The internet of things : legal analysis of privacy, security and data ownership in Malaysia

Abstract

The rapid development of technology has left its imprint on all aspects of modern life including the norm and systems that people depend on to regulate their conducts and protect their interests. The Internet of Things (IoT) is one of those successive technological waves that are widely being used by individuals, organisations and governments around the world. Based on this, the thesis examines the effect of IoT on the existing legal framework of Malaysia through highlighting challenges of this technology to the legal rules related to security, privacy and ownership of data. The discussion of privacy of data focuses on pointing out threats facing information privacy in the IoT environment and the challenges of complying with personal data protection principles in this electronic environment. In the security aspect, the thesis highlights threats of cyberspace to security of private and public entities with especial concentration on national security and assesses the ability of the existing legal framework of the country to efficiency deal with those threats. In addition to aspects of privacy and security, the thesis also discusses ownership of data and investigates the so-called ‘propertization of data’ (dealing with data as property) from economic, academic and legal perspectives. Moreover, the research also discusses the Shariah (Islamic law) view on security, privacy and ownership of data. The researcher uses the analytical method for finding relevant legal rules and examining the effectiveness of such rules in dealing with data flowing in the IoT environment. He also employs the comparative method for comparing laws pertaining to data in different aspects. The study uses both primary and secondary sources. Statutes and court-cases referred to in this thesis are mostly taken from Malaysia and sometimes from other jurisdictions. The study concluded that the current legal framework governing privacy and security in Malaysia provides considerable protection to information privacy and vital interests of the country. However, there is a need to improve and enhance such framework to enable it to efficiently cope with countless threats associated with cyberspace. For data propertization, the research found that dealing with data as property is a new idea, but it can theoretically be accepted by the existing legal system in Malaysia and elsewhere. The best legal models to be followed thereof are data protection law which grants various rights to data subjects and IP law which also gives an assortment of rights to data in its scope. As for the Shariah side, the thesis found that Fiqh rulings related to privacy, security and ownership can apply to data in the IoT environment.