Digital Tracing and Malaysia's Personal Data Protection Act 2010 amid the Covid-19 Pandemic

Main Article Content

Olivia Tan Swee Leng
Rossanne Gale Vergara
Shereen Khan


Digital tracing is a proven effective means for the Malaysian government to trace and control the spread of COVID-19. However, the process of tracing and tracking in order to manage the spread of the pandemic have in many ways compromised personal information to third party applications. Malaysia is not the only country that uses digital tracing to manage the spread of the pandemic. Various countries have chosen different methods for digital contact tracing to manage the spread of COVID-19 and some are less respectful of privacy than others. This paper analyses Malaysia’s Personal Data Protection Act 2010 (PDPA) and its effectiveness in protecting personal data during the pandemic as Malaysians continue to utilise the contact tracing mobile applications such as MySejahtera and SELangkah. The researchers applied doctrinal research method and analysed the current Malaysian legislation on data protection. It should be noted that the PDPA does not apply in the case of government collection and would not require federal and state agencies to be transparent in their data management.

Article Details

How to Cite
Leng, O. T. S., Vergara, R. G., & Khan, S. (2021). Digital Tracing and Malaysia’s Personal Data Protection Act 2010 amid the Covid-19 Pandemic. Asian Journal of Law and Policy, 1(1), 47–62.


Adib Povera, 'CMCO to end, Replaced with RMCO until Aug 31' New Straits Times (Kuala Lumpur, 7 June 2020) <>

Akamai, 'What are the Security Risks of Cloud Computing?' <>

Asita Elengoe, 'COVID-19 Outbreak in Malaysia' (2020) 11 Osong Public Health Res Perspect <> at page 94.

Bernama 'Covid-19 Act to cushion impact of pandemic takes effect tomorrow' Free Malaysia Today (Kuala Lumpur, 22 October 2020) <>

Cristina Lago, 'The biggest data breaches in Southeast Asia' CSO Asean (18 January 2020) <>

Department of Data Protection, Malaysia <>

Department of Personal Data Protection, 'Operating Procedures for the Collection, Processing and Storage of Personal Data by Business Premises during the Conditional Movement Control Order'<>.

Department of Personal Data Protection, 'Public Consulation Paper No. 01/2020' <

Douglas Busvine, 'Germany aims to launch Singapore-style coronavirus app in weeks' Reuters (Berlin, 30 March 2020) <>

Dr Bernadine Malini Martin v MPH Magazine Sdn Bhd & Ors [2004] 5 Current Law Journal 285

EU General Data Protection Regulation (2018), OJ L 127

Fathin Ungku, 'Singapore launches contact tracing mobile app to track coronavirus infections' Reuters (Singapore, 20 March 2020) <>

Foo Yun Chee, 'EU privacy watchdog calls for pan-European mobile app for virus tracking' Reuters (Brussels, 6 April 2020) <>

Hannah Devlin, 'NHS developing app to trace close contacts of coronavirus carriers' The Guardian (London, 31 March 2020) <>

Ivan Watson and Sophie Jeong, 'Coronavirus mobile apps are surging in popularity in South Korea' CNN Business (Seoul, 28 February 2020) <>

Jinshan Hong, Rachel Chang and Kevin Varley, 'The Covid Resilience Ranking The Best and Worst Places to Be as Variants Outrace Vaccinations' Bloomberg (28 June 2021) <>

Josh Holder, 'Tracking Coronavirus Vaccinations Around the World' New York Times (12 July 2021) < >

Kementarian Kesihatan Malaysia, 'Situasi Terkini Covid-19 di Malaysia' <>

Lee Ewe Poh v Dr Lim Teik Man & Anor [2011] 1 Malayan Law Journal 835

MCMC 'Internet Users Survey 2020' <>

Maslinda bt Ishak v Mohd Tahir bin Osman & Ors [2009] 6 Malayan Law Journal 826

Mohamad Izaham bin Mohamed Yatim v Norina Binti Zainol Abidin [2015] 7 Current Law Journal 805

MyCERT, 'About us' <>

MyCERT, 'Incident Statistics' <>

MySejahtera <>

National Security Council (MKN), 'SOP PKP Recovery' <>

Personal Data Protection Act 2010 (Act 709)

Qishin Tariq, 'Govt launches pilot project to monitor spread of Covid-19 pandemic via app' The Star (6 April 2020) <>

Reuters Staff, 'Ireland to roll out voluntary phone tracker app to tackle coronavirus' Reuters (Dublin, 29 March 2020) <>

Ross McKean, Ewa Kurowska-Tober and Heidi Waem 'DLA Piper GDPR fines and data breach survey: January 2021' <>

Sivarasa Rasiah v Badan Peguam Malaysia & Anor [2010] 2 Malayan Law Journal 333, at para 6

Universal Declaration of Human Rights, Art 12

Veena Babulal and Beatruce Nita Jay, 'UiTM to probe claims of data breach' New Straits Times (Kuala Lumpur, 25 January 2019) <>

Worldometer, 'Covid-19 Coronavirus Pandemic' <>

Yimou Lee, 'Covid-19: Taiwan's new 'electronic fence' for quarantines leads wave of virus monitoring' Reuters (Taipei, 20 March 2020) <>

Zoe Low, 'Covid-19: inbound travellers from Europe, US to be issued Bluetooth quarantine wristbands at Hong Kong airport' South China Morning Post (Hong Kong, 25 March 2020) <>

'5 biggest GDPR fines so far' Data Privacy Manager <>

'China launches coronavirus "close contact detector" app' BBC News (11 February 2020) <>

'Data breach involving Malaysia, Singapore credit card details' The Star (Hong Kong, 07 March 2020) <>

World Health Organisation, 'WHO Coronavirus Disease (COVID-19) Dashboard' <>