How Malaysian Government Plans to Address Privacy Concerns Amidst MyDigital ID Roll out?

The Malaysian government has announced the rollout of the National Digital Identity program, named, MyDigital ID in collaboration with MIMOS, Malaysia’s National Applied Research and Development Centre. The initiative is scheduled to commence in July 2024 and the government seeks to register 10 million users by March 2023. The objective of digital identity is to serve as a personal identification tool for business and banking transactions, as well as to access government services. Furthermore, it eliminates the need to register multiple accounts for different online government platforms, allowing users to access government services using a single ID.

However, public concerns regarding the National Digital ID program have been raised, citing various data breaches affecting government applications and databases in Malaysia. As the Malaysian government promotes the extensive use of MyDigital ID, there is a growing concern about the security of citizen data, driven by data leaks in the Southeast Asian Country. Meanwhile, a recent data breach that targeted the Social Security Organization (Perkeso), a government-based social security agency, has raised concerns about data privacy.

Novem CS chief executive officer Murugason R. Thangaratnam (Malay Mail) reportedly said, “Over the years, consumers have grown skeptical about effective interoperability between systems, providers, governments, and applications.”

He added, “So, in addition to general security concerns, there is a level of distrust that a single ID will work.”

Moreover, experts suggest that the authorities must develop mechanisms in MyDigital ID to ensure protection against the system’s misuse. Following MIMOS, Malaysia’s national digital ID system sets itself apart from others as it does not record or store personal information.

What Concerns Arise in the Digital Identity Revolution?

As government bodies and other industries are shifting towards the implementation of digital ID verification technologies, privacy and security concerns prompt raised awareness, especially while accessing government services. Individuals are concerned about how their data is stored and how it is used. The preventive measures to tackle privacy concerns stress the need for the implementation of innovative digital technology that enhances both trust integrity and data protection.

The problem with government digital ID is that any data breach can impact all the citizens in a country. One of the major concerns revolves around the possibility of a data breach similar to the recent data leak incident in India’s Adhar Card. As reported by US-based cybersecurity company, Resecurity, 815 million personal records including names, addresses, contact numbers, Adhar, and passport information were leaked and offered for sale on the dark web.

Nations across the globe are taking active steps to integrate digital identity solutions in their digital public infrastructure, with a shared goal to enhance privacy and security.

Taking instance, Bhutan, a least developed country is taking active steps to integrate Self-Sovereign Identity in its digital system. This approach seeks to empower users, granting them greater control over their data. Contrary to this, Malaysia’s MyDigital ID hasn’t yet introduced SSI features, giving rise to increased concerns among the public regarding the control and security of personal data.

How Authorities are taking initiatives to address privacy concerns?

Ensuring the protection of confidential information is fundamental to the development of regulatory frameworks connected to the incorporation of digital solutions. The governments and regulatory bodies are striving to implement a digital solution that not only enhances efficiency but also ensures the privacy and security of user’s data.

Just recently, The Australian Parliament has passed ‘Identity Verification Bill 2023’ with 38 amendments. The purpose of the bill is to provide support for the operational efficiency of ID verification services. In alignment with the bill’s framework, identity verification services providers are emphasized to adhere to privacy and security guidelines. Additionally, it requires the service providers to report any unusual activity or potential breach to OAIC, the Office of the Australian Information Commissioner.

Big economies like the European Union are taking into account the ongoing data protection concerns and privacy challenges. EU has proposed to introduce a revised edition of eIDAS, named eIDAS 2.0 regulation, ‘electronic identification, authentication, and trusted devices’. The revised version intends to provide a reliable and secure digital solution accessible to all citizens. The regulation puts focus on improving both the trust integrity as well as the users’ control over their personal data.

Amidst the ongoing concerns, the UK government is playing its part to tackle privacy and security challenges. To combat benefit fraud and improve information security, the UK government has proposed amendments to the Data Protection and Digital Information Bill. The government intends to streamline the use of user data to enhance operational efficiency and amplify access to government services.

In spite of adopting innovative digital solutions and establishing data protection regulations, questions persist regarding their alignment with the intended objectives. The primary question that arises is whether these solutions can effectively mitigate data breaches and looming threats.