Malaysia reopened its borders to international travel on 1 April but unfortunately, its MySejahtera app, which is used as a means for COVID-19 contact tracing, has encountered a bumpy ride in its public perception, due to media reports around user experience, data privacy and ownership issues.
It began last month when local media outlets claimed that the government allegedly planned to sell MySejahtera to a private firm, said a report on Malay Mail. Not long after, Bernama reported health minister Khairy Jamaluddin clarifying that the government has never sold MySejahtera to any private company and that the app “remains government-owned” with its data under the Health Ministry’s supervision.
The app itself was created in 2020 by KPISoft Malaysia and saw a fair bit of headlines regarding its name change to Entomo Malaysia months later. Most recently, it also made news when Hasrat Budi, one of the shareholders in MySejahtera’s operator MySJ, filed a suit to remove Shahril Shamsuddin and Anuar Rozhan as directors of MySJ. According to The Edge Markets, the suit was filed against six defendants – Entomo Malaysia, Revolusi Asia, MySJ, Shahril, Anuar, and Raveenderen Ramamoothie.
Consumer privacy concerns
Currently, the data collected by MySejahtera includes a user’s name, address, ID number, date of birth, and check-in locations, among others. According to media outlets, the app currently has approximately 38 million users and ever since the issue around the app came to light, check-ins on MySejahtera have since dipped. A+M has reached out to the Health Ministry for a comment on the matter.
Today, data privacy has become a topic at the forefront of consumers’ minds. According to the Cisco 2021 Consumer Privacy Survey, globally, 86% of consumers today care about data privacy issues, and 79% are willing to spend time and money to protect their data. In fact, 47% of them have switched companies or providers over their data policies or data sharing practices. 
Ben Wightman, Tealium’s APJ lead, strategic business value engineering, told A+M that the pandemic has heightened awareness and preference of privacy in consumer adoption of a particular product or service. And the same extends to the uptake of government services. Whilst data collection, retention and usage by governments globally within the COVID-19 context had utility in advancing public health aims, he said citizens rightfully expect that their data privacy preferences will be honoured.
With the news surrounding the app, Wightman said it isn’t easily deducible if the news is in fact going to have an impact in tourists entering the country.
A better benchmark would probably be to compare with travel behaviours to Malaysia with its surrounding nations.
“In terms of the extent of any impact to the tourism industry, observing trends in other countries within the APAC region or globally will be indicative of the likelihood of any far-reaching impacts to travel behaviours,” Wightman said.
For example, Australia’s independent national regulator for privacy and freedom of information, the Office of the Australian Information Commissioner, identified that at the onset of the pandemic, more than two-thirds of Australians stated that privacy was a major concern. Moreover, almost nine in 10 sought more choice and control in relation to their personal information.
With reference to the trends observed in the APAC region, it is likely that data privacy concerns will not materially impact the long-term travel behaviours of tourists, said Wightman. However, governments still must prioritise building citizen trust by honouring their data privacy preferences.
Kevin Kan, chief experience officer at Break Out Consulting Asia, told A+M that while issues surrounding data privacy might be a concern for some tourists, for those travelling for a specific need (such as work, seeing family or simply to scratch an itch) it wouldn’t be a strong enough deterrent. 
“If you are an ardent traveller and really need to satisfy that two-year travel itch, you’ll swallow the risk and deal with it later,” he added. Similarly, those who have not seen their families for years might not be too bothered by data privacy concerns for now – at the end of the day, being able to see and be there for loved ones outweighs any data privacy concerns. 
What can governments around the world do to allay fears?
Globally, we are living in a privacy-first world, and governments are presented with a vital opportunity to honour data privacy preferences to fortify the trust of citizens. A privacy-first governance framework can lead to improved civic engagement and heightened trust; thereby, paying dividends for both governments and citizens, Tealium’s Wightman said.  He explained that in a rapidly evolving global digital economy, safeguarding consumer trust is paramount to effectively addressing privacy concerns.
Wightman also shared that government bodies all over the world must ensure the timely and full disclosure of its data collection, retention and usage policy, whilst notifying citizens of their rights in relation to their personal data. Additionally, seamless and compliant consent mechanisms are essential to ensure that a citizen is granted the right to provide informed consent in relation to the use of their data in line with governmental policy.  For example, the EU’s GDPR and Australia’s Consumer Data Right provide consumers with an option to revoke consent and request data deletion as additional steps to safeguard trust in a privacy-first world, Wightman said.
On the same note, Break Out Consulting Asia’s Kan said the best way to allay citizen fears of data privacy breaches is to be transparent. Kan explained:
Develop a simple to understand infographic to help citizens understand how the government is securing and using their data. A separate infographic should also show what processes take effect should a data breach occur.
According to him, the infographic should also include how citizens will be notified should a breach take place and what they are required to do. At the end of the day, education and understanding is the best way to allay fear. To earn trust of consumers, government bodies can also publish IT security audit findings, said Kan. At the end of the day, government bodies must be transparent and let citizens know that their data is being protected.
Ironing out UX troubles
While Malaysians might find it easier to wane off the use of MySejahtera app should they have privacy-related concerns, travellers heading into the country, however, do not have that option as they are required to download the app before entering Malaysia. This has also become a challenge for some Singaporeans who were looking to travel to Johor Bahru via land for day trips, TODAY Online reported. Currently, the app requires users to input a Malaysian state and address, but users planning day trips do not have any residential addresses. It also takes about five working days for the app to approve one’s vaccination status. 
Meanwhile, just yesterday, Khairy said the European Union has recognised Malaysia’s COVID-19 vaccination and test certificates and the Ministry of Science, Technology and Innovation is speaking with all major countries to recognise MySejahtera, Malay Mail said.
While MySejahtera is mainly designed for local citizens and residents, a holistic customer-centric channel should also integrate tourist users into the app or UX as well, Kan said. This means data fields must be integrated to input foreign country home addresses. Tourist segmentation should also be taken into account when designing an app for travellers as you may have long stays, 24-hour stays or even transits. All of these factors need to be catered into the app’s UX.
At the same time, a great experience goes beyond just the UX of the app but also involves multi-ministry collaboration as well. If data needs to be shared between the Ministry of Health and the Immigration Department of Malaysia, for example, the response or approval times need to be taken into consideration in the design of the app and the traveller’s experience.  “Waiting a week for approval of vaccination status inclusion isn’t a great customer experience,” Kan added – regardless of a brand of a country.
Keep it simple
Offering a more general perspective, Wightman said governments can ensure that the pathways to collect data are clear, simple and effective, whilst minimising requisite user actions. Moreover, government bodies should adopt plain language to clearly articulate their data collection, retention and usage policy, whilst delivering an intuitive and minimalist design within site pages for ease of user navigation.
For ease of usage, and to cut down barriers, only data which is needed or crucial should be requested for, whilst providing hints and instructions in relation to how to navigate a site page for the benefit of consumer data privacy protection.
“Remember, the privacy imperative is here to stay, and governments must honour citizens’ preferences to garner the trust requisite to civic engagement,” he added.
Photo courtesy: 123RF

source