Malaysia legislation
Section 42
Section 42
(a)
cease the processing of or processing for a specified purpose or in a specified manner; or
(b)
not begin the processing of or processing for a specified purpose or in a specified manner, any personal data in respect of which he is the data subject if, based on reasons to be stated by him—
(A)
the processing of that personal data or the processing of personal data for that purpose or in that manner is causing or is likely to cause substantial damage or substantial distress to him or to another person; and
(B)
the damage or distress is or would be unwarranted.
(2)
Subsection (1) shall not apply where—
(a)
the data subject has given his consent;
(b)
the processing of personal data is necessary—
(i)
for the performance of a contract to which the data subject is a party;
(ii)
for the taking of steps at the request of the data subject with a view to entering a contract;
Personal Data Protection 45
(iii)
for compliance with any legal obligation to which the data user is the subject, other than an obligation imposed by contract; or
(iv)
in order to protect the vital interests of the data subject; or
(c)
in such other cases as may be prescribed by the Minister by order published in the Gazette.
(3)
The data user shall, within twenty-one days from the date of receipt of the data subject notice under subsection (1), give the data subject a written notice—
(a)
stating that he has complied or intends to comply with the data subject notice; or
(b)
stating his reasons for regarding the data subject notice as unjustified, or to any extent unjustified, and the extent, if any, to which he has complied or intends to comply with it.
(4)
Where the data subject is dissatisfied with the failure of the data user to comply with the data subject notice, whether in whole or in part, under paragraph (3)(b), the data subject may submit an application to the Commissioner to require the data user to comply with the data subject notice.
(5)
Where the Commissioner is satisfied that the application of the data subject under subsection (4) is justified or justified to any extent, the Commissioner may require the data user to take such steps for complying with the data subject notice.
(6)
A data user who fails to comply with the requirement of the Commissioner under subsection (5) commits an offence and shall, on conviction, be liable to a fine not exceeding two hundred thousand ringgit or to imprisonment for a term not exceeding two years or to both.
Right to prevent processing for purposes of direct marketing