MP SPEAKS | Explain the sale of the MySejahtera application to a private company


MP SPEAKS | The March 24 Public Accounts Committee (PAC) hearing raised questions about the sale of the MySejahtera Covid-19 tracking app to a private sector company.

The government’s decision to relinquish control of the MySejahtera app was taken by the cabinet at a meeting on November 26 last year.

Cabinet approval has been given to the Ministry of Health to appoint MySJ Sdn Bhd through direct negotiation to take over the MySejahtera app.

However, in December 2021, the PAC recommended that the government take over the operation of MySejahtera without incurring additional costs as it is now an integral part of the national healthcare system.

Department of Health officials who testified before the PAC claimed that MySJ was unrelated to KPISoft, the company that built MySejahtera as part of a CSR initiative. KPISoft has since changed its name to Entomo. The claim that there is no relationship between KPISoft/Entomo and MySJ needs to be investigated.

Political, commercial relations

The administrators of MySJ include two founders of KPISoft. The directors of MySJ also include people with political and business ties to the ruling coalition government parties, including Shahril Shamsuddin, who was the CEO of Sapura Energy until March 2021 and Megat Najmuddin Megat Khas, who was head of Umno division and later a senior member of Bersatu.

Additionally, 81.4% of MySJ is owned by another company, Revolusi Asia Sdn Bhd, of which 88% is owned by the founders of KPISoft.

In other words, 71.2% of MySJ is owned by two KPISoft co-founders, who built MySejahtera. To say that there is no link between KPISoft/Entomo and MySJ is not correct.

Through an open bidding process, these facts would be reviewed by the government and the public. In the case of direct negotiation, this agreement resembles a scheme of rewarding companies and individuals who have political and commercial ties with the government in power.

The fact that MySJ includes directors whose expertise in operating a software/IT business is unclear raises further concerns about the logic of this direct attribution to MySJ.

Data privacy

Additionally, the sale of MySejahtera to a private company raises serious data privacy concerns and the potential misuse of the private health-related data of millions of Malaysians.

MySejahtera has registered, according to data published by the Ministry of Health on GitHub, more than 11 billion registrations since December 2020. These registration data contain intimate details of personal preferences, consumption habits and social networks people.

We assume that MySejahtera databases also include private personal health data on an individual’s reported health symptoms and positive diagnosis of Covid-19.

The PAC has been informed that all MySejahtera data and its confidentiality are under the control of the Ministry of Health.

On November 19, 2020, the Ministry of Health stated that “data collected through the MySejahtera app is fully owned by the Ministry of Health and overseen by the National Cybersecurity Agency (Nacsa) and the National Security Council ( NSC)”.

On December 20, 2020, CEO of CyberSecurity Malaysia stated that MySejahtera data is safe. “This data is only used for Covid-19 monitoring and is not shared with any third parties as it is subject to secrecy.”

The MySejahtera website includes a privacy policy which states: “No personal data collected by this application will be disclosed to any third party or transferred to any location outside of Malaysia for commercial purposes”.

The MySejahtera website also states, “MySejahtera is owned and operated by the government. It is administered by the Ministry of Health and assisted by NSC and Mampu. The government assures that your personal information will only be used for the purpose of managing and mitigating the Covid-19 outbreak. It will not be shared with any other party.

Additionally, the MySejahtera GitHub page states, “Per MySejahtera’s Privacy Policy, individual-level registration data is purged after 90 days. These summary statistics are stored only as aggregated totals; MySejahtera does not store the underlying data. Therefore, data revisions are not possible for dates older than 90 days, even if an inconsistency is spotted.

Clarification needed

Therefore, the following issues need to be clarified by the firm:

  • Do the terms of this contract comply with past assurances given by the Ministry of Health regarding the appropriate use of Malaysians’ private health data, MySejahtera’s data privacy policy and the data privacy laws of the country ?

  • What are MySJ’s obligations to ensure that data that Malaysians have shared through MySejahtera based on a public mandate will not be used for marketing, product development, surveillance or discriminatory purposes?

    ANWAR IBRAHIM is MP for Port Dickson and Leader of the Opposition.

    The opinions expressed here are those of the author/contributor and do not necessarily represent the views of Malaysiakini.

Source link


Comments are closed.