Home/Insights/Data Sharing Act 2025: A new era of responsible data use | RÖDL
Published on 14. May 2025
Reading time approx. 1 Minute

Data Sharing Act 2025: A new era of responsible data use | RÖDL

The Data Sharing Act 2025 (“the Act”) represents a pivotal step in regulating personal and institutional data in Malaysia, striking a balance between the growing demand for data-driven innovation and the protection of individual privacy rights. Together with the establishment of the National AI Office, the Act further accelerates Malaysia’s ambition to become a leading AI-driven nation.

Key Objectives

The Act is designed to:

  • Enable secure and efficient data sharing between public sector agencies such as the armed forces, the judicial and legal services, the general public services of the Federation, and others.
  • Establish clear legal boundaries for the collection, use, and transfer of personal data.

Notable Provisions

1. Establishment of National Data Sharing Committee

A new regulatory authority – the National Data Sharing Committee – has been established to, amongst others, regulate and oversee the implementation of the Act.

2. Request and Approval

A public sector agency is required to request data from another public sector agency that has control over the requested data by providing the necessary information of the data required and purpose of such request. 

The public sector agency to whom a request is made to shall evaluate and respond within 14 days from receipt of such request. However, it is to be noted that open data made freely available by any public sector agency can be accessed and shared without the need for a formal request.

3. Grounds for Refusal 

The Act provides a list of grounds for refusal of data sharing, amongst others, sharing of data can be refused if the disclosure could reveal the identity of confidential informants or protected witnesses, or such sharing of data would breach legal privilege, contracts, confidentiality obligations, or court orders.

4. Enforcement and Penalty 

Any officer or servant of a data recipient is not allowed to disclose the shared data other than for the purpose of this Act or any civil or criminal proceedings under any written law. Any violation would result in a fine up to RM1 million, a prison sentence of up to five years, or both.

Implications

Additionally, individuals may experience faster and more personalized public services, while companies could face increased administrative tasks to ensure compliance and potential penalties for non-compliance.

Related Posts

15.01.2026

Pre-contractual disclosure and franchise agreements in Spanish law

Spanish franchise legislation provides specific rules for pre-contractual disclosure, with the aim of ensuring transparency and protecting franchisees' rights.
15.01.2026

RÖDL strengthens leadership and advisory: Christian Landgraf expands service line “Advisory & IT”

Nuremberg, 15 January 2026: RÖDL is bundling its advisory and IT services in the new service line “Advisory & IT,”...
15.01.2026

The Chinese Value-Added Tax Law officially takes effect

The Value-Added Tax Law of the People's Republic of China (“VAT Law”) was promulgated on 25 December 2024. Its crucial...
13.01.2026

RÖDL builds its own AI infrastructure and embraces new platform technology worldwide

Nuremberg, 13 January 2026: The international professional services firm RÖDL is taking a decisive step in its digital transformation. Together...