For the past one month, I have been busy with writing, reading and researching. The results of which, are tremendously engaging. New facts. New discoveries. And new arguments. For the first (1st) quarter of 2010, I will be presenting two (2) papers:-
Conference 1: Malaysia Glasgow Doctoral Colloquium
Paper 1:-
Malaysia’s Data Protection Bill; Some Useful Headway From The United Kingdom (UK) And European Union (EU)
Noriswadi Ismail
MPhil/PhD Candidate
The Institute of Computer and Communications Law
The Centre for Commercial Law Studies
School of Law, Queen Mary, University of London
Abstract
In the nearest future, the Data Protection Act will take place in Malaysia’s legal regime. It is anticipated that there shall be potential compliance costs to be accommodated by the stakeholders. This paper anticipates substantive concerns that Malaysia should learn from the UK and EU. Selected case studies shall be appraised.
Summary
On 8 October 2009, there are series of online and hardcopy of highlights that surrounded data protection concerns, issues and the need for enforcements in Malaysia. Some authors, experts and critiques have rightfully opined that it is about time for Malaysia to be vigorous on this subject matter. Whilst the feedbacks are very much a triangulation, this paper shall anticipate further what and how Malaysia should endlessly learn from the UK and EU on these similar concerns. From the country’s perspective, Malaysia is not far behind from her other Association of South East Asian Nation (ASEAN)’s counterparts in giving the birth of a data protection legislation. Whilst some ASEAN’s member states legal regime are sector-specific based, self-regulatory via other existing legislations and prevalent soft-law approaches, Malaysia has to anticipate series of fundamental issues once the Data Protection Bill is in force.
Appropriately, data protection and privacy involves its actors and stakeholders. Their participation in daily activities, commerce, trade and communications are engaging – be it virtual, physical and in our real lives. Extensive virtual navigation via Web 2.0 sphere has triggered concerns to our lives today and leads to such chilling effects to all countries. Malaysia is not an exception to this effect. Potential strategies must be pre-empted for Malaysia once the Bill will be a gazetted legislation. This paper shall cursorily analyse selected cases and progressive experiences from the UK and EU within different periods of era (from 1990s to 2000 and to date), being the decade of data protection’s maturity in the UK and EU. These cases and experiences are indispensable for Malaysia’s roadmap. The author has personally opted for not paraphrasing the draft Bill or any of the UK and EU Directives. Instead, pragmatic analysis, rationales and reasons will be enlightened to support such assertions and views to support as to why Malaysia should learn from these jurisdictions and regimes.
Arguably, there are three main terms of reference that are substantiated towards this paper. First, as Malaysia is very new to this peace of legislation, a thorough overview should be inferred to disseminating potential data protection issues to the stakeholders. This is to gauge a clear apprehension on its inter-relationship with various actors and stakeholders. In this paper, the actors and stakeholders are referred to any individuals and the roles may interchangeably apply. Second, as Malaysia’s government has its own preferred approaches to focusing and retaining it’s governmental data via other existing legislation, the author shall appraise the broad analysis of the UK Freedom of Information Act 2000, that, in a way, relates and cross refers to certain intersection of data protection concerns. Third, as Malaysia has targeted 6% of annual Gross Domestic Product (GDP) by 2020, it is undeniably paramount that the growth contribution factors are derived from domestic and international trades and investments. Due to the latter, the exchanges of data, data retention, security and trans border data flows will be aggressive or maybe uncontrollable. – if due care and diligent of data protection is not adopted seriously Thus, it needs special painstaking attention by the actors and stakeholders in dealing with different data protection approaches, principles and enforcements with and amongst Malaysia’s trading partner. All of these references shall be discussed via the UK and EU’s actors and stakeholders’ experiences.
Conclusion
This paper shall be concluded via proposing a data protection strategy roadmap to Malaysian actors and stakeholders. It is hoped that the future Data Protection Commissioner or the equivalent Privacy Commissioner will be able to consider the rationales of such an adoption for Malaysia in a localised context and setting. In the second part of the conclusion, the author shall suggest proposed regional and international collaboration, networks and diffusion that relates to data protection at the regional and international foray.
Keywords: Data Protection. Privacy. Malaysia. United Kingdom. European Union.
References
Books
Chris Reed (ed), Reed and Angel: Computer Law (5th rev OUP, Oxford 2003) 417-453.
Ian J. Lloyd, Information Technology Law (OUP, Oxford 2008) 3-180.
Ian Walden, Computer Crimes and Digital Investigations (OUP, Oxford 2007).
Rosemary Jay and Angus Hamilton, Data Protection Law and Practice, (Sweet & Maxwell, 1999).
Ruth Boardman and Richard Morgan, Data Protection Strategy, (Sweet & Maxwell, 1st Edition, 2003).
Websites
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data accessed 9 November 2009.
Review of EU Data Protection Directive: Summary < http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/review_of_eu_dp_directive_summary.pdf> accessed 9 November 2009.
Paper:-
Mobile Radio Frequency Identification Technology (Mobile-RFID);
where is privacy?
___________________________________________________________________
By Noriswadi Ismail
MPhil/PhD Candidate
The Institute of Computer and Communications Law
The Centre for Commercial Law Studies
School of Law, Queen Mary, University of London
Abstract
i2010 is aimed towards the European Information Society for growth and employment. There shall also be priorities for new strategy for European information society (2010-2015). These ambitious aims are part and parcel of the digitalizing Europe vision for the next 5 years. One of the significant growths in this sphere is Mobile Commerce (M-Commerce) and Radio Frequency Identification Technology (RFID). Mobile Commerce or technically termed as M-Commerce has been deployed widely by mobile operators in their present business models. In the United Kingdom (UK) and Europe, stakeholders and consumers have had a mixed bag of responses on its effectiveness, quality of service, functionalities and liabilities. As M-Commerce evolves, Radio Frequency Identification Technology (RFID) has been put into trials within the M-Commerce environment. The main motivation is purely on convenience to the stakeholders and consumers – as the top priority list. Nevertheless, there are two main concerns surrounding this trials and deployment. First, it may spark the issue of data surveillance in a greater context. And second, it may question the issue of privacy in a broader context. This paper shall narrate potential challenges that shall be faced by mobile operators based on these concerns. Careful substantiated reasons are also outlined. At a generic level, this paper shall also touch documented trials on Mobile-RFID in selected East Asian Countries as cross border and comparative analysis. At a specific level, it shall appraise the Mobile-RFID trials and developments and proposing potential considerations within the ambit of data protection and privacy concerns in Mobile-RFID that are prevalent to the existing consultative member states of the European Union.
No comments:
Post a Comment