News and developments

“Excuse me, do you mind” The Illusive Right of Privacy in Malaysia

Introduction

The right to privacy encompasses “the right to be let alone, the right of a person to be free from unwarranted publicity and the right to live without undue interference by the government or any private individual in matters with which the public is not concerned.”1 The tenets on this right may be broken down into: informational privacy (control over personal data and communications), bodily privacy (protection against invasive procedures and exploitation of physical autonomy), territorial privacy (limits on intrusions into private spaces, such as homes and workplaces), and decisional privacy (autonomy in personal life decisions, such as family life, sexual identity, and reproductive choice).2

Internationally, privacy is entrenched as a fundamental right. Article 12 of the Universal Declaration of Human Rights (“UDHR”) provides that “no one shall be subjected to arbitrary interference with his privacy, family, home or correspondence.” Similarly, Article 17 of the International Covenant on Civil and Political Rights (“ICCPR”), expressly prohibits unlawful interference with privacy. Malaysia, although being a member and signatory, has yet to ratify the UDHR or the ICCPR into our local legislation.

Other common law jurisdictions have also developed privacy jurisprudence. In the United Kingdom, the tort of misuse of private information emerged from Campbell v MGN Ltd [2004] UKHL 22.3 In India, the Supreme Court has recognised privacy as intrinsic to the right to life and personal liberty under Article 21 of its Constitution (equivalent of Article 5(1) of the Malaysian Federal Constitution).4

Although the Federal Constitution does not expressly protect privacy, Malaysian courts have read the right to privacy into Article 5(1), and certain statutes provide limited, sector-specific protection. This article evaluates whether privacy rights truly exist in Malaysia by examining constitutional interpretation, case law, and statutory recognition.

Privacy as a Constitutional Right

Article 5(1) states: “No person shall be deprived of his life or personal liberty save in accordance with law.” The judiciary, however, has adopted a prismatic and liberal interpretation, and held that the words “life” and “personal liberty” may be expanded to include ancillary rights.5

In Sivarasa Rasiah v Badan Peguam Malaysia & Anor [2010] 2 MLJ 333, Gopal Sri Ram FCJ said in obiter that “… personal liberty in Article 5(1) includes within its compass other rights such as the right to privacy”. This paved the way for privacy to be read into Malaysia’s constitutional fabric, though not as an independent right.

The Court of Appeal in Muhamad Juzaili bin Mohd Khamis v State Government of Negeri Sembilan [2015] 3 MLJ 513 followed suit and extended this reasoning, striking down a Syariah criminal enactment that criminalised cross-dressing. The court recognised that dignity, gender identity, and privacy fall within the ambit of Article 5(1). Although later reversed on procedural grounds, the Federal Court did not disturb the substantive recognition of privacy.

In Maria Chin Abdullah v Ketua Pengarah Imigresen & Anor [2021] 1 MLJ 750, the Federal Court reiterated that unenumerated rights could be housed within Article 5(1). While the decision was primarily concerned with freedom of movement, Tengku Maimun Tuan Mat CJ (as she then was) opined that privacy forms part of personal liberty, drawing from Indian jurisprudence.

More recently, in Genting Malaysia Bhd v Pesuruhjaya Perlindungan Data Peribadi & Ors [2022] 11 MLJ 898, the High Court held that the Personal Data Protection Act 2010 (“PDPA”) must be construed harmoniously with Article 5(1), since informational privacy is constitutionally protected. The court emphasised that unjustified access to personal data (even by public officers) without necessity or proportionality would destroy privacy.

Despite these developments, the constitutional recognition of privacy remains limited as the Federal Court statements above were made in orbiter and hence, do not constitute binding judgements. Even with constitutional recognition, the right to privacy would only apply vertically against the State and not between private individuals.6

Privacy in Private Law

In contrast to constitutional law, Malaysian private law has not recognised a general tort of invasion of privacy. Instead, plaintiffs typically frame privacy-related claims under existing heads of liability such as breach of confidence, defamation, or nuisance.7

The early position was restrictive. In Ultra Dimension Sdn Bhd v Kook Wei Kuan [2001] MLJU 751, the High Court held that English common law (applicable – in some circumstances - under Section 3 of the Civil Law Act 1956) did not recognise privacy as an independent right and, hence, no cause of action arose from alleged invasion of privacy. This position was later reversed when the Court of Appeal in Maslinda bt Ishak v Mohd Tahir bin Osman & Ors [2009] 6 MLJ 826 (“Maslinda”) seemingly accepted the High Court’s finding on the recognition of the tort of invasion of privacy.

However, the significance of this milestone was quickly diminished when the Court of Appeal in Dr Bernadine Malini Martin v MPH Magazines Sdn Bhd & Ors [2010] 5 MLJ 755 (“Dr Bernadine”), backpedalled and shot down the seeming recognition in Maslinda by stating that it was “unfortunate” for the claimant that invasion of privacy was not an actionable wrong in Malaysia.

Hence, at present we appear to have two conflicting Court of Appeal decisions on the recognition of tort of invasion of privacy. As a result of the conflicting decisions, two lines of cases have subsequently emerged.

In Mohamad Izaham bin Mohamed Yatim v Norina bt Zainol Abidin & Ors [2017] 7 MLJ 772, the High Court followed Dr Bernadine and held the Court of Appeal in Maslinda was not called to decide on the tort of invasion of privacy hence it did not expressly or impliedly recognise invasion of privacy as an actionable wrong. Even if privacy were accepted to be actionable, it would be limited to matters of private morality and modesty only.8

In Lew Cher Phow @ Lew Cha Paw & Ors v Pua Yong Yong & Anor [2011] MLJU 1195, CCTV surveillance directed at a neighbour’s house was deemed an “unwarranted violation” of privacy and dignity. It ought to be noted that the court did not appear to have considered Dr Bernadine.

In Lee Ewe Poh v Dr Lim Teik Man & Anor [2011] 1 MLJ 835, the court held that unconsented photography of a patient’s private parts during surgery even if in accordance with standard practice amounted to an invasion of privacy, departing from the old English position. Again, the court here did not appear to have considered Dr Bernadine.

Photographs that were published in the public domain will however, not constitute invasion of privacy.9

The difference in judicial positions underscore the uncertainty of Malaysian jurisprudence on privacy, highlighting the urgent need for either legislative intervention or a definitive ruling by the Federal Court to resolve the uncertainty. Until the Federal Court delivers a definitive ruling, privacy in private law remains unsettled.

Statutory Recognition of Privacy Rights

The legislature has addressed privacy indirectly through sector-specific legislation, but no general privacy law exists to date.

a. Personal Data Protection Act 2010

The PDPA regulates the processing of personal data in commercial transactions.10 It grants data subjects rights of access, correction, and withdrawal of consent. The privacy protection afforded is subject to limitations - it does not apply to federal or state governments,11 nor to personal or household activities. This exemption of federal and state governments is significant since the federal and state governments are the largest collector of personal data. The enactment of the Data Sharing Act 2024 intensifies concerns that state surveillance may expand without robust safeguards.

Further, the PDPA does not grant individuals private enforcement rights to address personal data related privacy concerns.12

b. Penal Code

Section 509 criminalises words or gestures intended to insult modesty or “intrude upon the privacy” of a person, encompassing acts such as non-consensual photography/videography and the dissemination thereof.

For instance, in Pendakwa Raya v Nor Hanizam bin Mohd Noor [2019] MLJU 638, the court held that surreptitious video recording of a woman bathing constituted an intrusion upon privacy under section 509 and such intrusion is a serious offence.

Overall, statutory protections are fragmented and sectoral, leaving significant gaps. For instance, personal data on social media, political surveillance, or private communications which are the most vulnerable to privacy breaches may fall outside statutory protection altogether.13

Where do we go from here?

This brief analysis reveals that privacy rights in Malaysia exist in fragmented and uncertain forms. Thus, there is no hard and fast rule on the enforcement of privacy rights in Malaysia. Safeguards remain piecemeal, inconsistent, and fact-oriented. In an era of digital revolution where pervasive digital surveillance and mass data processing are more rampant than ever, this legal lacuna raises eyebrows.

It is high time for reform to be injected, either by judicial affirmation by the Federal Court of a tort of privacy or a broader reading of Article 5(1) or a legislative enactment of a comprehensive privacy statute, binding on both private actors and the State which is on par with international human rights standards.

Until then, privacy in Malaysia remains a contested and underdeveloped right, leaving individuals vulnerable to intrusion in both private and public spheres.

This article is authored by our Partners, Lee Lin Li, Ng Kim Poh, and Pupil, Wong Yun Xin. The information in this article is intended only to provide general information and does not constitute any legal opinion or professional advice.

Written by:

LEE LIN LI

Partner

[email protected]

NG KIM POH

Partner

[email protected]

WONG YUN XIN

Pupil-in-Chambers

[email protected]

1 Toh See Wei v Teddric Jon Mohr & Anor [2017] 11 MLJ 67.

2 The right to privacy and challenges: A critical review [2008] 5 MLJ cxxi; May I have some privacy please? [2022] 1 MLJ ccxxxv.

3 The tort of misuse of private information was described as “protecting an aspect of privacy”.

4 Kharak Singh v State of UP & Others 1964 SCR (1) 332.

5 Maria Chin Abdullah v Ketua Pengarah Imigresen & Anor [2021] 1 MLJ 750.

6 Beatrice a/p Fernandez v Sistem Penerbangan Malaysia [2005] 3 MLJ 681.

7 The case for the tort of privacy in Malaysia [2023] 1 MLJ xlv.

8 See also Toh See Wei v Teddric Jon Mohr & Anor [2017] 11 MLJ 67; John Dadit v Bong Meng Chiat & Ors [2015] MLJU 1961; Chan Ah Kien v Brite-Tech Berhad & Anor [2019] MLJU 2017.

9 Sherinna Nur Elena bt Abdullah v Kent Well Edar Sdn Bhd [2014] 7 MLJ 298.

10 Personal Data Protection Act 2010, S 2(1).

11 Personal Data Protection Act 2010, S 3(2).

12 Ranjan Paramalingam & Anor v Persatuan Penduduk Taman Bangsar Kuala Lumpur [2023] 2 MLRA; Tan Kok Pin v Loh Chun Hoo & Ors [2022] MLRHU 3065.

13 Between lex lata and lex ferenda: An evaluation of the extent of the right to privacy in Malaysia [2017] 4 MLJ xxix.

---------------

------------------------------------------------------------

---------------

------------------------------------------------------------

LegalTaps September 2025

Content supplied by Tay & Partners