MALAYSIA Law and Practice Contributed by: Janet Toh, Irene Yong, Krystle Lui and Boo Cheng Xuan, Shearn Delamore & Co.
limited security features and constant connec - tivity. In this regard, compliance and governance within an organisation shall focus on the security requirements pursuant to the PDPA, and if used by an NCII Entity, the requirements under the CSA. An organisation’s internal governance shall address the use of IoT and the safeguards to be adopted. It is also crucial that the use by an organisation of IoT devices which qualify as communications equipment have been properly certified and bear the relevant certification mark or label as the Technical Standards Regulations makes it an offence for a person to, among others, use or sell any communications equipment which is con - trary to the standards, not certified as required, or does not bear a certification mark or label. Such requirements shall be incorporated into an organisation’s internal policies. 4.3 Data Sharing In terms of data sharing for IoT, the relevant legal considerations are similar to those outlined in 1. Digital Economy and 2. Cloud and Edge Com- puting , although the assessment shall also focus on the pertinent aspects of IoT, eg, the reliance on decentralised edge data processing and what the legal requirements such as the PDPA may mean in such circumstances, including whether such processing is necessary and not excessive. Given the prevalent use of IoT in the medical and healthcare sector, such use shall also be assessed based on the applicable require - ments relating to medical and healthcare data and records. For instance, the PDPA considers information as to the physical or mental health or condition of a data subject to be sensitive personal data, the processing of which gener - ally requires the explicit consent (as opposed to mere consent) of the data subject. Therefore, the
use of IoT in the medical and healthcare sector may, for instance, require the explicit consent of the patients for the processing of their medi - cal and healthcare data for the purposes to be achieved by the use of medical IoT devices. Whether the use of IoT within the medical and healthcare sector is compatible with the medical record keeping and retention requirements, such as those under the Private Healthcare Facilities and Services (Private Hospitals and Other Pri - vate Healthcare Facilities) Regulations 2006, shall also be considered. 5. Audiovisual Media Services 5.1 Requirements and Authorisation Procedures Licensing The provision of audiovisual media services is generally subject to the regulatory framework under the CMA. Generally, a network service provider licence or a CASP licence may be required, depending on the services involved: • the provision of broadcasting distribution services requires a network service provider individual licence; and • the provision of satellite broadcasting, sub - scription broadcasting, terrestrial free to air TV and terrestrial radio broadcasting requires a CASP individual licence. Other audiovisual media services may also be subject to the CMA licensing requirements (eg, a content applications service of limited appeal or which is targeted to a special interest group and available through subscription by persons using equipment specifically designed for receiving the said service, which requires a CASP class licence), although the provision of internet con -
229 CHAMBERS.COM
Powered by FlippingBook