Searching Case Laws & Precedent on Legal Query.....!
Analysing the retrieved Case Laws
Scanned Judgements…!
Searching Case Laws & Precedent on Legal Query.....!
Analysing the retrieved Case Laws
Scanned Judgements…!
PDPA Cannot Be Used as a Shield - Courts have consistently held that the Personal Data Protection Act (PDPA) cannot be invoked to prevent the production of relevant and admissible documents during trial, especially when ordered by the court. The act does not provide absolute protection that overrides court discovery obligations. For example, ["NEWLAKE DEVELOPMENT SDN BHD vs ZENITH DELIGHT SDN BHD & ORS - 2021 MarsdenLR 1051"] states, a party cannot use the PDPA as a shield to prevent the said documents from being produced at the trial under the guise of personal data protection, emphasizing that court orders for discovery must be complied with regardless of PDPA concerns.
Relevance and Admissibility Take Precedence - When documents are relevant and admissible, the PDPA does not permit withholding them solely on personal data protection grounds. The court in ["NEWLAKE DEVELOPMENT SDN BHD vs ZENITH DELIGHT SDN BHD & ORS - 2021 MarsdenLR 1051"] highlighted that preventing documents like bank statements from being admitted due to PDPA would be against the interests of justice, indicating that the act does not override the court's discovery powers.
Legal Principles on Data Disclosure - Several cases reaffirm that the PDPA’s provisions, such as sections 4, 8, 39, and 45, do not authorize parties to refuse disclosure of relevant documents in legal proceedings. For instance, ["ACCLIME CORPORATE SERVICES SDN BHD & ANOR vs WONG YOUN KIM & ANOR - High Court"] notes that the purpose for which the personal data was to be disclosed at the time of collection and the specific legal context are important, but the act does not shield documents from court-ordered production if they are relevant to the case.
Court Rulings on Data as Evidence - The High Court in ["MY HOME BUDGET HOTEL SDN BHD vs CIMB BANK BERHAD - High Court"] explicitly held that where the documents in question were relevant and admissible, a party could not use the PDPA as a shield. It further clarified that the act does not apply to documents that are relevant and necessary for trial, reaffirming that the court’s discovery process takes precedence over PDPA protections.
Limitations of PDPA in Legal Proceedings - While the PDPA provides exemptions, such as for law enforcement or investigations (disclosure necessary for investigation or proceedings ["NEETU SINGH vs TELEGRAM FZ LLC - Delhi"]), these are specific and do not generally allow parties to withhold documents in civil trials under the guise of personal data protection. The courts have emphasized that the act’s protections are not absolute and do not prevent the production of relevant evidence when ordered by the court.
Courts in Malaysia have consistently held that the PDPA cannot be used as a shield to prevent the production of relevant and admissible documents during trial, especially when such documents are ordered by the court. The act’s provisions do not override the court’s discovery powers and are not intended to obstruct justice. Relevant case law, including ["NEWLAKE DEVELOPMENT SDN BHD vs ZENITH DELIGHT SDN BHD & ORS - 2021 MarsdenLR 1051"], ["MY HOME BUDGET HOTEL SDN BHD vs CIMB BANK BERHAD - High Court"], and ["ACCLIME CORPORATE SERVICES SDN BHD & ANOR vs WONG YOUN KIM & ANOR - High Court"], reinforce that personal data protection rights do not exempt parties from complying with court orders for document disclosure, provided the documents are relevant, admissible, and necessary for the fair conduct of the trial.
In the digital age, personal data protection laws like Malaysia's Personal Data Protection Act 2010 (PDPA) are crucial for safeguarding privacy. However, a key question arises in litigation: can a party invoke the PDPA as a shield to prevent relevant documents from being produced at trial under the guise of personal data protection?
The answer, backed by case law, is generally no—especially when courts deem documents relevant and admissible. This blog dives into the jurisprudence, key rulings, PDPA exceptions, and practical insights, helping litigators, businesses, and compliance officers navigate this balance between privacy and justice.
Malaysian courts have consistently ruled that the PDPA does not grant absolute privilege against disclosure in legal proceedings. Once a court determines documents are relevant and admissible, parties cannot withhold them citing PDPA protections. As stated in a pivotal ruling: where the Court makes a ruling that the documents in question are relevant and admissible (as is the case here), a party cannot use the PDPA as a shield to prevent the said documents from being produced at the trial under the guise of personal data protection. NEWLAKE DEVELOPMENT SDN BHD vs ZENITH DELIGHT SDN BHD & ORS - 2021 MarsdenLR 1051
This principle prioritizes judicial access to evidence. The PDPA's exemptions, particularly under Section 45(2)(d), allow personal data necessary for court orders or judgments to bypass standard protections. Courts emphasize that data protection claims do not override procedural fairness or the need for relevant evidence. NEWLAKE DEVELOPMENT SDN BHD vs ZENITH DELIGHT SDN BHD & ORS - 2021 MarsdenLR 1051
In NEWLAKE DEVELOPMENT SDN BHD vs ZENITH DELIGHT SDN BHD & ORS - 2021 MarsdenLR 1051, the court explicitly rejected PDPA as a bar to production post-relevance ruling. This sets a clear benchmark: judicial determination trumps general privacy shields.
A related decision in KETUA PENGARAH HASIL DALAM NEGERI vs GENTING MALAYSIA BERHAD - 2025 MarsdenLR 3417 quashed attempts to restrict personal data disclosure via PDPA, underscoring that protections are subject to judicial oversight. The court held that relevant documents must be produced if necessary for proceedings, reinforcing PDPA's non-absolute nature. KETUA PENGARAH HASIL DALAM NEGERI vs GENTING MALAYSIA BERHAD - 2025 MarsdenLR 3417
These cases illustrate a jurisprudence where courts balance privacy with the administration of justice, consistently favoring disclosure when relevance is established.
The PDPA itself carves out exceptions for legal proceedings. Section 45(2)(d) exempts data required for court judgments. This extends to regulatory demands, as seen in tax disputes:
However, general fishing expeditions without justification infringe privacy, as one court noted: The request for personal data by tax authority is unlawful without specific justification, infringing privacy rights protected under the Personal Data Protection Act. GENTING MALAYSIA BERHAD vs PESURUHJAYA PERLINDUNGAN DATA PERIBADI Yet, when tied to proceedings, exceptions apply.
Other sources highlight PDPA's interplay:- Loyalty program data disclosures to tax authorities were deemed compliant, not requiring consent under specific exemptions. GENTING MALAYSIA BERHAD vs DIRECTOR GENERAL OF INLAND REVENUE (LHDN)- Breaches or nuisance claims under PDPA failed without proven violations, emphasizing pleadings must bind parties. RANJAN PARAMALINGAM & ANOR vs PERSATUAN PENDUDUK TAMAN BANGSAR KUALA LUMPUR
These examples show PDPA protections are contextual, yielding to court orders or statutory necessities.
PDPA is not toothless outside judicial mandates:- No court ruling? Parties may invoke protections if documents lack relevance. NEWLAKE DEVELOPMENT SDN BHD vs ZENITH DELIGHT SDN BHD & ORS - 2021 MarsdenLR 1051- Unlawful requests: Broad demands without suspicion (e.g., tax fishing expeditions) violate PDPA principles under Section 5(1). GENTING MALAYSIA BERHAD vs PESURUHJAYA PERLINDUNGAN DATA PERIBADI- Processing compliance: Data users must adhere to principles like purpose limitation, but legal proceedings override. Genting Malaysia Bhd vs Pesuruhjaya Perlindungan Data Peribadi & Ors
Courts apply a proportionality test: privacy vs. justice needs. Absolute immunity does not exist; exceptions ensure evidence flow.
To navigate this:- Argue relevance early: Secure court rulings on admissibility to preempt PDPA objections. NEWLAKE DEVELOPMENT SDN BHD vs ZENITH DELIGHT SDN BHD & ORS - 2021 MarsdenLR 1051- Prepare for production: Even personal data must yield if necessary; anonymize where possible.- Invoke exceptions proactively: Cite Section 45(2)(d) or Section 39(b)(ii) for regulatory needs.- Compliance check: Ensure requests are justified to avoid privacy challenges. GENTING MALAYSIA BERHAD vs PESURUHJAYA PERLINDUNGAN DATA PERIBADI- Seek judicial review wisely: Time limits are strict; emails may not qualify as 'decisions.' GENTING MALAYSIA BERHAD vs DIRECTOR GENERAL OF INLAND REVENUE (LHDN)
Legal practitioners should weigh PDPA against Evidence Act requirements, prioritizing transparency in pleadings. RANJAN PARAMALINGAM & ANOR vs PERSATUAN PENDUDUK TAMAN BANGSAR KUALA LUMPUR
In summary, while PDPA protects privacy, it bows to judicial imperatives. This framework ensures fairness without undermining data safeguards.
Disclaimer: This post provides general insights based on reported case law and is not legal advice. Consult a qualified Malaysian lawyer for case-specific guidance.
#PDPAMalaysia, #DataPrivacyLaw, #CourtDisclosure
in question are relevant and admissible (as is the case here), a party cannot use the PDPA as a shield to prevent the said documents from being produced at the trial under the guise of personal data protection. ... [52] So for instance, if the Court orders a party to give discovery or production of certain #....
[36] As support for the above findings, I refer to ss 4, 8 and 45 of the Personal Data Protection Act 2010 ("PDPA") as follows: Section 4 of PDPA: "personal data" any information in respect of commercial transactions, which: (a) is being processed ... This failed to comply with the relevant case law that required the party seeking such a protective order to comply with the strictest tests. [31] In support of their....
PDPA as a shield to prevent the said documents from being produced at trial under the guise of personal data protection. In this regard, the High court held at pp 97 to 99 that: '[43] Firstly, I do not think the a href="./.. ... or (c) in any other case, before the data user: (i) uses the personal data of the data#H....
or (c) in any other case, before the data user: (i) uses the personal data of the data subject for a purpose other than the purpose for which the personal data was collected; or PDPA ; PDPA in particular, including the personal data protection principles enumerated in s 5(1) of the PDPA which states: Personal Data P....
It deals with the following Personal Data Protection Principles in safeguarding Personal Data as set out in Section 5 PDPA which states: “Personal Data Protection Principles 5. (1) The processing of personal data by a data user shall be in compliance with the following ... the PDPA and that no law enforcement agency has the right to obtain #HL_....
Personal Data Protection Act ( PDPA , the plaintiffs' pleaded fact in para 24 of the ASOC is as follows: The Defendant in the course of its illegal business has acquired personal data of various people in contravention of the Personal Data Protection Act . ... data; (b) the retrieval, consultation or use of personal data; (c) the disclosure of person....
acquired personal data of various people in contravention of the Personal Data Protection Act. ... data law. ... or set of operations on the personal data, including: (a) the organisation, adaptation or alteration of personal data; (b) the retrieval, consultation or use of personal data; (c) the disclosure of personal #HL_STAR....
PDPA 2010 as s 81 of ITA 1967 authorized the DGIR to request such information. On 12 November 2019, the said letter was forwarded by the DGIR via e-mail to Genting. ... The DGIR then wrote to the Department of Personal Data Protection ("DPDP") for confirmation relating to the request for information. On 8 November 2019, the 2nd Respondent confirmed that such disclosure of information was allowable under s 39(b)(ii) of a href="./..
Personal Data Protection Act 2010 (" PDPA 2010") whereas the DGIR was of the view that such request was legally made under s 81 of Income Tax Act 1967 (" PDPA 2010. The DGIR then wrote to the Department of Personal Data Protection ("DPDP") for confirmation relating to the request for information. On 8 November 2019, the 2nd Respondent confirmed that such disclosure of information was allowable under s 39(b)(ii) of PDPA 2010 as s 8....
[12] With regard to the data breach, D2 mooted that the Personal Data Protection Act 2010 ("PDPA") is not applicable here. ... It cannot be exercised by a minute examination of the documents and facts of the case, in order to see whether the party has a cause of action or a defence (see Wenlock v. Moloney & Ors 9). ... the trial and cannot be used to establish an admission or partial admission. .....
3. The collection, use or disclosure (as the case may be) of personal data about an individual is necessary for any investigation or proceedings.' (iii) Moreover, copyrighted works are entitled to automatic protection in all WTO countries under the Berne Convention for the Protection of Literary and Artistic Works, 1886 read with the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS), 1995. Thus, the disclosure of personal data for the purpose of any proceedings, which would obviously include proceedings related to infringement of copyright would be a recogn....
Specifically, the Court reasoned that, “the activities relating to the advertising space constitute the means of rendering the search engine at issue economically profitable and engine is, at the same time, the means enabling those activities to be performed.”(paragraph 56). The Court in paragraphs 53 and 54 noted that, the EU’s Data Protection Directive 95/46 “sought to prevent individuals from being deprived of the protection guaranteed by the directive and that protection from being circumvented, by prescribing a particularly broad territorial scope.” This case recognize....
Similarly, in the context of the European Union, opinions of ‘the Article 255 Panel’ The United Kingdom’s Data Protection Act, 2018 grants class exemption to all personal data processed for the purpose of assessing a person’s suitability for judicial office, from certain rights including the right of the data subject to be informed, guaranteed under the European Union General Data Protection Regulation being given effect to by the Data Protection Act.
Abusing official position as a public servant, and thereby making unlawful gain or pecuniary advantage for the public servant or for somebody else, is an act of criminal misconduct punishable under the PC Act. Such a protection or immunity cannot be used as a shield when a prosecution is initiated under the PC Act or any other law. In C.C. No. 16/2008 of the Special Court, what is alleged by the VACB is that by abusing their official position as public servants, the accused committed criminal misappropriation amounting to breach of trust, and thereby, made unlawful financia....
It also incorporates a provision for Grievance Redressal. For security of data and protection of breach, the Draft Bill has separate provisions which require use of methods such as de-identification and encryption and other steps necessary to protect the integrity of personal data and to prevent misuse, unauthorised access to, modification, disclosure or destruction of personal data. The data fiduciary is required to immediately notify the Authority of any personal data breach relating to any personal data processed by the data fiduciary where such breach is likely to cause....
An indispensable Tool for Legal Professionals, Endorsed by Various High Court and Judicial Officers
Please visit our Training & Support
Center or Contact Us for assistance
Scan Me!
India’s Legal research and Law Firm App, Download now!
For Daily Legal Updates, Join us on :
Back to top
