On 2nd January 2019, the Penang state government announced that they are employing facial recognition technology costing RM12 million for its new generation of CCTV cameras to prevent crime and check on traffic offenders in the state.
In response to this, legal and constitutional experts in the country immediately voiced their concerns and said that the designated use must be regulated and not breach privacy laws.
One of the reason cited was that the country already has laws to promote and regulate the protection of personal data. The above measure by the Penang state government - biometric-based data captured by surveillance technology - should thus be included and classified as yet another form of personal data.
Communications and Multimedia Minister Gobind Singh Deo was quoted to have said in October 2018 that the government is looking to update its data protection laws, that is likely to be modelled after the European Union’s General Data Protection Regulation (GDPR), by the middle of next year to prevent data breaches.
Would this update of the data protection laws includes biometric based data?
Any proposed measure to include it would be keenly watched as it would impact future users and adopters of biometric where they need to show the system implemented improves services without unduly compromising privacy.