Genting Malaysia Case Review 2022 PDF
Document Details
Uploaded by FunTigerEye
Tags
Summary
This case review discusses the Genting Malaysia case involving a judicial review concerning the Inland Revenue Department's request for customer data. The court found that the actions of the Personal Data Protection officials were invalid and ultra vires as they failed to comply with Malaysian data protection laws. The case highlights the importance of data protection laws and procedural safeguards in managing such requests.
Full Transcript
3.3 Case Review on Genting Malaysia Bhd v Pesuruhjaya Perlindungan Data Peribadi & Ors1 Facts of the case The Inland Revenue Department (R3) acting under section 81 of the Income Tax Act 1967, requested Genting to provide them with the personal data of all of its customers. The purpose of gatherin...
3.3 Case Review on Genting Malaysia Bhd v Pesuruhjaya Perlindungan Data Peribadi & Ors1 Facts of the case The Inland Revenue Department (R3) acting under section 81 of the Income Tax Act 1967, requested Genting to provide them with the personal data of all of its customers. The purpose of gathering data was to expand the tax base, increase tax collections and reduce tax evasion. However, Genting refused to comply in fear of breach of data pursuant to Personal Data Protection Act 2010. R3 then gained letter of declaration from the Commissioner and Deputy Commissioner of Personal Data Protection (R1 & R2) to reassure Genting that the disclosure of its customers’ personal data is legal as per section 81 of Income Tax Act, read together with section 39(b)(ii) of Personal Data Protection Act. However, Genting maintained that such data disclosure is an infringement of Article 5(1) of the Federal Constitution which includes protection of privacy rights. Therefore, Genting filed a judicial review to quash the declaration made by the respondents. The court affirmed that the actions by the respondents were invalid and ultra vires. Application of Ultra Vires in this case Although section 81 of ITA empowers R3 to request necessary information, such power is limited by Section 39 and 45 of PDPA which imposed specific exemptions for data disclosure, such as obtaining consent from the data subject or by court order. R3 failed to provide justifications within the special exemptions to support the data request, which the court characterised as a “fishing expedition”. Therefore, the court considered the violation of procedural safeguards as a misuse of statutory power, and accordingly, ultra vires. Moreover, the enforcement of PDPA is within the scope of R1 and R2. In this situation, they were expected to ensure the request made by R3 in compliance with PDPA. Instead, they acted contrary to their statutory duty as they improperly endorsed the request without verifying its 1 11 MLJ 898 compliance with PDPA, prescribing Genting to disclose data to them which could possibly cause an infringement of privacy rights. Thus, the endorsement done by R1 and R2 was held ultra vires for not upholding their statutory obligations.
