.jpg)
KUALA LUMPUR - AirAsia Group Bhd’s (AAGB) proposal to loan its “digital assets” to a US company has pushed several legal experts to call for greater transparency, despite assurances from a government agency that the discount carrier’s move is not illegal.
AAGB chief executive officer Tan Sri Tony Fernandes said on October 9 an American company was willing to lend the carrier US$1 billion (RM4.15 billion) for its digital assets but he stopped short on naming the potential buyer.
While details are scant, AAGB’s attempts to transfer its digital assets might trigger certain clauses in the Personal Data Protection Act (PDPA) 2010, said Alliff Benjamin Suhaimi, a partner with Thomas Phillip Advocates and Solicitors.
Aliff said under Section 4 of the PDPA, AAGB would be a data user as the group was the one receiving, using and processing customers’ data while Section 6 states that a data user such as AAGB could not process personal data for the transfer to a third party.
“This includes transferring the data to another party, unless the customer has given his consent for such use,” he told The Vibes.
But there are some exceptions in the same section for data processing, Alliff added.
“This includes those such as compliance with legal obligations, other than an obligation imposed by a contract, for the performance of the contract which the customer is a party of, or for a lawful purpose for or directly related to an activity of the data user, or the processing of the data is necessary for or directly related to that purpose,” he said.
The Department of Personal Data Protection (PDPD) defended AAGB, following a briefing by the airline.
“The department has been informed that there will be no leakages in the sale of personal data and is satisfied with the explanation given by Air Asia regarding the issue.
“In relation to this, the department was to assert once again that the sale of personal information is an offence under section 130 of the Personal Data Protection Act 2010 (Act 709), “ the department said in an October 14 media statement.
But, Alliff said, it was difficult to ascertain anything out of the department’s announcement unless it revealed the exact scope of digital assets or data being sold.
“So it may be best for the PDPD to disclose its investigation or report to put everyone at rest. It is not transparent at the time being,” he added.
Mohd Ridhuan Md Kamal, a lawyer from a boutique firm, highlighted that the company’s website, airasia.com, has been delivering close to 15 types of services that collect personal data from customers and users in the course of its business.
Assuming that AirAsia will be providing this American lender any access to customer data, Mohd Ridhuan said these concerns would have to be addressed by a Data Protection Officer appointed by Air Asia who deals with the PDPD.
"The first (concern) is of course how much data and how the data will be handled.
“Secondly whether the sharing of the data is covered by the consent which has previously been obtained by AirAsia from its customers,” he told The Vibes.
Mohd Ridhuan said that it is important to note that under the PDPA, AirAsia would have had to obtain consent from its customers to collect certain data as it interacts with them, and also in the process would usually ask for permission to share this data.
“The usual ‘you consent for AirAsia to share this information with its group members and etc’, those usually get overlooked but they may contain permissions which are wide in scope,” he said.
The Vibes reached out to AAGB to find out more on the data-transfer deal, but the group declined to comment.
"There is nothing to announce at this time. Any relevant announcements will, as always, be made in due course," Vanessa Regan, AirAsia head of Group Communications, said in response to the query. - The Vibes, October 14, 2020
.jpg)
