By Toby McIntosh
Despite not having an access to information law, Malaysia received a generous grade in a recent World Bank “Open Data Readiness” report.
Malaysia received a “yellow” rating for its “legal and policy framework” even though a “red” score appears to be called for by the scoring guidelines for countries without an ATI law.
The report does not recommend adoption of an ATI law, noting that officials are opposed to the idea, but hints that one is needed.
The evaluation is prepared on the basis of the Bank’s “Readiness Assessment Tool.” The report is done jointly by Bank and government officials. The goal is to determine whether a country is ready for an open data initiative and to guide its efforts, though there is no direct connection to Bank funding. The User Guide stresses, “This is a diagnostic and planning tool, it is not a measurement tool.” (See a 2016 Freedominfo.org review of the reports and their relationship to ATI.) More than 40 such analyses have been conducted, but less than half have been released publicly because governments can veto their disclosure.
Freedominfo.org sought comment on the scoring, learning from a Bank official in Washington that the scores are done by the authors and not centrally reviewed. The authors have not replied.
Mixed Readiness Picture
“The overall conclusion from Malaysia’s open data readiness assessment is a mixed picture,” the report says. It identified factors indicating “an excellent foundation for realizing the socio-economic potential of open data.”
The report summary, however, says the policy/legal framework and government data management policies/procedures “are significant barriers to achieving the vision” in the “Eleventh Malaysia Plan” (2016- 2020). That plan “clearly articulates the country’s intention to use data-driven governance to improve citizen- centered service delivery, increase responsiveness, and strengthen accountability through greater transparency.”
The report makes oblique recommendations without specifically calling for adoption of an ATI law.
It says that achieving Malaysia’s goals on open data “may also require a high level of national leadership to achieve consensus across government agencies on the scope of legislative, regulatory, and/or policy changes that need to be made to turn open data into a practical reality and regular occurrence for data users large and small.”
Malaysia Receives Yellow Score
The lack of an ATI law did not earn Malaysia a red score, notwithstanding the scoring guidelines for the assessment tool.
Having an ATI law plays just a small part in the evaluation, the first of seven elements in the “policy and legal framework.” However, the importance of the legal framework is “very high,” according to the report, announced in a press release May 25.
The legal framework is one of eight broad areas, including senior leadership, government data management practices and societal demand for open data. All are scored red, yellow, green or gray. Malaysia got five yellows and three greens. (See articles in The Malay Mail and OpenGovAsia.)
The scoring guidance for the tool says:
A red rating is merited when there is no ATI law or privacy protection mechanisms, no data anonymization or aggregation techniques are used to protect privacy, and where sale of data is common, with typical findings such as the active application of an official secrets law to prevent in a systematic manner the release of data.
Not only is there no federal law (two states have laws), but also government officials have indicated that no FOI law is likely to be adopted, says the report.
Nevertheless, Malaysia received a yellow rating on the policy and legal framework. The scoring guidance says:
A yellow rating can be based on a combination of factors such as the existence of an ATI law and privacy protection mechanisms, even if their implementation has a mixed record, where a few agencies sell data at no more than the cost of distribution, or where no regulations actively prevent agencies to provide data on request, even if it does not regularly happen.
Criticisms on Access to Information
The report criticizes Malaysia in several ways regarding access to information, particularly concerning the use of the Official Secrets Act to prevent disclosures.
Just below the rating is the justification, which says in part:
There is no single legal framework, such as an ATI law, that determines whether data shall be released/ opened or not to the public and agencies decide themselves on whether to release data or not based on their specific regulatory context. The Official Secrets Act (OSA) is not being used to actively prevent the release of information in general. The Personal Data Protection Act applies to the private sector only. Information security is part of the implemented national public sector ICT strategy, and agencies that are part of the critical national information infrastructure have been certified against international information security standards and norms. Otherwise, all agencies have specific regulations that apply to them concerning publishing and protecting information. This also means that decisions concerning information release, and aspects of confidentiality or (personal) data protection, are largely devolved to the agencies themselves.
Despite the above-mentioned national context, generally, agencies in practice do proactively publish information and do entertain requests for information and data from the public and third parties. However, these decisions are made on a case-by-case basis at a high level within the government agency structure. Agencies take a cautious approach, and express an awareness of the importance of data security and privacy issues. Data-sharing requests between government agencies are likewise decided on a case-by-case basis at a high level, and meet with similar high levels of caution. Fees, established through regulation, often apply, and are mostly seen as not very relevant to the agency as revenues collected from them generally flow to the central government.
No ATI Law Likely
The report is frank that no legal changes are on the horizon.
Evidence 2.2 says, among other things:
In 2015 a Minister in the Prime Minister’s Department stated that an ATI law is unlikely to be forthcoming in the near future, in part because of the additional burden of work this would be expected to create during a time when staffing constraints exist. There are also currently no plans to make changes to the Official Secret Act.
A three-judge panel recently rejected a parliamentarian’s request for information based on the Constitution, according to an article in Free Malaysia Today. The court decision noted the lack of a national FOI law.
No ATI Recommendation
The recommendations section says nothing about adopting an access law.
On the legal area, it summarizes:
While data availability is high, access to data is challenging and remains an area of concern among data users in Malaysia. The legal framework is fragmented, and poses an obstacle to more open data as well as to sustained publication. Minor fees charged for data requests are inefficient and act as a further barrier.
Later the report mentions cutting fees for data use and some other administrative reforms, but nothing on ATI.
The report discusses ways to smooth inter-agency data sharing, saying there is a “high demand; however, current approaches are seen as inefficient to attend this demand, and not much integration takes place yet in practice.”
The report continues:
Clarifying and simplifying legal and regulatory frameworks, and automating data provision where repeated requests are made, will create significant cost savings and will help address the latent demand which is currently unattended. For non-personal and non-sensitive data, open data would be the most effective and cheapest way to create inter-agency interfaces, and will also help provide a strong push towards making agencies more data-driven – which is another stated national policy goal to be achieved.
Many data-owning agencies still charge for data and in most cases, except where marginal costs are incurred, revenues collected from fees on data provision are reported as being relatively immaterial. Given that such fees flow to central government, this practice is a likely obstacle for tapping into external latent demand. Malaysia could consider mapping those revenues in detail, and comparing them with external evidence concerning their economic viability.
No ATI Action Item
Passage of an ATI law is not identified as an “action” item. About as close as the report comes is in Action 2.1.
Clarifying the legal framework for key data areas, providing guidance on appropriate data release, and especially reducing the need for case-by-case decision-making on data release will increase government efficiency and create better visibility for interested data users. As most data-owning agencies have their own regulatory context, this should be done at first on an agency-by-agency basis (prioritized by willingness of agencies and visible demand for specific datasets they hold), with lessons learned informing a general approach in the long term.
The other 18 action items include such things as cutting fees, creating an inventory of datasets and releasing high-value data sets.
Filed under: IFTI Watch