Big Data and The Deterioration on Consent Principle to Protect Health Data Privacy in Malaysia

<jats:p>It is part of the legal requirement for an individual to be conferred the right to consent when it involves the processing of their health data. However, with the advent of big data in healthcare, consent principle as a lawful basis for data processing and as a tool for data privacy in healthcare is being challenged. In this article, big data refers to the processing and analysis of large data sets to find new correlations—for example, for decision-making purposes and improving health delivery of health bodies. While big data may be beneficial, it also imposes certain legal complications regarding the sufficiency of the Malaysian Personal Data Protection Act 2010 in implementing consent. This article aims to analyse consent principle under the PDPA 2010 as a tool for health data privacy and its sufficiency in big data. We adopt a doctrinal qualitative analysis as the methodology in this paper. It is found that the consent principle under the Act must be revisited because it is lacking in its suitability and functions in dealing with big data and the practical demonstration of explicit consent in protecting privacy. Therefore, it is suggested that Malaysia could look to the European’s Union General Data Protection Regulation as a potential model for enhancing its consent standards, with careful consideration of the existing constraints under the PDPA.</jats:p>