MCMC seeks public feedback on the draft Code of Conduct for Internet Messaging Service Providers and Social Media Service Providers

28 October 2024

On 22 October 2024, the Malaysian Communications and Multimedia Commission (“MCMC”) initiated a public consultation on the draft Code of Conduct (Best Practice) for Internet Messaging Service Providers and Social Media Service Providers (“Code of Conduct”). Members of the public, including Service Providers, industry players and interested parties are invited to provide their feedback and comments on the draft Code of Conduct by 5 November 2024.

This article summarises the draft Code of Conduct.

Key points

  • The draft Code of Conduct outlines certain best practices that social media service providers and Internet messaging service providers (“Service Providers”) should adopt in managing harmful content online, including specific measures that should be implemented to ensure user safety, accessibility for users with disabilities, child safety and to mitigate systemic risks.
  • Service Providers will also be required to observe certain record keeping, audit and reporting requirements as proposed in the draft Code of Conduct.

Background

Our previous KnowledgeShare Alert on “New regulatory framework for social media services and internet messaging services providers” discussed the introduction of a new regulatory framework by the MCMC targeted at social media service providers and Internet messaging service providers (“Service Providers”) through the following subsidiary legislation under the Communications and Multimedia Act 1998 (“CMA”):

Pursuant to the new regulatory framework, Service Providers with at least eight million users in Malaysia are required to apply to the MCMC for a class licence - the Applications Service Provider (ASP(C) Licence). Applications must be made during a five-month grace period between 1 August 2024 to 31 December 2024 before the legislation comes into force on 1 January 2025. During the grace period, the MCMC is required to develop comprehensive guidelines detailing the conduct requirements and responsibilities that must be proactively adhered to by Service Providers in Malaysia.

Scope and application of the Code of Conduct

Once finalised, the Code of Conduct is intended to set out the best practice and conduct requirements that Service Providers should adopt and implement to address harmful content online, in addition to their existing duties and obligations under the CMA and other Malaysian laws.

The draft Code of Conduct defines “harmful content” to mean “content that is in violation of the CMA and/or any other relevant Malaysian laws”. It also provides the following examples for “harmful content”:

  • child sexual abuse material (“CSAM”);
  • non-consensual sharing of intimate content;
  • content related to online financial scams;
  • content that is used to bully;
  • content that can incite violence, extremism and/or terrorism;
  • content that is likely to induce a child to cause physical and/or psychological harm to themselves;
  • content that incites hate speech;
  • content related to the sale of illegal drugs; and
  • manipulated media (such as deepfakes) that can cause harm to individuals or society.

Best practice to be adopted by the Service Providers

The draft Code of Conduct provides and requires Service Providers to adopt the following best practices and measures:

Measures to ensure user safety

To ensure that the users may use the platforms safely, Service Providers should, among other things, (a) establish clear and robust systems for timely identification, assessment, and removal of harmful content, (b) review and update such systems regularly to maintain their effectiveness, (c) put in place a dedicated local content moderation team, (d) immediately report harmful content to the relevant law enforcement authorities, (e) take appropriate action against users who breaches the platform’s community guidelines, and (f) promptly respond to requests from and actively assist law enforcement authorities.

Service Providers should also allow their users to take proactive measures to curb online harm, for example, by providing tools and settings that allow users to manage their online safety, establishing clear and transparent guidelines, timelines and processes for user reporting and appeals relating to harmful content, responding to user reports and flags for CSAM materials within 24 hours, etc.

Measures for users with disabilities

Service Providers should ensure that users with disabilities are able to access the platforms. This includes complying with international standards (such as the Web Content Accessibility Guidelines), providing alternative content formats (such as audio descriptions for videos), and conducting regular reviews of accessibility for users with disabilities.

Child safety measures

Child users (users below the age of 18 years) have been identified to be one of the most vulnerable categories of users of online platforms. They should be sufficiently safeguarded against exposure to harmful content.

In this regard, Service Providers should provide additional protective measures for child users, including (a) implementing age verification measures, (b) providing tools and settings for parents/guardians to monitor the children’s use of online platforms, (c) providing tools and settings that allow child users to protect themselves from harmful content, (d) ensuring such tools and settings are clear, user-friendly and easily accessible, (e) conducting regular reviews of the child safety measures, and (f) raising awareness among child users about online safety.

Risk mitigation measures

Service Providers should proactively identify and mitigate any risks of online harm on their platforms, including (a) ensuring that a qualified risk assessment team conducts regular assessments of systemic risks on their platforms, (b) reviewing and updating risk assessment methods, (c) implementing effective measures to anticipate, detect and mitigate systemic risks, and (d) establishing an internal assurance function to monitor the effectiveness of the measures.

Service Providers are also encouraged to actively collaborate with the relevant authorities and stakeholders to curb online safety issues in Malaysia.

Accountability of Service Providers

To ensure that Service Providers are held accountable for their fulfilment of the conduct requirements as detailed above, pursuant to the draft Code of Conduct, Service Providers should:

  • keep and maintain records of removals of harmful content for a period to be prescribed in accordance with the CMA and/or any other Malaysian laws;
  • conduct regular audits to assess their compliance with Malaysian laws relating to online safety (including the CMA and the Code of Conduct) and their own platform community guidelines;
  • submit bi-annual online safety reports to MCMC; and
  • publish annual public reports on the platforms’ online safety practices.

Next step for Service Providers

Service Providers should review the proposed conduct requirements in the draft Code of Conduct, and preliminarily assess whether they would be able to comply with the same. Otherwise, Service Providers should raise any concerns to the MCMC as soon as possible.

Service Providers should promptly provide feedback and comments (may be in hard copy or electronic form) to the MCMC on the draft Code of Conduct by 5:00pm on Tuesday, 5 November 2024.

Conclusion

Service Providers should adopt the proposed measures and best practice as set out in the draft Code of Conduct to create a safe and healthy online environment in Malaysia. Particularly, Service Providers should proactively safeguard and protect child users on their platforms as they are more vulnerable to online harm when compared to other categories of platform users.

Members of the public are encouraged to provide any feedback or comments to the MCMC during the period of public consultation to ensure that their views are taken into consideration before the MCMC finalises and implements the draft Code of Conduct. The active participation of all stakeholders is expected to fine-tune the Code of Conduct, ensuring a balanced and effective regulatory framework for the digital ecosystem.

Further information

This alert has been prepared with the assistance of Senior Associate Ng Hong Syuen and Associate Yung Jia Heng.

More