Alor Setar MP Afnan Hamimi Taib Azamudden said that while a strong cybercrime law is necessary to address crimes such as online scams and identity theft, it should not unfairly affect innocent Malaysians.
KUALA LUMPUR: The Cybercrimes Bill 2026 must explain how investigating officers will handle seized personal data to foster public trust in the legislation, an opposition MP said today.
Afnan Hamimi Taib Azamudden (PN-Alor Setar) said personal data was more valuable than money, as it includes not just phone numbers and family details but also health records, bank account details, and company documents.
“If enforcement authorities obtain this data for investigation purposes, clarification is needed on who can access it, how long it will be stored, and when it will be deleted.
“If these matters are clarified in the bill, I am confident the public will have greater confidence in it,” he said while debating the bill in the Dewan Rakyat.
The PAS MP said the powers granted to investigating officers, such as to obtain computer data, access computer systems, and collect traffic data under certain conditions without a warrant, should be accompanied by strong checks and balances.
Investigative errors
Afnan also said that while a strong cybercrime law was necessary to address crimes such as online scams and identity theft, it should not unfairly affect innocent Malaysians.
He asked what protections were in place for members of the public in the event of an investigative error.
“For example, a university student may use his university’s WiFi. If someone else uses the same WiFi account to commit cybercrime, the student’s computer may need to be investigated.
“What are the student’s rights? How long will the computer be kept? What if all their university assignments are on that computer? All this needs to be clarified, because the law needs to clarify not only the powers of officials but also the rights of the people,” he said.
The bill, tabled for its second reading today, seeks to replace the Computer Crimes Act 1997 with broader legislation covering online crime, digital fraud, identity theft, manipulated content, and the misuse of digital identification.
Among other provisions, the bill also seeks to empower authorities to obtain both internet traffic data and the contents of communications from service providers during investigations.
Several quarters, including the Malaysian Media Council, had expressed concerns about the bill’s broad powers, noting that a clause “allows law enforcement to infringe” on privacy and obtain private and privileged communications without judicial review or authorisation.
The council said legislation intended to protect Malaysians from cybercrime must incorporate safeguards to preserve constitutional liberties and ensure that legitimate journalism and other privileged communications are not inadvertently undermined.


