How Malaysia’s MySejahtera App Does More Than Contact-Tracing And The Potential Downsides Of Adopting Digitalisation
As industry experts fight against time to put a full stop to the Covid-19 pandemic, the role of technology has grown rapidly in the past couple of months as society adapts to the new normal.
In Malaysia, the MySejahtera mobile application was launched to assist the government in managing the pandemic outbreaks nationwide. It was developed under a strategic cooperation between five federal agencies — the Ministry of Health (MOH), the National Security Council (NSC), the Ministry of Science, Technology and Innovation (MOSTI), MAMPU and MCMC — and is available on the Google Play Store, App Store and Huawei AppGallery, with iOS 12 and Android 4.4 being the minimum requirement each device should have.
With over 15.1 million registered users as of 16 August 2020, the app offers a quicker and more convenient way for users to register at premises for contract-tracing purposes as opposed to the manual pen-and-paper registration. Once the user has registered his or her personal information via the app, a simple QR code scan using the MySejahtera app will automatically register the user’s attendance at a premise. Not only does this save time and energy, but also offer more credibility on a user’s personal information compared to manual fill-ups which can be easily falsified or sabotaged with poor handwriting.
Although the MySejahtera app prides itself as a contact-tracing app, it certainly provides more than just a scan-and-register feature. Its simple interface packs abundant uses, including the provision of self-health checks, daily information about the pandemic situation nationwide, and useful tips on locating the nearest healthcare centres to access COVID-19 screening and treatments.
Besides that, the app also offers a short questionnaire for users to determine their risk status. By answering some simple YES and NO questions, the system will be able to translate the self-health assessment results and assign the user under either one of these classifications — Low Risk, Casual Contact, Close Contact, Person Under Surveillance (PUS), Person Under Investigation (PUI) and Confirmed Case. This can help the government and other users to keep track of COVID-19 hotspots, as well as safeguard public’s health by keeping users informed if they’re in close contact with an infected patient.
The MySejahtera app proves itself to be an essential feature in today’s digitalised world but it certainly comes with a series of concerns and disadvantages.
For instance, the app requires functional internet connection and certain versions of mobile operating system in order to function. These requirements inadvertently discriminate against lower income groups and technology illiterates, especially with the newly imposed mandatory use of the app for all businesses which was announced on 4 August 2020.
Furthermore, the app requires extensive personal details from users, such as their name, identification card (IC) number, home address and health history to assist the Ministry of Health with its Covid-19 clinical and epidemiological analysis. While some people may be wary about sharing their information online, the Deputy Health Minister Dr Noor Azmi Ghazali has clarified that personal data stored in the MySejahtera app is protected under the Medical Act 1971 and the Prevention and Control of Infectious Diseases Act 1988, as well as abides to the provisions under the Personal Data Protection Act (PDPA) 2010. However, the PDPA’s exemptions for several parties which includes the Federal Government and state governments meant that in some cases where necessary, the authorities do have the rights to retrieve users’ information from the app. There is definitely a strong need for accountability towards any misuse of data by anyone but as the digital environment continues to evolve rapidly, enforcing regulations can be challenging as more grey areas involving privacy and security develop.
As for the data storage timeframe, queries sent to the Malaysian Administrative Modernisation and Management Planning Unit (MAMPU) by Focus Malaysia revealed that data is currently stored for only 30 days by the app. Yet, an FAQ sheet on COVID-19 Malaysia’s website states that “user’s data is only stored for 90 days and would be purged thereafter”. This inevitably raises the alarm regarding the government’s transparency in safeguarding the public’s personal data. Furthermore, the purpose of the app in assisting the pandemic outbreaks means that there is also the possibility of mismanagement of the system and weakening security enforcement once the COVID-19 threat eases and the app is abandoned.
In terms of users’ experience, the flawed self-health assessment which determines a person’s risk status based on a short YES or NO questionnaire means that users can easily forge their answers to obtain a low risk status. This will simply defeat the app’s purpose to detect risks and allow the government to monitor any potential outbreaks.
There is still little to no proof that digitalisation will contribute to the huge success in curbing the widespread of the virus. Even so, it is evident that technology has played a huge part in assisting the government to monitor the pandemic situation nationwide and it is crucial for the government to safeguard the public’s security and privacy during the process.
