Professional Documents
Culture Documents
Responsibility
User’s Data Protection in Malaysian Legal Point Of View
UK6023
Undang-undang dan Amalan Kontrak
Fakulti Undang-Undang
1
Foreword
A special thanks to my parents, husband, Mohd Edzwan, and daughter, Talya Rizainuddein
for being so understanding and an inspiration for me to succeed.
Truly most amazing friend and lecturer Dr. Jady for continually aspiring and forming an ideal
Master student of me, I thank you very much.
My classmates, Datuk Wasli (Uncle, Beliau and Boss), Attorney Halim, Mr. Harris, Puan
Herlina, Puan Azizah, Puan Rovina and Inspector Resemen, thank you very much.
I hope the production of this term paper will be a par of a Master student as required by the
Senate of Universiti Kebangsaan Malaysia.
I choose ‘Facebook’ because with a number of users through out the country including the
Prime Minister himself is bound by the “Statement” rigidity or looseness. With Facebook’s
recent popularity and user’s growth in Malaysia, an area of this study will be necessary
sooner or later. With this term paper, I intend to discuss and analyze the provisions in the
Statements of Right and Responsibility through the eyes of the Malaysian contract law as
studied in this class.
nurulalsah@yahoo.com
2
Background
Facebook was founded by Mark Zuckerberg with his college roommates and fellow computer
science students Eduardo Saverin, Dustin Moskovitz and Chris Hughes. The website's
membership was initially limited by the founders to Harvard students, but was expanded to
other colleges in the Boston area, the Ivy League, and Stanford University. It later expanded
further to include (potentially) any university student, then high school students, and, finally,
to anyone aged 13 and over. The website currently has more than 400 million active users
worldwide2.
In Malaysia alone, there are more than 6,882,940 users as of 17 June 20103 . It means that
24.3% out of the country’s population of 28,360,7004 will be subject to the Terms of Service
(TOS) which governs the relationship between Facebook and its users or others (“Users”)
who interact with Facebook. It is stated in the Statement of Rights and Responsibility
(“Statements”) that by using and accessing Facebook, the users agree to the statement.
1
Table 1 (Page 12)
2
http://www.facebook.com/press/info.php?factsheet
3
http://www.facebook.com/advertising
4
Statistic Department Malaysia – July 2009
3
Introduction
The purpose of this paper is to scrutinize the contract that governs the relationship between
Facebook and its users mainly in Malaysia. Contract over the internet (digital contract) is a
relevant issue for this term paper because the contract was signed and affirmed through
cyberspace. A digital contract, like the traditional contract, is bound by the same Contract Act
1950 where the elements5 of a contract are concerned. Digital contract’s disputes will be most
likely to be regarding the elements of a contract, of which law (legislation) applies, of which
jurisdiction (if there is a conflict of law) and whether the rights and security of data belonging
to the user is compromised6.
The fact that Facebook is open for and offered to anyone, Facebook and its user had to go
through the process of contracting over and over again. And so far, more than 400 million
have gone through the process. To save time, it has only one good-for-all kind of contract.
This type of contract is called a standard form contract or sometimes referred to as
an adhesion contract. It is the kind of contract between two parties that does not allow for
negotiation. It is often a contract that is entered into between unequal bargaining partners. An
example, when an individual customer is given a contract by the salesperson of
a multinational corporation. The customer is in no position to renegotiate the standard terms
of the contract and the company's representative usually does not have the authorization to do
so too. While adhesion contracts, in and of themselves, are not illegal per se, there exists a
very real possibility for unconscionability.
5
Offer, Acceptance, Intention to enter legal relationship, Consideration, Capacity, Certainty and Free Consent.
6
Abu Bakar Munir and Siti Hajar Mohd Yasin, Legal Issues in Cyberspace Contracting, [1997] 3 MLJ clxxxi
4
Why do buyers (users) still enter such contract with unconscionable terms? There are a
number of reasons why such terms might be accepted:
Although in the Contract Act 1950, there is no provision included for the fairness of terms in
a contract that deals specifically with the contents in the contract, Malaysia however are
contented to follow the path of the common law. As a general rule, the common law treats
standard form contracts as any other contract. Signature or some other objective
manifestation of intent to be legally bound7 will bind the signor to the contract whether or not
they read or understood the terms. The reality of standard form contracting, however, means
that many common law jurisdictions have developed special rules with respect to them. In
general, courts will interpret standard form contracts contra proferentem (literally 'against the
proffering person') but specific treatment varies between jurisdictions.
According to the Unfair Contract Terms 1977 United Kingdom, it will either declare the
clause automatically void, or the Act will tell us that the clause will be subject to the
reasonableness test8.
7
Digital Signature Act Section 62.
8
Section 2 and Section 3 UCTA 1977
5
For example, United Kingdom’s High Court’s Parker J, in his judgement on the case of
George Mitchell Ltd v Finney Lock Seeds Ltd 9, because of all the sold goods (seeds) were
defective, it was unfair that an exclusion of liability of the defendant to be upheld. It was held
that the exemption clause was unreasonable by UCTA 1977 Section 11.
The agreement is available in 5 languages; English, Spanish, Italian, French and German but
in any language ambiguity, English (US) will be held true.
Basically the whole “Statement” are outlines of how users should conduct themselves and
their properties e.g. photos, videos, third party application used and when publishing
contents/information. There are provisions in the “Statements” that Facebook will not be
liable of if a user offered to publish any materials that are by no obligation of theirs (users) to
publish or provide. The only obligation by the user demanded, which is loosely enforced, is
that they must not provide any false information.
Most of the debate about online social networking sites, such as Facebook, has revolved
around questions of privacy and access to personal information. Users of such services,
should they choose to exercise them, have many choices of privacy options that allow them to
restrict access to their own personal information posted online. The privacy policies of such
sites are very clear that the making of such choices is the responsibility of the users
themselves. However, due to the focus resting upon these peer-to-peer privacy questions,
those relating to the service provider-to-User relationship have been overlooked. This paper
seeks to highlight privacy issues in terms of the access to and the control of personal
information on the part of the provider and whether they are protected by the Malaysian Law.
Clause 1: Privacy
It is a very short clause that adhere the “Statements” to another appendage of the contract –
the Privacy Policy. It is a typical example of a standard form of contract (a.k.a. adhesion
9
[1983] 2 AC 803
6
contract) where a part of the contract lies elsewhere and must be read together to form a
complete contract.
The question would be, if the Parole Evidence Rule applies? There is an exception here
because the rule does not apply where it was not the intention of the parties that the written
contract would contain the whole of the agreement 10. Another requirement that binds the
collateral contract is whether or not it is incorporated in the contract that the collateral exists.
Facebook, like any other social networking websites, have faced many criticisms from users
across the world. Several times, Facebook has been successfully sued for violation of
intellectual property rights. Some of the most noted complaints are:
1. Data mining – collecting data of users using automated script or manually. The
possibility of data mining by a private individual unaffiliated with Facebook remains
open, as evidenced by the fact that two MIT 11 student were able to download, using
automated script, over 70,000 Facebook profiles from 4 schools 12 as part of a research
project on Facebook privacy published on 14 December 2005.
2. Identity theft – On 5 February 2008, Fouad Mourtada, a citizen of Morocco, was
arrested for the alleged creation of a faked Facebook profile of Prince Moulay Rachid
of Morocco.
3. Inability to voluntarily terminate accounts – as in the “Statements” clause 14, that
users may delete their account but some provisions will still apply. Facebook’s
analogy to deletion of contents in an account is similar to emptying a recycle bin on a
computer and that backup copies may still exist. A New York Times article noted that
emails and private user data remain indefinitely on Facebook’s servers.13
4. Freedom of speech – because of the open nature of Facebook, several countries like
Syria, China, Iran and Vietnam have banned access to it. Some organizations and
school have also banned and blocked access to Facebook. The most recent case was
on 18 May 2010, when the Pakistani Court ordered a temporary block of Facebook
following the creation of a group encouraging members to submit drawings of the
Prophet Muhammad (pbuh). To the Muslims, it is deemed blasphemous but to the
non-believers, it is freedom of speech.
10
Allen v Pink (1838) 150 E.R 1376
11
Harvey Jones & José Hiram Soltren; Facebook: Threat to Privacy, Massachusetts Institute of Technology
12
Massachusetts Institute of Technology, New York University, University of Oklahoma and Harvard
13
http://www.nytimes.com/2008/02/11/technology/11facebook.html
7
In Malaysia, issues concerning cyber laws are covered in several acts which are, the Digital
Signature Act 1997, Computer Crime Act 1997, Telemedicine Act 1997, Communication and
Multimedia Act 1998, Malaysian Communication and Multimedia Commission Act 1998 and
amendments of the Copyright Act 1987. A new but yet to be enforced, is the Personal Data
Protection Bill 2009 will play a very significant role in cyberspace law.
Data Mining
The use and manipulation of personal data of a third party, whether authorized or not have
come to the government’s notice and concern decade ago. The fourth economic wave, the
knowledge and information waves, have increased the ability of organizations to use and to
gather personal information like never before. It is easier to transfer and integrate the
information to narrow and focus advertisement to a specific group that fits their targeted
profile.
A bill, called the Personal Data Protection Bill, was recently passed14 after a decade of
oppositions from big companies. Big companies such as CTOS and CCRIS 15 have been
adapting the information they gather to sell to other companies like telemarketeers and direct
marketing company. This is good news to the citizens (data subject 16) because finally there
will be an act to address such abuse of personal privacy by data user17. If this bill is enacted,
the sale and buying of personal data will be a criminal offence.
Facebook however, have provisioned in Clause 10, About Advertisement on Facebook, that
they do not give users content or information to advertisers without consent. In Facebook’s
defence, the user must remember that Clause 16 in the “Statements” state that the user
consent to having their personal data transferred and processed in the United States. There
shall be a conflict of law because the Personal Data Protection Bill cannot protect you there.
It is unclear how far data mining is a criminal offence in Malaysia. There are yet to be an
instance reported in the law journal regarding this act.
Identity Theft
14
10 June 2010, The Star, Columnist Edwin Y.C. Lee
15
Credit Tip Off Service Sdn Bhd and Central Credit Reference Information System
16
Whose personal data is being processed
17
Person who process any personal data
8
A study show that Facebook users are too gullible and will give out personal details to friends
easily on Facebook. Your friend’s list will have access to your profile, personal info and
pictures. Identity thieves will use the information to assume your identity. It is most
dangerous if the user have stored information of his credit card number, or identity card
number. In Malaysia, the first 8 digits are easy to figure out. Potential thieves only need to
figure out the last 4 digits and you might be recorded as subscribing to a page of adult
viewing only.
Imagine when a user’s account had been hacked. All his friends will be at risk of being
duped18.
The government has repeatedly emphasized and acknowledge that an Act to address this
issue is critical in this age of e-commerce. Hence the, Personal Data Protection Bill 2009 is a
way to address the issue. It will solve problems such as credit card fraud, identity theft and
selling of personal data without customers’ consent. If this bill is passed and finally enacted,
users can be assured that they are at the least protected by the law too.
For now, internet users who are at risk may console themselves with provisions given in
Computer Crime Act 1997. In the Computer Crime Act 1997, there are 5 main offences that
are prescribed under section 3 through section 7.
A similar English case, R v Cropp24,25 where the accused was indicted under Section 2(1)
Computer Misuse Act 1990 United Kingdom which is similar to Section 3 Computer Crime
Act 1997 can be used as an example. Although the court have released the accused from any
liability on the grounds that access must be executed from a different computer, at the appeal
18
http://redtape.msnbc.com/2009/01/post-1.html
19
Computer Crime Act 1997, Section 3
20
Ibid., Section 4
21
Ibid.,, Section 5
22
Ibid., Section 6
23
Ibid., Section 7
24
Rowland, D., MacDonald, E. 2000 Information Technology Law ,468
25
An ex-employee accessed the wholesaler’s computer without authorization to give himself a 70% discount on an item he bought.
9
level, the learned judge held that it is still an activity of unauthorized access even when it is
done to the same computer.
Account Termination
Historically, Facebook require that the user manually delete their content, wall post, pictures
and friends when they terminate their account. However, when a friend wants to share a
user’s content with his or her friends, he could click a share button at the bottom of the user’s
page. This would make another copy of that content in that friend’s wall. Contents that have
been shared like this are very difficult to track down and delete because it requires the page
owner to delete it as the said content is now in his control. In this parody, the user, who
rightfully owns the contents, has no more control over that content.
According to the Copyrights Act 1997, it is not a doubt that the content a user post on
Facebook is still his copyright materials. In the “Statements”, users agree to license all
contents in their wall to Facebook. The issue here is that while users agree to grant the license
to Facebook, what happens when the user terminate their relationship with Facebook?
Facebook cowers behind the “Statements” clause 14 which states that the users are still bound
to some of the “Statements” provisions. It means that even if the user does not subscribe to
Facebook anymore, all their materials or intellectual properties that they have uploaded will
still be in Facebook’s control in the form of back up copies and materials that have been
shared with friends who still maintains a Facebook account.
After many complaints from its users, Facebook subsequently began permanently deleting
accounts on special request. Usually it takes 14 days to delete them.
Freedom of Speech
Many scandals and defamation was brought to public attention through Facebook status
updates through out the world. Malaysian Defamation Act 1957 seeks to define and protect
10
the victim of malicious and false broadcast, publication and slander. These activities can
happen in Facebook but there have not been a case specifically regarding Facebook in
Malaysia that I can site although a blogger have been arrested under the Internal Security Act
for inciting hate in his articles on Islam26.
Recommendation
In my opinion, Facebook is the best social networking site. I have my share of joy and
laughter each time a friend or a family member published a post or picture that is meaningful
to me. I take my mother, for an example, whose entire family is in another country. She will
be updated every time there is a new addition to the family or good news and thus she feels
closer and connected. Instances like this that makes the cutting edge of facebooking.
Social networking website is a powerful tool that even the courts in Australia and England 27
have served notices over it. It is a force that cannot be stopped and must be embraced by a
nation in order to progress.
My advice would be that users proceed with caution and diligence in their business of sharing
information or storing data in the cyberspace. The arms of the legislature are much too
limited in extending its protection to the users of such websites. It will only be a matter of
time that a dire issue of violation of personal rights arise in Malaysia. By then I hope, our
nation’s law will be capable in handling the issues arisen.
26
http://www.guardian.co.uk/world/2008/sep/12/malaysia.pressandpublishing
27
http://www.pcworld.com/article/173008/uk_high_court_serves_injunction_over_twitter.html
11
Table 1
25-35
18-24
13-17
X
0 500000 1000000 1500000 2000000 2500000 3000000 28
28
Source http://www.facebook.com/advert
12