Building public trust to unlock mobile phone data for Malaysia’s public good
MOBILE phone data (MPD) has become a focal point of debate in Malaysia. Public concerns over privacy, surveillance and consent are valid, especially in a country that has experienced high-profile data leaks.
Yet, these concerns risk overshadowing the immense potential of MPD when handled ethically, transparently and within the boundaries of the law.
MPD refers to information generated when a mobile phone interacts with a network provider’s infrastructure, from signal strength and transmission duration to general location patterns.
When properly anonymised, with personal identifiers removed, and aggregated into larger datasets, MPD cannot be traced to specific individuals. It does not reveal the content of calls, messages or browsing history. In this form, it becomes a powerful tool for the public good.
Globally, responsibly managed MPD has supported data-driven governance. During the Covid-19 pandemic, aggregated mobility data was widely used to understand population movement and inform public health responses.
In several countries, similar data has been applied to support tourism management, manage seasonal travel patterns and reduce congestion.
In Malaysia, MPD can help identify underserved communities, optimise transport routes, guide emergency response and enhance tourism strategies but only if public trust is secured.
Trust before technology
The central concern for the public is not whether MPD works but how it will be used. Without a clearly stated purpose and open communication, even well-intentioned initiatives can invite suspicion. Transparency must, therefore, be the first principle of MPD governance.
Those collecting or processing data should clearly articulate the purpose, scope and safeguards before any collection begins. If the objective is to reduce traffic congestion, improve rural connectivity or strengthen tourism planning, this should be communicated openly, supported by impact reporting and visible accountability. Such openness strengthens public confidence and reinforces compliance with the Personal Data Protection Act (PDPA).
Consent, in this context, does not mean individual approval for each anonymised dataset. Instead, it is embedded within the contractual relationship between the public and their service providers.
Telecommunications companies, bound by the PDPA, have a responsibility to safeguard subscriber data. Where third parties require access, they should receive only aggregated and anonymised datasets processed by the telcos themselves, ensuring that no personally identifiable information leaves the organisation.
Preventing misuse
Even anonymised data can be misused if handled carelessly. “Inference”, where anonymised datasets are cross-referenced with other sources, such as CCTV footage, can lead to re-identification. This is why anonymisation must be paired with aggregation. Together, these safeguards can reduce risks and protect against abuse.
Those handling MPD should position themselves as guardians of privacy, setting strict standards for anonymisation and aggregation before any data exchange takes place. This ensures that systems are designed to protect citizens, not threaten them.
International best practices increasingly emphasise privacy-by-design, independent oversight and transparency in data governance. Countries that have embedded these principles into their legal and institutional frameworks have been more successful in building public trust and enabling the responsible use of data for public benefit.
Balancing civic benefit with privacy
Some argue that anonymised, aggregated MPD does not require consent because it cannot be linked to an individual. While this may be legally defensible, public trust is not built on legal interpretations alone. If people feel excluded from decision-making or perceive selective enforcement of rules, confidence erodes.
In Malaysia, the perception that PDPA obligations apply more strictly to private companies than other entities undermines trust. For public acceptance, all parties – public or private – must be held to the same standards of transparency, accountability and fairness. Policies introduced for the public good should apply uniformly, without exception.
To further strengthen trust, oversight should be managed by an independent data privacy commission instead. Such a body would ensure equal enforcement without fear of bias, political influence or selective application of rules while signalling Malaysia’s commitment to impartial governance and the highest level of data protection.
Path forward
Strong safeguards must be non-negotiable. Anonymisation should be irreversible. Data storage and deletion protocols must be enforced. Independent audits should verify compliance. These are not merely technical measures; they are ethical commitments to use data only for its intended purpose, protect it from misuse and dispose of it responsibly.
To unlock MPD’s full potential, Malaysia must:
• publicly declare the purpose of data collection;
• ensure telcos handle anonymisation and aggregation;
• apply equal legal and ethical standards to all parties; and
• implement independent oversight for compliance.
Handled with strong safeguards and transparency, MPD can drive smarter investments, improve public services and strengthen long-term economic resilience while protecting privacy.
Malaysia’s strategic location, cultural diversity and digital ambitions offer an opportunity to lead the region in ethical big data use.
By applying fairness, openness and consistent governance, mobile phone data can shift from a source of concern to a valuable national asset, supporting better infrastructure, stronger tourism and shared prosperity.
Datuk Dr Husin Jazri has over 30 years of global experience in cybersecurity and data governance. He is an associate professor at the School of Computer Science, Faculty of Innovation and Technology and director of the Global Centre for Cyber Safety at Taylor’s University. He has founded and led major national and international cyber defence initiatives, earning the prestigious Harold Tipton Lifetime Achievement Award by ISC². Comments: letters@thesundaily.com
