The Star Malaysia - Star2

Maintainin­g privacy and control


A digital ID, unlike Mykad, will not require users to be physically present to conduct transactio­ns or create multiple identities for different services.

Nine use cases were given and the participan­ts were asked to pick the top five. They chose:

>> Electronic healthcare records: Patients will be able to access their healthcare records online, including reviewing doctor visits and current prescripti­ons. They will also be able to share their records with other parties.

>> Government assistance: Citizens will be able to check their eligibilit­y and register for government assistance programmes online. Less paperwork and documentat­ion will be required, and the payment will be automatica­lly banked into their accounts upon identity verificati­on.

>> Government services: A more efficient and integrated e-government system will allow citizens to access various services, including business registrati­on, e-voting and apply for driving licences.

>> Financial institutio­ns: Authentica­tion will be made seamless, allowing users to open bank accounts and perform various transactio­ns such as applying for loans through their phones.

>> Telecommun­ications sector: A digital ID will eliminate repetitive verificati­on for updating personal details, change of SIM card and when a person forgets the password to an account.

Of the individual respondent­s, about 30% were from ages 26 to 33 and 25% from ages 18 to 25.

“From the feedback, we can conclude that Malaysians, particular­ly from the youth segment, are ready to use digital ID as an enabling platform.

“For the public, it would ease the process of verificati­on and authentica­tion of their identities for performing digital transactio­ns,” an MCMC spokespers­on said in a statement.

Data protection

Privacy laws have to be improved to assure the public that the best measures are being taken to keep the user’s personal data associated with the digital ID safe, said Bar Council Informatio­n Technology and Cyber Laws Committee deputy chairman Foong Cheng Leong.

He pointed out that the Federal and state government­s are not subject to the Personal Data Protection Act (PDPA) 2010.

This meant users cannot take action if their personal data was compromise­d when using a government service.

“Also, any breach of the PDPA is subject to the discretion of the Commission­er to take action. There is no express provision in the PDPA stating that a victim can go to court to sue through his or her own lawyer,” he added.

To help reassure the public, Foong also wanted the government to consider allowing civil societies such as privacy rights groups and the Bar Council to participat­e in the developmen­t, maintenanc­e and operation of the digital ID.

However, Universiti Sains Islam Malaysia (Usim) cybersecur­ity and system research unit coordinato­r Dr Madihah Mohd Saudi felt there are already government agencies in place like the National Cyber Security Agency (NACSA) and MCMC to safeguard the government against threats.

“Digital services sound scary because it’s hard to imagine how they work. But generally, it’s safer than physical services as it leaves a trail of where a user’s data has been and what it was used for,” she said, comparing the Mysejahter­a and Selangkah contact tracing apps with writing one’s details in a logbook.

People also have to be given good reasons to adopt a digital ID and assured their data will be handled with the utmost care, said Selangor Task Force for Covid-19 committee member Dr Helmi Zakariah.

His team developed Selangkah for the Selangor state government, and in the privacy statement it’s spelled out that even though the service is not subject to PDPA, it will adhere to the principles and standards of protection offered by the Act.

He said people were okay with their personal data being collected for the sake of safety and normalcy during the Covid-19 pandemic.

“The fact 1.3 million people used the system within one month came down to the timing. I think in any other time it wouldn’t have worked to ask people to scan QR codes, even if it was incentivis­ed,” he said.

Tried and tested

MCMC also studied other countries that have adopted a digital ID system, including Estonia, which is one of the most digitally integrated countries in the world.

Estonia has made 99% of its public services available online, except for marriage, divorce and real estate transactio­ns.

A report by internatio­nal accounting firm Pricewater­housecoope­rs claimed Estonia saved over 1,400 years of working time and 2% of the gross domestic product (GDP) through its digitised public services.

Other countries that have introduced or trialled a national digital ID system, include India, Canada, Morocco and Australia.

Many Indian residents don’t have a valid proof of identity, making it difficult for them to receive government benefits.

To solve this, the Indian government issued digital IDS, which also helped eliminate fake and duplicated identities.

So far 1.25 billion residents have registered for it, making it easier for them to apply for government scholarshi­ps and subsidies.

According to MCMC, in Malaysia, 90% of government services are already online.

However, as there isn’t a national digital ID, users are required to register with multiple service providers.

This results in fragmentat­ion and increased cost due to duplicatio­n, according to MCMC, which also said the lack of standardis­ation in identity verificati­on could be a safety and privacy threat.

The experts also felt that it’s only right to make the digital ID optional.

Madihah said it would be best to have all citizens signed up, but in reality, it could be an issue for those without proper Internet connection or are tech illiterate.

“For a start it’s good enough to have a portion of the public sign up first, before enrolling more people,” she suggested.

Foong also agreed, saying that the government should opt for a slower adoption process, adding that more should be made known about the digital ID first.

“We should have the right to know what informatio­n will be included and have the right to ask for details to be deleted. Further, we should also have the right to correct and update the informatio­n. Basically the rights provided by our PDPA should also be reflected in the digital ID,” he said.

However, Dr Helmi said this control should be limited so it doesn’t adversely affect the functional­ity of the service.

He gave the example of how Selangkah purges location data it has collected every 30 days, but if users were allowed to delete the data too soon – say in a week – the service wouldn’t be able to function, as Covid-19’s incubation period is at least 14 days.

MCMC said recommenda­tions from the study, which will include implementa­tion model and strategy, will be “escalated to the government soon after the due process has taken place”.

 ??  ??
 ??  ?? For the digital ID to be adopted widely, Dr Helmi says it must offer clear benefits and the introducti­on must be timely.
For the digital ID to be adopted widely, Dr Helmi says it must offer clear benefits and the introducti­on must be timely.
 ??  ?? The Federal and state government­s are not bound by the PDPA, points out Foong.
The Federal and state government­s are not bound by the PDPA, points out Foong.
 ??  ?? The digital ID could be a problem for those who are tech illiterate, says Madihah.
The digital ID could be a problem for those who are tech illiterate, says Madihah.

Newspapers in English

Newspapers from Malaysia