subject with a view to entering into a contract;

(c) for compliance with any legal obligation to which the data user is the subject, other than an obligation imposed by a contract;

(d) in order to protect the vital interests of the data subject;

(e) for the administration of justice; or

(f) for the exercise of any functions conferred on any person by or under any law.”

While Section 6(3) of the Act says:

“Personal data shall not be processed unless—

(a) the personal data is processed for a lawful purpose directly related to an activity of the data user;

(b) the processing of the personal data is necessary for or directly related to that purpose; and

(c) the personal data is adequate but not excessive in relation to that purpose.”

In short, personal data is given in confidence to telecommunications service providers for the purpose of obtaining their services and shall not be used for any other purposes without the consent of the data subject. Unsolicited SMSs may be sent only with prior agreement of the recipient. Failing which, it is a clear breach of the Personal Data Protection Act 2010, and is punishable with a fine not exceeding RM300,000 or to imprisonment for a term not exceeding two years or to both under Section 5(2) of the Act.

Besides, it is also unethical and unprofessional of the Malaysian Communications and Multimedia Commission to procure such “sponsored” services from the telecommunications/cellular service providers. It is obvious the telecommunications service providers will not say “no” to the body that regulates their industry. Instead of upholding the Personal Data Protection Act and taking firm action against content providers who spam us regularly with unsolicited SMSes, MCMC is “requesting” the service providers to spam its customers.

Malaysians have the right not to be spammed by anyone, including the telecommunications companies and our government. There is no doubt about it – this is clearly a blatant abuse of power. The BN government must be reminded that it is not above the law.

Teo Nie Ching DAP Assistant National Publicity Secretary & MP for Serdang