Case:

Brief Facts:

• The First Plaintiff, Mr Ranjan Paramalingam (“Mr Ranjan”), is a registered proprietor of a house in Bangsar Park, whereas the Defendant is a Residents Association that manages the Guarded Neighbourhood (GN) scheme and represents the residents of Bangsar Park (herein after referred to as “the Residents Association”).
  
  
• On or about 2.1.2017, the Resident Association had set up the GN scheme, which comprises of security posts, automatic gates and manual barriers in the neighbourhood which was implemented to improve public safety and security for all residents.
  
  
• There is a checkpoint complete with a shed on the footway and the boom gate across the main street to the neighbourhood, which is well-guarded by security guards and also equipped with the CCTV.
  
  
• The GN scheme was approved by the local authority.
  
  
• Mr Ranjan complained that by having a checkpoint with security guards stopping and asking for personal information, the Residents Association, through the security guards, has acquired the personal data of various people and is in contravention of the Personal Data Protection Act 2010 (“PDPA”).
  
  
• Hence, disagreeing with the implementation of the GN scheme, Mr Ranjan filed a suit against the Residents Association, claiming among others that the GN scheme is in breach of the laws on personal data.

THE DECISION OF HIGH COURT

• The purpose of the Residents Association’s requirement of getting the personal information prior to entering the GN area was necessary for the purpose of preventing or detecting a crime, which is for safety and security reasons.
  
  
• In the absence of evidence to show that the data collected was meant to be misused by the Residents Association, the High Court found that there was no breach on the part of the Residents Association.

THE DECISION OF COURT OF APPEAL

• The Court of Appeal agreed with the High Court and dismissed Mr Ranjan’s appeal.
  
  
• It is crystal clear that the legislature’s intention in enacting the PDPA is to regulate the processing of personal data with respect to only commercial transactions.
  
  
• Hence, for Mr Ranjan to succeed in his claim, he would have to prove that the Residents Association processes, has control over or authorises the processing of any personal data in respect of commercial transactions.
  
  
• The security guards only take or record personal information for the purpose of keeping records for safety reasons only.
  
  
• There is no evidence to show that the security guards, while taking or recording personal information of persons who are non-members or visitors of the neighbourhood, had done any of the acts that fall within the definition of ‘processing’ as provided under the PDPA.
  
  
• Further, Mr Ranjan’s claim is also unsustainable in law because the proper and correct procedure is to lodge a report or a complaint in writing to the Personal Data Protection Commissioner in accordance with the PDPA.
  
  
• Thus, the non-compliance with the PDPA cannot and should not be a cause of action in a civil suit.