Your Identity, Their Control: What You Need to Know About Malaysia’s New Digital ID

While other countries are facing backlash for introducing national digital IDs or apps, Malaysia is steamrolling ahead with its increasingly mandatory MyDigital ID. Despite every citizen already carrying a digital ID (MyKad), MyDigital ID is being deployed as a mandatory phone app for basic civic services, interactions, and utilities. A new report highlights how this poses serious risks to your privacy and civil rights.

Here is why this shift from physical cryptographic cards (and passports) to mobile apps isn't just a tech upgrade; it’s a fundamental change in your relationship with the state.

1. The "Phone Home" Problem

In the past, when you showed your physical IC to a pharmacist or a security guard, the government didn't know it happened. It was a private interaction.

With the new mobile Digital ID, the system is designed to "phone home". Every time you use the app to verify who you are, it pings a government server. This allows the state to see exactly where and when you are using your ID in real-time. This turns a simple identification tool into a tracking device that logs your daily movements and habits.

2. You Can’t Say "No"

While the government initially said MyDigital ID was optional, it is quickly becoming mandatory.

• Driving: You will soon need it to log into the MyJPJ app for your digital license and road tax.
• Travel: It is becoming the only way for Malaysians to use the immigration systems (MyNIISe) at major airports like KLIA.
• Marriage and Death certificates.
• Telecommunications: All telcos will require the app to subscribe to phone/data services.
• Daily Life: By 2030, the goal is for 95% of all public services to require this digital login.

Essentially, if you don't use the app, you may find yourself locked out of basic rights like internet, traveling, or driving your car.

3. A History of Broken Trust

The report points out that the Malaysian government has a poor track record when it comes to keeping your data safe. Malaysia is the 8th worst country in the world for data breaches, and No.1 in Southeast Asia.

• MySejahtera: During the pandemic, a "Super Admin" account was used to illegally download the private medical data of three million people.
• 22.5 Million Records (2022): Data of 22.5 million Malaysians born between 1940 and 2004 was reported to be on sale for US$10,000, allegedly siphoned from the National Registration Department (NRD) via the MyIdentity API.
• 46.2 Million Mobile Users (2017): A massive data breach involving 46.2 million mobile users, including prepaid and postpaid numbers, was offered for sale, with reports indicating it was being sold for 1 Bitcoin.
• Financial Scandals (2026): A recent audit found that the agency building MyDigital ID (MIMOS) had RM28 million in unauthorized spending and failed to follow basic safety and management rules.

If the people building the system can’t manage their budget or keep their own admins in check, can they really protect your biometric data?

4. The Legal Loophole

You might think that Malaysia’s privacy laws (PDPA) will protect you. Unfortunately, there is a massive catch: the PDPA does not apply to the government.

If a private company leaks your data, they can be fined millions. But if a government department leaks your Digital ID data, they have no legal obligation to even tell you it happened, let alone face a penalty. At the same time, new laws (like the Data Sharing Act 2025) make it easier for different government agencies, like the police or tax authorities, to share and cross-reference your data without your consent.

5. The End of Online Privacy

The government plans to use MyDigital ID to verify social media accounts through the Online Safety Act. This means your real name and ID will be permanently linked to everything you say online. For whistleblowers, journalists, or anyone wanting to criticize the government, this creates a "chilling effect" where people become afraid to speak out for fear of being tracked down.

6. Leaving People Behind

Not everyone has the latest smartphone or a stable internet connection.

• The Digital Divide: People in rural areas, the elderly, and the poor may struggle to use a complex app that requires facial scanning and constant internet access.
• Tech and Privacy discrimination: Malaysian apps are known to prevent users from changing certain settings on their phone, enabling Developer mode, or even having certain other apps installed. Tech/privacy oriented users who use simpler, older, custom devices or alternate OSs may be denied access entirely.
• Physical Kiosks: While the government has set up kiosks (like in Tealive outlets), these are mostly in cities. This creates a "two-tier" society where those without tech are treated as second-class citizens, forced to wait in lines and face more scrutiny.

Conclusion: A Risky Path

The report concludes that we are building a system that is ripe for abuse. As the study states:

"The empirical record and structural analysis demonstrate that the current trajectory of mandatory mobile digital IDs, specifically the Malaysian model progressing into 2026, poses unacceptable risks to civil rights, privacy, and democratic stability. The combination of centralized telemetry, coercive adoption mandates, catastrophic historical governance failures, asymmetrical legal protections, and corporate entanglement creates an infrastructure primed for abuse."

We need a system that prioritizes privacy-by-design, well-established standards, and security best practices; one that lets us prove who we are without giving the government a precise map of our entire lives. Until then, your Digital ID is the most powerful control tool in the government's bag of tricks.