LETTER | MySejahtera data is worthless according to its own website

LETTER | Much has been debated of late about the Mysejahtera app. And amidst the hue and cry, Health Minister Khairy Jamaluddin has confirmed that all the data inside MySejahtera belongs to the government and not any third party, including KPISoft or Entomo, the new name of KPISoft.

The health minister also confirmed that the entire IT architecture known publicly as the MySejahtera app was built for free for the Malaysian government by KPISoft as part of their corporate social responsibility (CSR) programme.

On April 27, 2022, the Health Ministry also announced that effective May 1, 2022, checking in at premises using MySejahtera is no longer mandatory.

In MySejahtera’s website, it states the following:

1. For check-in data, the user’s data is only stored for a period of 90 days and would be purged thereafter.
2. The app will not record the user’s personal data except with the user’s permission or voluntarily provided by the user. Information collected is used for monitoring and enforcement purposes by government authorities in dealing with the Covid-19 pandemic. This information is not shared with other organisations for other purposes unless specifically stated.
3. This app collects anonymised data about your device and OS (e.g. device model, OS version) to help us improve the app and provide a better user experience.
4. The personal data collected will not be used for any purpose other than those mentioned above, unless required in order to comply with any legal obligation.
5. The purpose of data collection is as follows:

a) To assess your risk of being infected by Covid-19 based on the information you provide on your health condition and history of travel, mass gathering or close contact with a confirmed case.
b) To communicate with you in case your condition requires a follow up from healthcare personnel.
c) To respond to you about any comment or enquiry you have submitted.
d) To suggest the nearest medical/screening facility to your location.
e) To help you identify if your current location is a hotspot area (area with reported positive Covid-19 cases).
f) To trace the place you’ve been in case of positive Covid-19 cases reported in that location.
g) To ensure compliance with all movement control order (MCO) rules and standard operating procedures (SOP) issued under the Prevention and Control of Infectious Diseases Act 1988.
h) Your personal information might be shared with the enforcement authority for follow-up and resolution of any complaints you submitted via this app.

Based on the representation stated on MySejahtera’s website, the app will only retain data i.e all check-in beginning Feb 1, 2022, for all registered users of this app. Check-in details prior to the date would have been purged or deleted from the database as represented.

As the information collected is used for monitoring and enforcement purposes by government authorities in dealing with the Covid-19 pandemic as represented, accordingly, any mining of the data of the users outside this purview whether by the government or third parties violates and runs afoul of the terms set out in the website of MySejahtera.

If the app collects only anonymised data from the users’ devices, unless the government or third parties de-anonymise the data, the data is of zero value to any potential organisations or parties that wish to mine these data for marketing purposes.

Based on these few representations alone stated on the website, the MySejahtera app only processes and retains all the data i.e history on the details of the movements of the users for a maximum of 90 days. This will continuously be purged once it reached 90 days to be replaced by a new set of data.

Since the data collected are anonymised as represented, the history of the details of the movement is effectively faceless, without any identifying details.

Thus, if the users are faceless and the MySejahtera app only has 90 days of the history of each user that continuously evolve every day with past history deleted and replaced with new data, unless data stream mining is conducted, marketers will have a hard or impossible time building a profile of all and each user for target marketing purposes. Under this circumstance, does the app really have value?

Unless the mining is data streamed, the data owned by the government is worthless because the data kept are only for a period of 90 days that continuously evolves with daily deletion and adding in of new data.

If it is for monitoring and enforcement purposes by government authorities in dealing with the Covid-19 pandemic, after May 1, 2022, when checking in is no longer mandatory, its use and effectiveness are limited.

In all honesty, has the Health Ministry ever conducted a survey among users to determine how many of them actually were contacted or communicated to with regard to each of the items stated as the purpose for the collection of the data by the apps in the MySejahtera website?

The MySejahtera app is just like a Proton X70 and the data collected from the users is the fuel that powered the vehicle. Without fuel, the app, like the car, is just for viewing as it can’t be driven.

And the fuel i.e the data in this instance is solely owned by the government represented that except for the users’ details, the users’ movements and their details will be expunged from the database after 90 days.

And the government has expressly and explicitly represented that they will not release nor agreed for the fuel to be used in any other motor vehicle except that and also a particular Proton X70 which it has been powering for the last 30 months or so.

So why the need to pay for the MySejahtera app when it was given free to the people/government of Malaysia in the first place?

Any payment that needs to be made shall be only for the maintenance, upgrading and managing of the app for a certain time period post the expiry of the free period agreed upon between KPI Soft and the government.

And why the rush for the Health Ministry to sign a new contract and not wait for the Public Accounts Committee (PAC) report on the development and procurement of the MySejahtera mobile application?

Come May 1, in three days’ time, and with the relaxation of a lot of the restraints imposed previously on everyone, the necessity to trace and track is no longer of paramount importance to the health authorities.

If the government or any third party approved by the government were to mine the data in MySejahtera, the government is going against its own representation, stating expressly and explicitly, that the data is only for monitoring and managing the Covid19 pandemic.

Does the government expect the rakyat to trust their representations in the future when they themselves break the trust that was in writing?

It is not that the rakyat are speculating or passing unfounded rumours or fake news around. It was the health minister that started the thread and allowed for the news to be given a life of its own.

Thus, don’t blame the rakyat for adding to the news.

The views expressed here are those of the author/contributor and do not necessarily represent the views of Malaysiakini.