By Alyssa Teoh Sher Rene
Instagram Username: alyssa_as
University: Multimedia University
To most of us, cyber laws are generalized to be laws or legislation that has been implemented to curb and combat cybercrimes. However, such generalization might not be accurate as cyber laws not only confined itself to cyber crimes per se but it also covers the relationship between computers, software and information systems (IS).
Before going in depth without discussion, Malaysia has enacted several cyber laws. For example, the widely known Computer Crimes Act 1997 was implemented to counter offences relating to the computers. Another important legislation which governs cyberlaw in our country is the Communications and Multimedia Act 1998 which provides a medium to govern all forms of communication and multimedia industries. Lastly, the Personal Data Protection Act 2010 which protects our data and information.
Though it might seem that Malaysia has an all rounded cyber law system, it might not be sufficient due to the fast pacing of Internet users in Malaysia. Interestingly, the Computer Crimes Act 1997 was enacted 24 years ago and has not been amended since then. According to Statista 2019, the number of Internet users has shot rapidly in the last few years. In 2017, there were 25.3 million Internet users in Malaysia and in 2021, there are 27.9 million Internet users.
The aforementioned numbers should definitely give a reason to our current government to enhance and amend our current ‘almost-archaic’ cyber-related laws. With the increasing number of Internet users during this pandemic era, there will be more opportunities for such cyber criminals to commit their crimes unwittingly. What more is that these cyber crimes have grown to outsmart our cyberlaw system and may even get away with the crimes ‘unscathed’. Then, the primary question one might ask is, are our current cyber laws sufficient to curb such offences?
- Computer Crimes Act 1997
The Computer Crimes Act 1997 (herein referred to as ‘CCA’) was implemented to counter offences relating to the misuse of computers. As stated above, the CCA has not been amended until now despite the rising numbers of Internet users which in turn will lead to the increasing number of Internet crimes.
The case of Toh See Wei v Teddric Jon Mohr & Anor  11 MLJ 67 clearly shows that our cyberlaw is still insufficient to curb several computer crimes. The Court dismissed the Plaintiff’s claim against the defendants based on Section 8 of the CCA which reads that a person who has in his custody or control and program, data or information which he is not authorized to have will be deemed to obtain unauthorized access to such information until contrary is proved.
The alleged claim that the defendant has hacked into the private email account of the plaintiff where he downloaded and printed out various emails sent to third parties was not proven on the balance of probabilities since there was insufficient evidence that the defendant hacked into the Plaintiff’s email. With the growth of highly sophisticated communication technology, the right to privacy will always be susceptible to abuse.
Therefore, the Computer Crimes Act might not be an all-rounded act in this sense as there are many vague and ambiguous terms in it. Besides, the standard of proof to prove a certain computer crime was not set out in detail. For example, the word hacking was not defined in the Computer Crimes Act 1997. If the CCA is not amended in the near future, there will be many more cases where the wrongdoer will be able to get away scot free due to the mere fact that there is insufficient evidence to convict them.
- Communications and Multimedia Act 1998
The Communications and Multimedia Act 1998 (herein referred to as ‘CMA’) is an act which governs the converging communication and multimedia industries in Malaysia. One of their policy objectives is to promote a high-level consumer confidence in service delivery from the industry. However, the following paragraphs might prove that such might not be an easy feat after all.
Section 233 of the CMA is a well-known provision and tool to counter cyberbullies. This provision has resulted in numerous prosecutions of the citizens. Section 233 governs the improper use of network facilities or network service. Not only that, but the Act also serves as a device to prevent any fraudulent or unauthorized access of the service and network providers.
There is a clear lack of definition for the words ‘multimedia’ and ‘industry’. This serves as a detour for the establishment of liability, responsibility and accountability to the consumers when they are seeking for some form of redress. For example, how would a consumer seek protection if they are aggrieved by such an ‘entity’ that should have been governed by the Act but is not. The ambiguousness of such terms had led to such issues.
Besides, since CMA governs communication and multimedia industries, does it include data and information that are non-electrical. If the Act were to be regulated in the strict and literal sense, then such non-electronic data and information will not be governed and those who transmit such will definitely get away since the information is not in a digital format.
One possible measure to counter this is that the Act should be amended to provide clearer and detailed criteria to match the ever-growing technological development.
- Personal Data Protection Act 2010
The last cyberlaw that I will discuss in this article is the Personal Data Protection Act 2010 (herein referred to as ‘PDPA’). PDPA protects only information and data transmitted and stored in commercial transactions and not the online community. However, it is important to note that the Government of Malaysia or state governments will not be held liable in cases where such information is leaked. This definitely incurs a setback to the whole data protection of the consumers.
In the case of CIMB Bank Bhd v Roebuck Development Sdn Bhd (In Liquidation) & Ors  MLJU 62, the court in this case held that the third-party purchaser had not given an form of consent and hence the second defendant has a duty to maintain the confidentiality of personal data which it had collected in its course of commercial activities and the disclosure of such detailed amount to a legal impediment. This case clearly outlines the crucial importance of consent when it comes to personal data or information.
Further, whether an information or data is considered to be confidential varies in each case. For instance, in the case of Chan Ah Kien v Brite-Tech Berhad & Anor  MLJU 2017, the court in this case had to inundate whether the Plaintiff’s salary falls within the definition of confidential information. The court held that the dissemination of the particulars of the plaintiff’s salary was not confidential as such was not detrimental to his being if it were to be put out there in the public domain.
In a nutshell, personal data and information concerns our privacy and safety and laws should be amended to prevent any form of data breaches.
- Thoughts and conclusion
In conclusion, even though Malaysia has passed its own cyber laws, it was heavily criticized for its lack of comprehensiveness. As such, a few amendments have been made to its provisions. However, this brings about another issue whereby the citizens claimed that if the government were to amend its cyber law provisions to suit the ever-growing technology, the need would be endless.
In my opinion, the cyber related law in Malaysia is still at an infancy stage. It is not comprehensive enough to govern cyber law issues in the modern-day era like, phishing and spam issues. Laws should be flexible enough to be able to adapt to changes and reforms to face the new world order. However, since Malaysia can be said to have a foundation in cyber-related laws, it is deemed to be a good start for the nation to propel into the information age without delay. Like what Aeschylus said, “The laws of a state change with changing times”.