The Problem with Malaysia’s PADU Initiative

By Edika Amin

The Problem with Malaysia’s PADU Initiative  

At the time of writing, PADU also known as the Government’s Central Database System’s registrations has reached 1.63 million people, including those of children under 18 who have completed the registration process. There was a recent influx in registration numbers following the announcement that targeted subsidies maybe rolled out as early as the second quarter of 2024. 

What is PADU? 

Spearheaded by the Ministry of Economy, the government’s Central Database Hub (PADU) initiative is envisioned to help implement targeted subsidies in Malaysia. PADU is poised to bring about a groundbreaking transformation in government services and policy development by providing a comprehensive socio-economic overview of every household in the country. 

There is no denying that PADU is a commendable initiative and one that can quickly ease Malaysia’s fiscal space as the country currently spends up to RM80 billion inclusive of subsidies and cash transfers- according to the Ministry of Finance. Of this RM80 billion, 60% of these costs are towards untargeted subsidies (such as petrol).  Aside from helping with the formulation of targeted subsidies, PADU will also help with: 

  • Improving date sharing within the Government: The Padu hub will cover 270 databases from ministries, federal government agencies, state governments and statutory bodies through existing data-sharing agreements. 
  • Identify and eliminate overlapping programmes and implementation costs: According to the Budget 2024 Economic Outlook: there is a large fragmentation in social assistance programmes (including cash transfers) involving 167 schemes that are currently being implemented by 17 ministries and agencies. This fragmentation has led to overlapping programmes causing both inclusion and exclusion errors as well as high implementation costs as different agencies and ministries are administering their own programmes in silo.  
  • Digital Transformation Efforts: This shows a renewed commitment by the Government to nurture a digitally progressive society where data-driven knowledge becomes the foundation for sustainable progress and advancement. 

Currently, the Government’s goal is to get citizens to self-report on the PADU website by end of March 2024. This data will then be integrated with existing datasets in the Government before new social assistance and targeted subsidy programmes are rolled out.  

Recognizing the Issue at Hand 

Despite PADU’s promising potential benefits such as more effective allocation of subsidies, informed policy-making and enhanced public services, the initiative sparks a few concerns that should have been detailed out before rolling out to the public. Among them include: 

  • Data Integration Efforts: Collecting data is one task. Integrating data is another challenge on its own. Although PADU has successfully collected data between Ministries and Agencies, integrating this data is a great ask which will require time and effort. This is due to the fact that different Ministries and Agencies all have different parameters in their data collection framework. Without proper data integration, there is not much that we can get from these datasets. Furthermore, most of the questions posed to citizens in the PADU website can already be answered using existing datasets such as e-Kasih data owned by the Implementation Coordination Unit under the Prime Minister’s Office and Sumbangan Tunai Rahmah (STR) data under the Malaysia Tax Return Agency (LHDN). In addition to this, requiring citizens to fill in this data on their own may result to moral hazards where they may under declare their income to ensure they fall in the ambit of targeted subsidies.   
  • Privacy, data security Concerns: The Malaysian Government is currently exempt from the Personal Data Protection Act (PDPA). Instead, the Government guarantees that citizen data will be safe under existing frameworks such as Official Secrets Act (OSA), using current Data Classification requirements as well as an upcoming Omnibus Bill which will be passed in 2024 to allow sharing of data between all government agencies via Padu. There are a few concerns with this plan: 
  • Government is working with archaic laws: Malaysia’s Government is still updating their data classification framework. Currently for digitized data, the public sector references the Chief Government Security Office CGSO Information Security Guidelines for the Use Of Cloud Computing In the Public Sector (benchmarked off the Official Secrets Act). The Official Secrets Act itself is an old act which no longer accounts for the digital world having been created in 1972.  
  • What about StatutoryBbodies and Government agencies: While the rule for governing data is clear for Ministries – Government Agencies and Statutory Bodies typically have their own Act to comply with particularly when it comes to the sharing of data. To ease data sharing requirements, this may involve a change in their respective Acts which may take more time as they will need to be passed in parliament.   
  • Where will the data be stored: The Government must be clear on where all the sensitive data of citizens will be stored. Without a clear data classification framework, we would think this data will need to reside locally in a government data center. The issue here is that MAMPU’s MyGovCloud@PDSA (the Government’s data center) can only accommodate roughly 25% of the public sector needs in cloud. Therefore, MAMPU requires the assistance of public cloud to complement MyGovCloud@PDSA. How can public clouds help if there is no data clear data classification framework?  

What needs to be done: 

Good policy must not be rushed. If Malaysia continues to roll out a half-baked targeted subsidy and social assistance programme, the ramifications of this on lower income households can be detrimental especially as Malaysia continue to recover from the effects of the COVID-19 pandemic. Further, if not implemented correctly, this can cause further political cracks in the Government that has already been rocked recently with the so called “Dubai Move” aimed to topple the current Unity Government. 

Before proceeding further, Malaysia should consider the following: 

  1. A Phased Approach in Targeted Subsidy: Subsidy should be gradually reduced so as to not create an income shock for households and the economy. The Government can perhaps look at diesel subsidies first which are usually enjoyed by large corporations and takes up close to RM2 billion of Malaysia’s fiscal space. The rationalization is subsidies should also be done in tandem with an enhanced cash transfer programme to ensure households, particularly those in the M40 income group, will be able to cope with costs should their subsidies be reduced by the Government.  
  2. Capturing the Government in the PDPA: At this juncture, to ensure all legal responsibility with regard to data is properly adhered to, Malaysia should take cue from EU’s General Data Protection Regulation (GDPR) and allow the Government to fall under the upcoming changes to the PDPA which will be tabled this year. The governing of data in Malaysia will be further enhanced with upcoming guidelines that they will accompany the PDPA revisions. This would provide better safeguards rather than an ad hoc Omnibus Bill. 
  3. Take Time to Integrate the Data: Malaysia is sitting on a large reserve of data that has been collected over the years by different Ministries and Agencies. Integrating this data should be a priority to paint a clearer picture on the state of Malaysian households. Only once this data is integrated should the Government reach out to citizens to fill out the missing pieces for their analysis and assessment.  
Posted in

Related Articles

Indonesia’s Jeopardized Digital Freedoms – A Case Study in Spyware

By Grey Pilarczyk Indonesia has long had a mixed human rights record, particularly regarding the online activity of Indonesians. In recent years, political activists and independent media outlets in the country have faced a barrage of digital threats and cyber-attacks. On May 1st, Amnesty International released a stunning report detailing Indonesia’s use of highly invasive […]

Unpacking the EU AI Act: An ASEAN Perspective

By Nigel Hee The European Union (EU) recently unveiled the Artificial Intelligence Act, a novel piece of legislation that aims to regulate the development, deployment and use of artificial intelligence (AI) systems within the EU. The Act is predicated on a risk-based approach, classifying AI systems into different risk categories and imposing corresponding obligations and […]

Digital Sovereignty in ASEAN

By Mackenzie Gunther With large tech companies owning significant amounts of data, geopolitical tensions, the risk of critical data leaks, and the rising importance of self-reliance in the eyes of world leaders, the concept of who controls data is becoming a high priority.   The global context over the past decade has set the scene for […]