Yes, scraping public data in Malaysia is generally permissible, but strict compliance with local laws is mandatory. Publicly accessible information does not automatically grant unrestricted use, as data protection and computer crime statutes impose critical limitations. The Personal Data Protection Act 2010 (PDPA) and the Computer Crimes Act 1997 regulate automated data collection, particularly when involving personal or sensitive information. The Malaysian Communications and Multimedia Commission (MCMC) monitors compliance, with enforcement actions escalating under the 2026 Digital Economy Blueprint’s stricter cybersecurity directives.
Key Regulations for Scraping Public Data in Malaysia
- Personal Data Protection Act 2010 (PDPA): Prohibits scraping personal data without explicit consent or a lawful basis. Violations may result in fines up to RM500,000 or imprisonment under Section 130. Exemptions apply only for government data processing or journalistic purposes.
- Computer Crimes Act 1997: Criminalizes unauthorized access or interference with computer systems, including aggressive scraping that overloads servers or bypasses technical barriers. Penalties include RM150,000 fines and 10-year imprisonment under Section 4.
- MCMC Guidelines (2024): Require data scrapers to register with the MCMC if processing over 50,000 records annually. Automated bots must adhere to rate limits (e.g., 10 requests/second) and disclose data sources transparently to avoid enforcement under the 2026 Cybersecurity Act amendments.
Scraping public data without violating PDPA or cybercrime statutes demands meticulous filtering to exclude personal identifiers and adherence to MCMC’s evolving technical standards. Non-compliance risks severe penalties, including asset seizure under the 2026 National Cybersecurity Policy.