Can you keep others identity information? A guide to Personal Data Protection Act (PDPA)

Posted on May 15, 2026 by admin

Introduction: The data you collected without thinking twice

Many have stored someone else’s IC number in their phone, or a spreadsheet of customers, or a team list in a group chat. It feels harmless. You had to have information for a reason, you did, and now it is sitting somewhere on a device or platform you use. However, according to Malaysian law it is not always easy to keep onto someone else’s identity information.

The Personal Data Protection Act 2010 (Act 709) provides guidelines on when it is permissible to collect, keep and use personal data of others – and when it is not. Since the 15th November 2013, the law has been in effect and the changes to the law in 2024 introduced new duties for a broader range of organisations. Whether you’re a small business manager, a community group leader or simply processing data as part of your work, Act 709 probably impacts you more than you think.

What counts as personal data, and why it matters

It’s best to know what the law actually does before inquiring about retaining someone’s information. Personal data is information that refers directly or indirectly to a person and can be used, singly or in combination with other information in the possession of whoever holds the data. That spans the gamut, including full names, IC numbers, home addresses, telephone numbers, emails, biometric data and location data (Department of Personal Data Protection, “Personal Data Protection Act 2010”). 

There is also a stricter category called sensitive personal data. This includes health and medical conditions, political opinions, religious beliefs, and records relating to offences. If you are collecting or storing any of these, the law requires explicit written consent from the person involved. A general tick-box in a form is unlikely to be enough.

The law applies to anyone processing personal data in connection with commercial transactions. That phrase is broad. It covers companies, small businesses, sole traders, and freelancers. What it does not cover is the Federal or State Government, and purely personal or domestic use. A community group administrator keeping a member list, or a political branch holding voter records, technically falls outside Act 709’s reach. That gap is one of the more significant limitations of the current framework compared to the European Union’s General Data Protection Regulation, Regulation (EU) 2016/679, which applies regardless of whether a transaction is commercial.

Seven rules every data holder needs to know

Part II of Act 709, covering Sections 5 to 11, contains the practical obligations. These are written as seven principles, and each one places a specific duty on whoever holds the data.

Under the General Principle stated in Section 5, personal data is not to be processed without the consent of the data subject, unless one of the exceptions listed in that section applies. Exceptions are that when processing is necessary to perform a contract, when it is required by a legal obligation, or when it is required to protect another person’s vital interests.

The Notice and Choice Principle states that the data subject must be notified of: the data being collected, the purposes to which it is collected, whether they have a right to access or correct the data, and the consequences if they refuse to provide the data before or at the time of its collection. This means a consent form with no explanation is not sufficient.

The Disclosure Principle (section 7) states that data should not be used for other purposes than those originally disclosed and should not be disclosed to other persons than those originally disclosed.Selling a customer list to a third party would breach this section unless customers were told in advance and agreed to it.

Practical measures must be taken to ensure that data is not lost, misused, modified or accessed by unauthorised users, as outlined in Section 8, Security Principle. The statute does not specify the technical conditions under which practical steps are to be determined, so the Commissioner evaluates this on an individual basis based on the nature of the industry and the size of the organisation.

The one thing that most people tend to skip is the Retention Principle, in section 9. Data should not be stored beyond the time that is necessary for the data for which it was collected. After serving this purpose, the data should be deleted or anonymised. Having a former customer’s IC number in your system for three years after the last transaction, when there is no existing reason, is a potential breach of this section. 

According to Section 10, data must be accurate, complete and up-to-date. Section 11 provides rights of access to data subjects and the right to correct their records. Where a data holder refuses on no lawful ground the data subject may make a complaint to the Commissioner.

When the law was tested: three cases worth knowing

Malaysia’s enforcement record under Act 709 is mostly administrative rather than criminal. Most cases are resolved through directive letters, compliance audits, or compound payments rather than court prosecution. Three situations illustrate how the Act has been applied in practice.

In 2021, personal data linked to Universiti Teknologi Malaysia, including student and staff details, was reported to have circulated online. Because UTM is a public university, Act 709 did not apply. No criminal charge under the Act could be brought, exposing a direct consequence of the public sector exclusion: when a government body suffers or causes a data breach, affected individuals have no recourse under this law.

Telecommunications companies, including Celcom Axiata Berhad, have been investigated following customer data exposure incidents. These cases centred on the Disclosure Principle under Section 7 — specifically whether subscriber information was shared with third parties beyond what customers had been told at the time of collection. The outcomes were largely administrative, but the cases confirmed that the Commissioner does actively pursue complaints in the telecommunications sector.

Following a 2022 incident where customer data from a bank-linked service was reported to have appeared on a dark web forum, the Commissioner opened a compliance inquiry under the Security Principle. The data user had to show it had taken practical steps to protect customer records. This case reflects a pattern: financial institutions face a higher level of scrutiny because they are required to register with the Commissioner and operate under sector-specific codes of practice.

The 2024 amendments: what changed and what is still unclear

Act 709 was amended by several changes in the Personal Data Protection (Amendment) Act 2024. The most important is a new requirement to notify of data breaches. The data user is now required to notify the Personal Data Protection Commissioner in the event of a data breach that is likely to result in significant damage to the data subjects. This is in contrast to the previous place where notification was not mandated by law (Department of Personal Data Protection, “Personal Data Protection (Amendment) Act 2024”).

In addition, the 2024 Act created the position of Data Protection Officer. A DPO must be appointed by organisations that have specific metrics or requirements. The classes of data users who will have to comply, however, will rely on orders of ministers which are not yet gazetted. This puts many medium-sized organisations in a dilemma as to whether this requirement has any applicability to them.

Penalties also were raised. The general penalty prescribed in terms of Section 130 of Act 709 is a fine of up to RM300,000, imprisonment of up to two years or both. It is punishable by up to RM500,000 or up to three years in prison for operating without registration if registration is required under Section 16. Directors and officers of a company can face personal liability under Section 133 if an offence is committed with their knowledge or consent.

So, can you actually keep someone’s information?

Well, the short answer is – it depends!

If you have taken personal data with proper notice and consent, are only holding it for the period necessary to achieve the purpose for which it was taken, and have reasonable security controls, you are complying with the requirements of the Act. Your chances of being in violation of Act 709 are high if any of those conditions is not present: you collected the data without the knowledge of the person, you’re keeping it for longer than its useful life, or you’re sharing it with people who the person didn’t know about.

If the data is being used only by the individual involved and in no way related to a business transaction then the Act does not apply. However, it can be difficult to distinguish between personal and business usage. A data user may be someone operating a computer system who collects data for the client, such as a food delivery coordinator who maintains a customer list, or a property agent without a registered company who keeps an up-to-date record of past purchasers of the property.

The Credit Reporting Agencies Act 2010, Act 710, adds a separate layer for organisations involved in credit reporting, which operates under its own regulatory framework through the Registrar Office of Credit Reporting Agencies under the Ministry of Finance. 

Conclusion: Personal data is not yours to keep forever

The simple premise behind Act 709 is that if someone provides you with information, you don’t own it. You keep it under conditions — consent, purpose, security and time. Once those conditions are no longer fulfilled, you lose your right to keep data.

In 2024, those duties were extended, with the introduction of obligations to report on the breaches, and, in some cases, the appointment of compliance officers. The requirements are still being phased down and the implementation gaps will become evident as the orders of the ministers are published.

The most significant thing for an ordinary user is that there are direct rights to be found in Section 11. You can ask if you’d like to learn what a company has on you. If the info is inaccurate, you can request that it be corrected. If they refuse for no reason, you may report to the Commissioner. These rights are not limited to the need of having a lawyer or a formal complaints process to use them. They are incorporated in the Act and can be made available to all.

Whether Act 709 can keep up with the current methods of data collection such as apps, loyalty programmes, digital payments, and AI-powered platforms will rely on how quickly future amendments come into effect to fill the gaps. For the time being, the law provides a clear starting point: Personal data belongs to the person it describes, and anyone who holds it is responsible for treating it that way. 

References

Department of Personal Data Protection (JPDP). "Personal Data Protection Act 2010 [Act 709]." Jabatan Perlindungan Data Peribadi, Ministry of Communications and Digital, Malaysia,www.pdp.gov.my/ppdpv1/en/akta/pdp-act-2010-en/. 

Department of Personal Data Protection (JPDP). "Personal Data Protection (Amendment) Act 2024." Jabatan Perlindungan Data Peribadi, Ministry of Communications and Digital, Malaysia, www.pdp.gov.my/ppdpv1/en/akta/personal-data-protection-amendment-act-2024/.

European Parliament and Council of the European Union. General Data Protection Regulation, Regulation (EU) 2016/679. Official Journal of the European Union, 4 May 2016, eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679.

Malaysia. Credit Reporting Agencies Act 2010, Act 710. Laws of Malaysia, 2010.www.mof.gov.my/portal/en/profile/divisions/registrar-office-of-credit-reporting-agencies.
Posted in Personal Data Protection Act (PDPA) | Leave a comment

Behind the Internet: Things Every Malaysian Needs to Know About the Online Safety Act 2025

Posted on May 11, 2026 by Chong Jun Hao, Le Ze Hon, Lai Jia Rong

Introduction: How a RM100 Fine Changed the Conversation

Malaysia’s Online Safety Act 2025 did not come out of nowhere. One case that pushed the issue into public discussion was the 2024 case involving Hindu rights activist and social media influencer Rajeswary Appahu, who was also known as Esha. Many people were shocked when one offender linked to the case was fined only RM100 under the Minor Offences Act, mainly because there was still no specific cyberbullying law that properly fitted the situation (The Star). For the public, the fine felt almost too small compared with the harm people can face online. More importantly, it showed that Malaysia’s law had not kept up with the way social media is now used.

Before ONSA, victims often carried most of the burden. They were usually told to block the account, report the post, collect screenshots, or go to the police after the damage had already been done. ONSA tries to change that. Instead of treating online safety as only the user’s personal problem, it places duties on licensed applications service providers, content applications service providers, and network service providers. In simple terms, platforms can no longer hide behind the excuse that they are only hosting content. They are expected to have proper reporting channels, safety tools, and systems that reduce exposure to harmful content (Malaysia, Online Safety Act secs. 13-20).

That is the main shift behind the new law. Malaysia is moving away from a model where users are simply expected to protect themselves, and toward a model where large platforms also carry responsibility. Of course, users still need to behave responsibly online. But the companies that design our feeds, private messages, and recommendation systems also have a much bigger role to play.

The “16 Is the New 13” Rule: Why You Might Get Logged Out from Instagram

For a long time, many social media platforms treated 13 as the normal minimum age. In Malaysia, that number is now being pushed higher. The Online Safety Act itself defines a child as a person under 18, and section 18 requires providers to put in place measures that allow child users to use their services safely (Malaysia, Online Safety Act sec. 18). The specific under-16 restriction, however, is not written as one simple sentence in the main Act. It is being developed through subsidiary legislation and the Child Protection Code.

Government statements in late 2025 and early 2026 make the direction quite clear. Under the planned rules, platform providers are expected to stop users below 16 from accessing social media platforms, while content shown to users under 18 must be suitable for their age (Bernama, ‘MCMC Develops Subsidiary Laws’). In February 2026, Deputy Communications Minister Teo Nie Ching said the age-verification mechanism was expected to be finalised through subsidiary legislation under ONSA. She also said the responsibility for making sure users aged 16 and below do not operate social media accounts would fall on the platform providers (Bernama, ‘Age Verification Mechanism’).

This is why some Malaysians may eventually be asked to prove their age, re-confirm their account, or accept limits on certain features. It is not only about stopping fake birthdays. The bigger concern is whether underage users are being pushed into adult-level content, risky private messaging, addictive scrolling, or harmful recommendations before they are ready for it.

The Mandatory eKYC Verification: No More Fake Birthdays

The tricky part is age verification. How can a platform check a user’s age without making everyone feel like they are giving away too much personal information? In April 2026, Communications Minister Fahmi Fadzil said MCMC was close to completing engagement sessions with major platforms and stakeholders on electronic Know-Your-Customer, or eKYC, verification. According to him, the plan was to use MyKad, passports, and MyDigital ID to confirm age, and new social media accounts would only be allowed for users aged 16 and above (Bernama, ‘Engagement Sessions’).

The government has also said that MCMC is testing the approach through a Regulatory Sandbox with platform providers. Teo explained that the testing covers age verification, entity validation, and the use of AI to detect high-risk content. This is not only a technical issue. The government has also mentioned concerns such as personal data protection, privacy, and whether the system fits with existing laws (Bernama, ‘Age Verification Mechanism’).

This part of ONSA is probably where many users will have mixed feelings. On one hand, age verification can stop a 12-year-old from signing up by typing a fake birthday. On the other hand, a badly designed system could create new problems, such as identity leaks, too much personal data being collected, or real identity being permanently linked to online activity. A better approach should only verify what is needed, for example whether a person is above 16, instead of exposing full IC numbers or document copies to every platform. In the end, ONSA will only feel safe if the technical rules protect both children and user privacy.

Cyberbullying Beware: From a Slap on the Wrist to Real Criminal Liability

Although ONSA mainly focuses on platform duties, Malaysia’s response to online harm also includes changes to criminal law. The Penal Code (Amendment) Act 2025, Act A1750, added new sections 507B to 507G into the Penal Code. These sections cover threatening, abusive, or insulting words, communications, or acts that cause harassment, distress, fear, or alarm. For example, section 507B can carry imprisonment of up to three years, a fine, or both. Section 507C deals with similar behaviour when it is likely to make a person feel harassed or alarmed (Malaysia, Penal Code (Amendment) Act sec. 2).

The amendments also cover situations where online behaviour makes a person believe that harm will happen, or where someone provokes another person in a way that may lead to self-harm. The most serious punishment applies when the person who is provoked attempts suicide or dies by suicide. In that situation, the offender may face imprisonment of up to ten years, a fine, or both (Malaysia, Penal Code (Amendment) Act sec. 507D). This is a major change from the old impression that cyberbullying is just a small online argument.

The law also deals with doxing. Sections 507E and 507F criminalise publishing, circulating, or making available someone’s identity information when it is done with harmful intent or knowledge. Identity information is defined broadly as information that identifies, or claims to identify, a person (Malaysia, Penal Code (Amendment) Act sec. 507G). So, doing a ‘deep search’ or ‘meat-searching’ (肉搜) on someone by digging up their IC number, address, school, workplace, family details, or private photos and then sharing it online can become a criminal matter if the aim is to cause distress, fear, or harm. In everyday language, exposing someone’s private details is not harmless gossip just because it happens on Telegram, TikTok, X, or Instagram.

The Content Removal Strategy: How Malaysia Makes Big Tech Hit ‘Delete’

One of the most practical parts of ONSA is the idea that harmful content should not be left online while everyone argues about who is responsible. The First Schedule lists categories of harmful content, including child sexual abuse material, financial fraud, obscene or indecent content, harassment that may cause distress, fear or alarm, incitement to violence or terrorism, content that may induce a child to self-harm, hostility that may disturb public tranquillity, and promotion of dangerous drugs (Malaysia, Online Safety Act First Schedule). The Second Schedule gives special priority to two categories: child sexual abuse material and financial fraud (Malaysia, Online Safety Act Second Schedule).

For normal users, this should mean that reporting harmful content becomes clearer and less random. Licensed providers must give users a way to report harmful content and get assistance. These systems are supposed to be easy to access and responsive at all times (Malaysia, Online Safety Act secs. 16-17). MCMC’s FAQ, as reported by Bernama, also says users can expect clearer safety information, easier reporting, more responsive assistance, and better tools to control who can search for, contact, or interact with them (Bernama, ‘ONSA FAQ Unveils’).

The strongest rule is for priority harmful content. Under section 22, once a provider decides that reported content is priority harmful content, it must immediately make the content inaccessible to all users for the prescribed period. The Online Safety (Period) Regulations 2025 make the process more specific: reports must be acknowledged quickly, priority harmful content such as child sexual abuse material and financial fraud must be made temporarily inaccessible for 24 hours, and if confirmed, permanently inaccessible within one hour of determination (Rahmat Lim & Partners).

The fines are also serious enough to get attention. If licensed applications service providers or content applications service providers fail to follow their duties under Part III, MCMC may impose a financial penalty of up to RM10 million (Malaysia, Online Safety Act sec. 39). This is what makes ONSA different from ordinary platform community guidelines. Ignoring reports is no longer just bad service. For platforms, it can become a legal and regulatory problem.

Conclusion: A Safer Feed for a Smarter Generation

The Online Safety Act 2025 is not just about banning phones or blaming teenagers. It is more about changing who is responsible when harm happens online. Users still need digital literacy. Parents still need to guide their children. Schools still need to teach respectful online behaviour. But platforms also need to take responsibility for the systems they build, especially when those systems shape what people see, who can contact them, and how quickly harmful content spreads.

If ONSA works well, Malaysia’s online space should become less passive when serious harm appears. A scam post, child exploitation material, doxing thread, or harassment campaign should not remain online for days while victims try to get help. The law gives users and MCMC clearer ways to demand action, and it pushes platforms to think about safety before a situation becomes another headline.

Still, the law will also need public trust. Age checks and eKYC may protect children, but they also raise fair questions about privacy. Malaysians will need to see whether the final rules collect only the data that is really necessary, protect identity records properly, and avoid turning online safety into unnecessary surveillance. A safer internet should protect both dignity and privacy. Whether ONSA becomes a trusted shield or just another rule people try to bypass will depend on how carefully that balance is handled.

References

Bernama. "Age Verification Mechanism for Social Media Users to Be Finalised in Q2 This Year - Teo." Bernama, 25 Feb. 2026, www.bernama.com/en/news.php?id=2527418.

Bernama. "Engagement Sessions for eKYC Implementation Almost Completed - Fahmi." Bernama, 30 Apr. 2026, bernama.com/en/news.php?id=2551255.

Bernama. "MCMC Develops Subsidiary Laws to Strengthen Online Child Protection." Bernama, 4 Dec. 2025, www.bernama.com/en/news.php/?id=2498778.

Bernama. "ONSA FAQ Unveils Stricter Safety Guidelines, Streamlined Reporting of Harmful Content." Bernama, 1 Jan. 2026, bernama.com/en/news.php?id=2507843.

Malaysia. Online Safety Act 2025, Act 866. Laws of Malaysia, 2025.

Malaysia. Penal Code (Amendment) Act 2025, Act A1750. Laws of Malaysia, 2025.

Rahmat Lim & Partners. "Online Safety in Malaysia: What You Should Know about the Online Safety Act 2025 and Its Subsidiary Legislation." Rahmat Lim & Partners, 23 Jan. 2026, www.rahmatlim.com/perspectives/articles/32091/mykh-online-safety-in-malaysia-what-you-should-know-about-the-online-safety-act-2025-and-its-subsidiary-legislation.

The Star. "RM100 Fine since There's No Specific Law for Cyberbullying." The Star, 18 July 2024, www.thestar.com.my/news/nation/2024/07/18/rm100-fine-since-theres-no-specific-law-for-cyberbullying.

Posted in Online Safety Act (ONSA) | Leave a comment

The Legal Boundaries of Self-Defence in Malaysia

Posted on May 11, 2026 by admin

Executive Summary

Malaysia has a distinct legal framework outlining the appropriate use of self-defence in law. The right of private defence is governed by the Penal Code (Act 574), not as absolute permission to commit violence, but as a legalized right to defend oneself or others from harm. Sections 96 to 106 outline situations where an individual is not criminally responsible for their acts if specific conditions are met.

Statutory Framework

The Penal Code establishes the parameters for when force is legal in Malaysia.

The Right of Private Defence

  • Scope: According to Section 97, every person has the right to defend their body (or the body of another) against offences affecting the human body, and property against theft, robbery, mischief, or criminal trespass.
  • Limitation: Subject to Section 99(4), the right of private defence should not inflict more harm than is necessary for the purpose of defence.

Circumstances for Lethal Force

Section 100 outlines specific circumstances where the right of private defence extends to voluntarily causing death:

  • Offences causing reasonable apprehension of death.
  • Offences causing reasonable apprehension of grievous hurt.
  • Assault with the intention of committing rape or gratifying unnatural lust.
  • Assault with the intention of kidnapping or abducting.
  • Assault with the intention of wrongfully confining a person.

Commencement and Duration

  • Start: The right arises at the first instant of reasonable apprehension of danger to the body.
  • End: The right does not continue beyond the period of such apprehension. If the assailant retreats or is disabled, the legal right to use force ends.

Case Studies

  1. Dato’ Balwant Singh v Public Prosecutor (2003): A 71-year-old man was acquitted of murder after shooting a motorcyclist who attacked him with a wooden stick. The court established he had reasonable apprehension of death or grievous hurt, and the use of a firearm was proportionate as he had fired a warning shot first.
  2. Public Prosecutor v Zulkifli bin Ismail (2015): A man stabbed two people attempting to rob his home in Terengganu. It was alleged the stabbing occurred as the intruders were attempting to leave. The court found the right to private defence did not apply because the danger had ceased once the intruders retreated.

Scenario Analysis

  • Burglary: Force may be used in line with Section 100 if the security of the home is compromised. However, if the intruder is overpowered and the homeowner continues to beat or threaten them, it is considered an aggressive act rather than private defence.
  • Attempted Kidnapping: A bystander may aid a victim under Section 97, but force must not be disproportionate. If excessive force is used after the victim is safe or the kidnappers have surrendered, the bystander loses legal protection.
  • Immediate vs. Future Threat: Under Section 99(3), there is no right of private defence if there is enough time to seek protection from public authorities (e.g., a 48-hour ransom threat).

Legal Restrictions on Weapons

Acquittal of a violent charge does not protect an individual regarding the possession of weapons.

  • Arms Act 1960: Possession of a weapon without a license (tightly controlled by the Chief Police Officer) can lead to prosecution. Using an illegal weapon for self-defence can result in up to 14 years in prison and caning.
  • Corrosive and Explosive Substances & Offensive Weapons Act 1958: Section 6(1) forbids carrying offensive weapons (e.g., brass knuckles, flick knives, pepper spray) in public without a “lawful purpose”. Courts generally do not consider “self-defence” as a lawful purpose for carrying these.
  • Scheduled Weapons: Possession of items like parangs or keris is prohibited under Section 7 except for legitimate agricultural or cultural purposes.

Self-Defence Checklist

To stay within the boundaries of the law, ensure:

  1. Existence of an immediate risk to life or property.
  2. Inability to seek immediate police assistance.
  3. Proportionality of force (no more than necessary).
  4. Cessation of force immediately upon the threat retreating or being neutralized.

References

Statutes: Arms Act 1960 (Act 206); Corrosive and Explosive Substances and Offensive Weapons Act 1958 (Act 593); Penal Code (Act 574).

Cases: Dato' Balwant Singh v Public Prosecutor [2003]; Public Prosecutor v Zulkifli bin Ismail [2015].

Reports: "Rights of an arrested person by virtue of section 28A of the criminal procedure code: an analysis," UiTM Institutional Repository, 2013.
Posted in Penal Code | Comments Off on The Legal Boundaries of Self-Defence in Malaysia

Law & Order, Real or Fake: The Legal World in Media

Posted on March 31, 2025 by Estelle Sia

As the latest films and TV series cover a slightly-dramaticized lifestyle of a lawyer (cough, Suits, cough), they also zoom into those at the other end of the law. The real question, however, is: how true is the portrayal of the law?

Ging Chen Sow – a renowned production designer and art director – is here to answer them for us. While in Hollywood building sets and making films come alive, he is a Penangite, who studied film production at the University of Southern California. One of his works in progress as a production designer is “In Summer”, which is a short film about a daughter wanting to overrule her father’s false conviction of a crime he did not commit. 

The Lens of a Production Designer: A Conversation With Ging Chen Sow

Through an interview with Ging, he gave us the full in-and-out experience of designing a film, especially one that explores an issue both unjust and heartbreaking. To visualise the emotional and legal challenges of being falsely accused of a crime, he worked particularly on an ‘interrogation room’ scene, where he crafted it to feel sterile, cold, and dark to depict the sense of helplessness towards the uphill battle. One of the places he took inspiration from during his work was Alcatraz Island: a maximum security prison that is now closed. 

As a production designer, Ging carries the responsibility of portraying the world accurately while balancing it with the storytelling element of a film. Although he has to take some creative liberties to create drama and urgency, he also attempts to recreate the world faithfully in film. Due to the condensation of complex processes, Ging often uses contrast to showcase the emotional aspect of the problem, appealing audiences to a relatable struggle. For example, with “In Summer”, he uses his resources to create a situation where you can feel the difference between being oppressed in a system and freed outside of it. 

Ging has no doubt of the media’s role in shaping public opinion, especially in raising the consciousness of the population about the legal system. “What we need to realise is that the power of the media is strong,” Ging said. A negative portrayal of the law will largely influence the public view of the legal system. 

Film itself is storytelling, which humanises things that feel static. Ging follows the philosophy of a quote by Pawo Choyning Dorji (whose work was nominated for an academy award): “Please untie a knot for me.” Filmmaking, to Ging, is not just crucial to spread awareness and understanding of the legalities, but to help people solve underlying issues, to create outlooks to think and discuss with others around you. As viewers walk away from the film, Ging hopes that they will rethink and reconsider the existing legal system that has been abused and hijacked by people. He believes that people need to sit down, rethink why certain rules exist, and fully realise that some legislation is outdated to create a more robust system to help those who need it. 

Lastly, some advice from our seasoned filmmaker, in his very own words: research and just do it, put yourself out there, network and build your circle. Ging is now working with Emmy-winning art director, Edward Rubin, and will continue to make a difference in the arts. 

“In Summer” will be coming to you at local festivals this year, so stay tuned for the emotional and legal turmoil. 

To learn more about Ging’s works, you can find him at: @gings_fs on Instagram and on https://www.gingchensow.com.

Posted in Uncategorized | Leave a comment

Can You Really Sue Over Burger Sizes? 

Posted on January 8, 2025 by Estelle Sia

Ever experienced your food portions being much smaller than expected? I’m sure you have: whether it was at an overpriced, Instagrammable cafe or perhaps, a fast food chain. As corporate chains and rising restaurants use appealing and sometimes exaggerated advertisements to lure us towards their shops, we the consumers end up disappointed and hungry after the meal. The real question is: can you really sue over the portion sizes? 

This 2023 case says maybe not. In 2022, a lawsuit was filed against McDonald’s and Wendy’s by the plaintiff – Justin Chimienti of New York – for misadvertising and misrepresenting products. Chimienti claimed that the burgers he bought at McDonald’s and Wendy’s locations were “much smaller than advertised”, stating that he was financially damaged because of it. In his complaint, the plaintiff accused the corporate giants of using undercooked burger patties in their advertisements, citing that meat shrinks by 25% when cooked and thus looks less delicious. Additionally, Mr Chimienti alleged that Wendy’s overstates the amount of toppings for their menu items. The plaintiff’s argument suggests that the chains’ advertising was misrepresentation, misleading customers who received food allegedly lower in value than promised. Thus, Chimienti’s lawsuit sought monetary damages that were unspecified to compensate himself and all individuals “deceived by the defendants as a result of purchasing an overstated menu item.” 

Source: Getty Images

However, the lawsuit was dismissed. Judge Hector Gonzalez (of the U.S District Court for the Eastern District of New York) decided that the fast-food giants did not deliver burgers smaller than advertised. His 19-page ruling decision wrote that the appetising marketing by Wendy’s and McDonald’s were “no different than other companies’ use of visually appealing images to foster positive associations with their products.” Moreover, prominent disclaimers and objective information about the meals were displayed on the chains’ websites. 

Recently, food litigation lawsuits are increasing in numbers, going against large fast-food chains for misleading marketing and advertising of their products. Aside from the above case, the years saw lawsuits against companies like Burger King and Taco Bell with some being tossed and some pending. Now, how do these lawsuits apply to you? Can you sue for smaller portion sizes in Malaysia? How are you, as a consumer, protected from deception in food? 

Malaysia’s Consumer Protection Act 1999 is the foundation of consumer rights and protections in the country. Certain products have advertisement restrictions, such as medicines and drugs whose labels must be registered with the Ministry of Health under the Control of Drugs and Cosmetics Regulations 1984. Disregarding that, online advertisements of products (like your food or clothes) have to follow the Malaysian Communications & Multimedia Content Code. The regulations stated in part 3 of the code follows: 

(iii) Honesty and Truthfulness

  1. Advertisements must not be so framed as to abuse the trust of the consumer or exploit his lack of experience or knowledge.
  2. No advertisement should mislead by inaccuracy, ambiguity, exaggeration, omission or otherwise.

It states that no advertisements should be misleading, whether it is due to being false, vague, or other reasons. Thus, advertisements like this can be reported to the Malaysian Communications and Multimedia Commission (MCMC) for breach of the Code. The advertiser will then be penalised. 

Furthermore, as part of your consumer rights, you are entitled to goods of a reasonable quality regardless of the marketing tactics. 

Section 32: Implied guarantee as to acceptable quality

  1. Where goods are supplied to a consumer there shall be implied a guarantee that the goods are of acceptable quality.  
  2. For the purposes of subsection (1), goods shall be deemed to be of acceptable quality. 
    1. If they are
      1. fit for all the purposes for which goods of the type in question are commonly supplied;
      2. acceptable in appearance and finish;
      3. free from minor defects;
      4. safe; and
      5. durable

Hence, even with exaggerated ads and angles, your goods and services should attain a certain standard of quality. Unfortunately, this doesn’t mean that you can sue for misleading advertisements. In fact, most advertisements these days include a disclaimer in the fine print, stating that the images were for illustration purposes only. Hence, the extent of your consumer rights only go towards ensuring that advertisements adhere to certain guidelines. While suing is a far-fetched dream, you can still make complaints to ensure that action is taken. 

Next time you see another advertisement too good to be true, remember your consumer rights (and the tiny disclaimer written at the bottom) to avoid falling victim to deceptive marketing tactics. 

References

Diaz, Johnny. “False Advertising Suit against McDonald’s and Wendy’s Is Dismissed.” The New York Times, 4 Oct. 2023, www.nytimes.com/2023/10/04/business/wendys-mcdonalds-burgers-lawsuit.html. 

LAWS OF MALAYSIA ACT 599 CONSUMER PROTECTION ACT 1999 [REPRINT - 2001] https://mysafe.kpdn.gov.my/img/portal/consumer-safety/akta_perlindunganpengguna1999.pdf
Posted in Can You Really Sue? | Leave a comment