Following the Malaysian Communications and Multimedia Commission (MCMC)’s recent statement about its Mobile Phone Data (MPB) collection exercise, the country’s five Mobile Network Operators (MNO) have issued their respective statements to clarify its handling of customers’ data and to address privacy concerns.
The recent statements were issued after a report by South China Morning Post (SCMP) alleged that the Malaysian government had ordered telcos to hand over call and internet usage records to the MCMC.
Here’s how the respective telcos have responded:
CelcomDigi
CelcomDigi said it upholds the highest standards in customer data protection. It has data governance policies and processes built on strict adherence to the Communications and Multimedia Act, the Personal Data Protection Act (PDPA) and all relevant regulations.
It added that all matters regarding the use of customer data receive adequate management oversight under the accountability of the Data Protection Officer and are regularly reported to the Board of Directors.
For the MPD initiative, CelcomDigi said when analysis of customers’ personal data is required, they will process the requested data within their own secure environments and provide a limited sample on relevant fields comprising anonymised and aggregated output to the Commission. It stressed that they will operate under tight security protocols and in compliance with relevant data protection laws and regulations, with stringent limitations on any personal identifiable information (PII).
Maxis
Maxis said as a responsible telco, they place utmost priority on data privacy and security. It states that no personally identifiable information is accessed, processed, or shared at any stage of the MPD initiative. All data is anonymised by Maxis and processed in an aggregated manner within a secure environment, in full compliance with the PDPA.
The green telco emphasises that controls and processes are in place to ensure customers’ personal data will not be compromised, and it remains fully committed to protecting the data of all of their customers.
Telekom Malaysia (Unifi)
TM said it confirms that the data submitted to MCMC is fully anonymised and devoid of any personally identifiable information. The submission of data is carried out under strict governance and security protocol, with full compliance to applicable company policies and national laws and regulatory requirements.
TM emphasised that it remains fully committed to safeguarding safety and privacy of customer data with responsibility and integrity.
U Mobile
U Mobile highlights that privacy and protection of customers’ data is a top priority. It acknowledges the objectives of the Mobile Phone Data initiative and it remains committed to working with the MCMC while upholding the highest standards of data governance.
The orange telco says it has established policies and processes to ensure that any data shared is strictly anonymised, aggregated and handled in compliance with all appliable data protection laws and regulations.
When U Mobile share the MPD, it said at no point will Personally Identifiable Information will be shared or processed. It remains committed to safeguarding customer privacy and ensuring full regulatory compliance in all aspects of data management.
YTL Communications (Yes 5G)
YTL Communications confirms that it has complied with MCMC’s directive to submit mobile network usage record for Q1 2025 to support the mandate to use Mobile Phone Data for national statistics.
It said that in fulfilling this obligation, it has taken rigorous steps to ensure all data is anonymised prior to submission. It added that no personally identifiable information has been shared. The company remains committed to supporting national initiatives while uploading highest standards of data protection.
