Malaysia has been ranked as the fifth-worst country in terms of protecting the personal data of its citizens, a tech study shows.
In a study of privacy and surveillance of 47 countries by British tech website Comparitech, Malaysia was placed in the "some safeguards but weakened protection" category with a score of 2.64 out of five points.
Comparitech assessed the privacy protection and the state of surveillance in 47 countries to examine where governments are failing to protect privacy or are creating surveillance states.
The study gave a score per category based on a number of criteria, among which includes constitutional protection, statutory protection, privacy enforcement, data sharing, visual surveillance, identity cards and biometrics and government access to data.
It also found that the collection and retention of biometric data was being ramped up worldwide, adding that immigrants were often the most impacted by government surveillance especially when they leave or enter the country.
The study found that the worst-performing country was China (1) followed by Russia (2), India (3), and Thailand (4).
China is the only country in the "extensive surveillance" category with the study noting that its government does not protect the privacy of its citizens but also "actively invades it".
Meanwhile, the top five best-performing countries in protecting the privacy of its citizens went to Ireland (1), Norway (2), Denmark (3), Portugal (4) and France (5). The study noted that the European Union's General Data Protection Regulation (GDPR) laws helped improved privacy protection.
In its country report on Malaysia, it noted that currently only the Personal Data Protection Act 2010 (PDPA) protects the personal data of a person in the country.
"The introduction of the data protection law in 2010 did make some improvements to Malaysia's data privacy – but, as technology advances and times change, these need updating to better protect all types of data, including biometrics," it said.
The study said in Malaysia, the collection and retention of biometric data is found in a person's identification card, MyKad. It said for adults, the MyKad stored bank details and health information while for children, religion, birth and education data is stored in it.
It also said the MyKad stores data for up to 20 years but indicated that the card is only valid for 10 years.
It noted too that facial recognition technology is on the rise in Malaysia, as seen in the collaboration between Grab Malaysia and the Transport Ministry. It pointed out that there were few laws surrounding the use of facial recognition technology.
The study also said data sharing in Malaysia required written consent but the government's platform (MyGDX) facilitates intergovernmental agency data sharing.
It added that CCTV monitoring was also prevalent, adding that there were few safeguards in place.
The study also noted that Malaysia had been involved in "several large data breaches involving financial and medical details".
Malaysia has been involved in several data breaches, among which includes the massive data leak of personal details of telecommunications service providers' customers, the data leak of almost 20,000 patient records, and the personal data leak of Malindo Air customers.