PETALING JAYA, Aug 19: Data security experts have raised concerns over the government’s proposal to make the MySejahtera App compulsory in tracing people’s movements.
Fong Choong Fook, an IT specialist involved in testing app security for major local banks and e-commerce brands asked whether the government had done extensive testing on the app’s security.
He acknowledged that it was inevitable that the government make the app compulsory for contact tracing in the context of the Covid-19 pandemic.
“Sometimes people are not willing to fill the form (with their particulars), so it’s important for the authorities to (have such a) tracing app.
“What has the government done in terms of protecting our personal information? So far, the PDPA that we have doesn’t govern the government itself,” he said, referring to the Personal Data Protection Act (PDPA) 2010.
So the government may not be accountable for any data leak due to negligence. “We can’t do anything against the government, that’s the limitation of the PDPA.”
Fong hoped to see the government demonstrate how well it had implemented security measures to protect people’s data. “I think then the people would be more receptive towards using the app.”
Meanwhile, a privacy lawyer, Foong Cheng Leong, said the government should ensure that the data collected would only be used for contact tracing and related purposes.
He also wanted a timeline to be set for the data collected to be destroyed.
Foong called for accountability if there was misuse of the data by anyone, including civil servants.
He also raised the issue of the app’s accessibility as not everyone had a smart phone that could have the MySejahtera App installed.
Similarly, he said, not every business in Malaysia would be capable of generating the QR code to be used for the app. “Manual registration must remain to cater to a certain segment of the people.”
He added: “Instead of forcing people to use it, the government should give incentives to those who use the app. A RM50 e-wallet credit to users is a good way.”
Meanwhile, Galen Centre for Health and Social Policy CEO Azrul Mohd Khalib described making a single identification app mandatory for all citizens as reasonable to ensure that people were aware of and remained vigilant against Covid-19 infection.
However, the downside is that this may marginalise and “victimise” those who cannot afford to have mobile devices or internet data, particularly people in the lower income group.
“Those who have phones (especially older people) may not have the sort which can download apps. They could be denied access to places such as shops, markets, offices and government services. They could be prosecuted under such a law for not having the app.”
Azrul called on the government to make the effort to raise awareness about the app so that people would support its use, rather than compel them to install it.
He also agreed that the PDPA was inadequate in terms of ensuring accountability for data breaches as it excluded federal or state government entities from complying with the law.
“Therefore the government must clarify what law protects the data captured by MySejahtera. This is a legitimate concern as there have been several major data breaches over the past year, including patient data.”
The government has said it is considering making the use of the MySejahtera app mandatory and doing away with the manual registration of personal data when people access public places.
Special Functions Minister Redzuan Yusof said discussions were underway with the Attorney-General’s Chambers and the National Security Council on ways to implement the move.
Redzuan also said the MySejahtera app was part of the new culture that the government was encouraging members of the public to adopt post-Covid-19.