CYBERJAYA — The mobile phone data used by the Malaysian Communications and Multimedia Commission (MCMC) for policy planning is already anonymised at the network provider level and cannot be used to identify individuals, the agency said today amid ongoing concerns about personal data privacy.
MCMC deputy managing director Datuk Zurkarnain Mohd Yasin said data shared through the Mobile Phone Data (MPD) initiative is stripped of all personally identifiable information (PII) — such as names, IC numbers, and addresses — before it even reaches the commission.
“It’s made clear in the official letters to mobile service providers that the data must be fully anonymised. There must be no elements that could identify the account owner or individual. What we receive does not include names, IC numbers, or addresses,” he said.
“What’s collected are cell tower-level communications data — either call or internet usage — not the individual’s actual location. And even then, only anonymised data sets are sent to MCMC. We don’t want raw data.”
Zurkarnain said the MPD programme complies fully with the Personal Data Protection Act 2010, under which anonymised data is not classified as personal data. He added that only a small group within MCMC’s statistics division handles the information under strict internal controls.
He reiterated that the data cannot be used to identify individuals, either directly or indirectly, and that the initiative adheres to national laws and internationally recognised standards.
“All parameters are globally discussed and the standards have been set. Malaysia is not the only country using MPD for better policy intervention and data collection,” he said, stressing that public concerns were based on misinformation.
“From the start, this initiative was guided by the government’s and United Nations’ emphasis on respecting privacy and safeguarding personal information.”
Zurkarnain also pointed out that when the Mobile Positioning Data (MPT) system was launched, the Department of Statistics Malaysia (DOSM) had conducted media briefings and its chief statistician had made public appearances to explain the methodology — though public awareness remained limited until recent claims of misuse surfaced.
“We’re committed to upholding privacy and operating within the ambit of the law, whether under personal data protection laws or the National Statistics Act,” he said.
He also noted that Malaysia is not the only country using MPD for to gain statistics and that it was a global effort supported by United Nations agencies.
“All parameters are discussed at the international level, and standards have already been established.”
The MPT project, administered by DOSM using MPD, aims to enhance data-driven policymaking, particularly for the ICT and tourism sectors. It was approved by the Cabinet in April 2023 following a proposal by the Economy Ministry, and is also supported by the Tourism, Arts and Culture Ministry.
Also present at the briefing were MCMC Commissioner Derek Fernandez and DOSM’s National Big Data Analytics Centre (NBDAC) senior director Jamaliah Jaafar, among others.
Communications Minister Datuk Fahmi Fadzil also addressed the issue on Sunday, saying that the data collection initiative is solely intended to support the Department of Statistics Malaysia (DOSM) in producing more granular official statistics.
“The purpose is to collect data for DOSM’s official statistics. It does not contain any personal information but focuses on trends to enable us to gather more detailed information about quality, engagement levels, and the number of users in specific mukims or districts,” he was quoted as saying by Bernama.
The initiative aligns with international practices, according to MCMC, and was developed in consultation with the International Telecommunication Union (ITU) and other expert bodies.
In a statement last week, MCMC reiterated that “no Personally Identifiable Information (PII) is accessed, processed, or disclosed” through the MPD initiative, and that all mobile network operators are required to either process data within secure environments or submit anonymised outputs only.
The controversy erupted following a report which suggested that the MPD initiative raised privacy concerns — an article MCMC says has fuelled public fear based on misinformation.
Telecommunications companies, including U Mobile, Telekom Malaysia (TM), Maxis, CelcomDigi and YTL Communications, have also issued statements affirming that all data shared with MCMC is fully anonymised and handled according to legal requirements.
MCMC said it will continue engaging with the media, civil society, and the public to clarify the programme’s safeguards and ensure accurate understanding of how mobile data is handled. — June 9, 2025