Written by Fatin Ismail
The Data Sharing Act 2025 (‘the Act’) received royal assent on 5 February 2025 and to date has yet to come into force.
This new legislation marks the third major digital law tabled by the Ministry of Digital. The others include amendments to the Personal Data Protection Act 2010, and the new Cyber Security Act 2024.
The Act aims to provide for the sharing of data within the control of a public sector agency with another public sector agency.
The Act also establishes the National Data Sharing Committee, which conducts strict evaluations on applications made by respective public sector agencies and decides on whether the data requested can be shared. The evaluations will consider, amongst others, the nature of the data, the purpose for which the data is requested, the manner in which the data requested will be handled, and safeguards that will preserve the privacy and confidentiality of the said data.
In addition, the Act also outlines situations where data sharing may be denied, such as when it would reveal confidential sources, violate legal privileges, compromise national security, or if the requesting agency lacks adequate security measures.
The Act aims to support the development of artificial intelligence (‘AI’) while ensuring privacy and cybersecurity. The law also includes provisions to safeguard personal data throughout the data-sharing process. In the event of a breach, those found guilty will face penalties, which may be a fine not exceeding RM1 million, imprisonment for up to five years, or both, as outlined in the Act.
Published on 25 February 2025