Malaysia Oversight

New MCMC framework must give users clearer opt-out options, expert says

By NST in August 15, 2025 – Reading time 4 minute
New MCMC framework must give users clearer opt-out options, expert says


KUALA LUMPUR: The Malaysian Communications and Multimedia Commission (MCMC) has launched a two-week public consultation on a proposed Regulatory Framework for Unsolicited Commercial Electronic Messages (UCEM), or spam, under the new Section 233A of the Communications and Multimedia Act 1998.

Open until Aug 27, the consultation seeks feedback from industry players, civil society organisations, consumer groups, ministries, enforcement agencies, academics and the public.

The framework takes a multi-platform approach that addresses how spam is sent today, including via SMS, email, messaging apps such as WhatsApp and Telegram, and social media.

Key measures include requiring consent before sending commercial messages, clearer sender identification and simple, no-cost opt-out options for recipients. It also proposes banning address-harvesting software, bulk-messaging tools and tactics such as dictionary attacks.

Breaches could trigger enforcement action or legal proceedings under Section 233A.

Universiti Malaya computer systems & technology associate professor Dr Saaidal Razalli Azzuhri said the central value of Section 233A is that “it expands the scope beyond existing laws by covering all forms of unsolicited digital messages, not just email spam, including social messaging platforms and SMS.” 

He added that the regulation “must be designed to handle spam across SMS, email, messaging apps and social media in one comprehensive approach.” 

While the details will be shaped by public feedback, Saaidal expects that companies and individuals may need to get clearer consent, provide opt-out options and be transparent about their messaging practices.

FRAMEWORK DETAILS

Under the proposed framework, consent would be recognised in two forms, express and implied consent.

Express consent covers clear, affirmative permission. For example, a tick-box or registration to receive marketing.

Implied consent may arise from an existing customer relationship. Regardless of consent type, senders must identify themselves clearly in every message, provide valid contact details and include a free, functional opt-out that lets recipients withdraw permission at any time.

The framework also outlines mandatory opt-out mechanisms in every UCEM, and forbids sending messages without identification or a working unsubscribe route.

On consumer protection, Saaidal said well-designed rules could “limit unsolicited contact, require consent, and impose penalties for scams or misleading content.” 

He described responsible digital marketing as “sending only to consenting users, providing easy unsubscribes, and being honest in content (common sense).”
“Possible responsible practices can include sending only to consenting users, letting them unsubscribe easily, and being honest when presenting content, which is down to common sense,” he said.

To avoid restricting freedoms, he stressed safeguards so that anti-spam measures do not curtail lawful communication.
“Safeguards like clear definitions and clear appeal processes ensure it targets spam without silencing legitimate speech,” he explained.

IMPLICATIONS FOR USERS AND BUSINESSES

A major focus of the consultation is giving the public more control. 

“Users must be given simpler ways to report and block spam through standardised tools or platforms,” Saaidal said. 

Technologically, day-to-day filtering will hinge on “advanced filtering systems, AI detection and updated blocklists or whitelists” that can spot abusive campaigns while letting legitimate messages through. 

On whether Malaysia has what it takes to carry out effective enforcement, he said: “Malaysia has a growing tech infrastructure and skilled talent pool, but will need continuous investment and training across industry, government and academia to enforce the rules effectively.”

For industry players, the proposal aims to separate permission-based marketing from unsolicited blasts. 

Saaidal expects e-commerce platforms, telecommunications companies and banks to tighten data practices, refine marketing lists and improve user-consent management. 

SMEs, he said, “may face extra compliance costs but can benefit from higher trust and engagement with customers, which is a huge thing for business nowadays.” 

In the longer term, he said the framework must appear flexible enough to adapt, but will require periodic updates to keep pace with technologies like AI marketing.

MCMC said it has already engaged key stakeholders in sessions held in June to help balance consumer protection with business needs, and is now widening the lens to include the public’s experiences, from nuisance promotions to more serious phishing attempts.

The commission encourages Malaysians to review the consultation paper and submit views by Aug 2, 5pm, noting that feedback will inform the drafting of subsidiary rules and guidance to ensure clear, enforceable standards.

Members of the public, industry representatives, and advocacy groups can access the consultation materials and submission instructions via the MCMC website during the consultation window.

© New Straits Times Press (M) Bhd



Source link