KUALA LUMPUR: The establishment of a Data Commission is a crucial step to ensure governance, compliance with standards and comprehensive data protection in the country, Digital Minister Gobind Singh Deo said.
He said the commission will serve as a dedicated regulatory body to address data-related risks, in line with the Digital Trust and Data Security Strategy 2026-2030 outlined under the 13th Malaysia Plan (13MP).
Currently, several functions related to data are managed by various agencies, including the Department of Personal Data Protection (JPDP), which focuses on personal data, and the National Artificial Intelligence Office (NAIO) under the Digital Ministry, which oversees AI-related aspects, but Gobind said there is a pressing need to expand oversight to cover data as a whole.
“This is where we see the importance of having a mechanism that can monitor risks and take action as we go along. We are looking at broadening the scope of data regulation, and that is why we are proposing the establishment of the Data Commission.
“We want to ensure that we have specific standards that must be followed. Rules are in place, but they also need to be enforced, and the laws must be implemented. This is already in the plan, and moving forward, I hope the Data Commission can be established soon,” he said during the question-and-answer session in the Dewan Rakyat today.
Gobind was responding to a supplementary question from Ahmad Fadhli Shaari (PN-Pasir Mas) regarding the government’s commitment to establishing a special review body or an independent committee to ensure that the use of technologies such as AI does not compromise personal data or public privacy.
He said the establishment of the Data Commission would fill the gap in the regulatory landscape by providing a fully empowered authority to handle data-related issues beyond the scope of personal data.
The commission would also create a clearer governance structure, thereby boosting public and investor confidence in the level of data security in the country, he added.
In reply to the original question from Datuk Seri Doris Sophia Anak Brodi (GRS-Sri Aman) on the government’s measures to ensure the use of AI in cybersecurity complies with ethical principles and privacy rights, Gobind said Malaysia is finalising the National AI Action Plan.
He said the plan sets out a clear governance framework that also considers the balance between security and privacy rights based on three main principles.
“The first principle is transparency and accountability, where every AI model developed must be clearly auditable. Second, privacy-by-design and security-by-design must be incorporated to protect personal data from the stage of algorithm, system and AI application design, and not added later as an afterthought.
“Third, human-in-the-loop — for now, AI cannot be given absolute power, and human control must be maintained at certain levels to prevent critical errors, discrimination and bias,” he said.
Gobind said the National AI Action Plan is being developed collaboratively and collectively, also taking into account legal aspects such as the Personal Data Protection Act 2010 (Act 709) and the Cyber Security Act 2024 (Act 854). – Bernama