Privacy in the digital age is often discussed as a universal right, but in reality, the poor face very different challenges in exercising it. “Privacy poverty” refers to the unique vulnerability of those living in poverty or unprivileged circumstances, who are often forced to surrender personal information simply to access aid, services, or recognition. Far from being indifferent, poor communities make difficult trade-offs, choosing between visibility for survival and the preservation of their personal boundaries.
This reality was captured powerfully by a group of researchers in India who studied the country’s Aadhaar national biometric system—the world’s largest digital identity program. Their article, “The Poverty of Privacy: Understanding Privacy Trade-Offs From Identity Infrastructure Users in India”, revealed how people with low income often compromise privacy to gain access to essential benefits. Many gave up data regardless of the credibility of the collector, the clarity of purpose, or the existence of safeguards, fearing exclusion if they declined. The study also highlighted that even in poverty, individuals care about privacy—they calculate when to give up visibility and when to protect their information. This confirms that privacy is not a luxury, but a right that the poor value as much as the affluent.
Malaysia today faces a moment where this lesson is highly relevant. In recent years, the government has introduced or updated major legal instruments to strengthen data governance and security. The amendment to the Personal Data Protection Act 2010 [Act 709], the new Cyber Security Act 2024 [Act 854], and the Data Sharing Act 2025 [Act 864]. Alongside these, the Ministry of Home Affairs recently tabled the National Registration (Amendment) Bill 2025, which aims to give statutory recognition to MyDigital ID as a valid identification document.
MyDigital ID has sparked much debate on privacy and security. While its framework ensures that personal data is only verified against government databases and not retained by MyDigital ID itself, public concerns remain. Expanding biometric data collection raises questions about consent, purpose limitation, and safeguards—issues that disproportionately affect those in vulnerable or low-income groups.
Here lies the lesson from India: building digital identity systems is not only about security and efficiency but also about protecting the dignity of those who cannot afford to “trade” their privacy. Malaysia’s strong legal foundation must now be matched by deliberate policies that:
- Ensure informed consent is genuine,
- Limit the use of personal data strictly to its intended purposes, and
- Build credible safeguards that reassure all citizens—especially the poor—that their data will not be misused or exposed.
It may be inappropriate to directly compare India’s Aadhaar system with Malaysia’s MyDigital ID, given their different purposes and designs. But acknowledging privacy poverty is not about rejecting MyDigital ID. It is about ensuring that digital transformation protects the most vulnerable, recognising them not merely as data subjects but as rights-bearing individuals. Safeguarding privacy in contexts of poverty is not an act of charity—it is an act of justice.
