Deepak Pillai - Studio Session-258.jpg

Deepak Pillai

Partner

Practice Area:

Technology, Media & Telecommunications
Data Privacy & Protection

BA (Law), University of Durham, UK
Advocate & Solicitor, High Court of Malaya

T +60 3 2273 1919 / +60 1 2213 4674
E [email protected]

Deepak heads Christopher & Lee Ong’s Technology, Media and Telecommunications, and Data Privacy & Protection Practice Group.

He has been practising exclusively in the areas of Technology & Telecommunications law and Data Protection since 1997 and is acknowledged as a leading Technology & Telecommunications lawyer in Malaysia.

Deepak advises clients on matters relating to IT contracts, electronic commerce, online financial services, outsourcing, telecommunications, IT security, data protection and digital media.

He advises a wide array of international, private and public sector clientele in addressing the commercial, regulatory and policy issues relating to information and communications technology law, ranging from negotiating complex information technology contracts to advising public sector agencies on proposed technology related legislation and policies.

Deepak has been consecutively listed by the established legal directories as a leading individual in the area of IT and Telecommunications since 2001. He is listed on listed on Asia Business Law Journal’s Top 100 Malaysian Lawyers to Watch, as well as being the only Band 1 Leading Lawyer to be ranked for Technology, Media & Telecoms by Chambers Asia Pacific. Deepak is also ranked as a Tier 1 Leading Individual for TMT by Asia Pacific Legal 500.

He is described by clients of the Firm as “the most recognised IT specialist in Malaysia”, and “pioneering the practice of IT law as a discrete area of law in Malaysia ... almost single-handedly educating the market” and "he has an innate understanding of technology related issues whether from the legal or the business standpoint".

Experience
Technology
  • Appointed by one of the three entities granted conditional approval (“Client”) by the Securities Commission Malaysia, to advise them on meeting the SC’s conditions in relation to the operation of their digital asset exchanges (“DAX”) platform. This matter is significant as the recognition of DAX broadens the range of digital investment opportunities available to Malaysians and provides the basic legal framework for market operators that previously conducted business without regulation and at the consumer’s own risk.
  • Appointed by one of Malaysia’s largest reinsurers to review and negotiate the services and service level agreement for provisioning of cloud services under an Infrastructure as a Service (IaaS) arrangement for a Client who is regulated by the Central Bank of Malaysia, and hence was required to comply with prescribed guidelines and standards.
  • Appointed by a leading Malaysian universal bank to advise, review and negotiate legal documentation for the provisioning of cloud services under a Software as a Service (SaaS) as well as a Platform as a Service (PaaS) arrangement.
  • Engaged by a German multinational pharmaceutical and life sciences company to advise on the legal and regulatory approvals and requirements in relation to its digital farming project, which involves the use and operation of drones to apply crop protection products in fields and to collect Agricultural Data related to plant production. This cross-border matter included multiple jurisdictions including Malaysia, Indonesia, Vietnam, Philippines, Thailand, Cambodia, and Myanmar.
  • Engaged by a Malaysian universal bank to advise them on their proposed acquisition of (by way of a collaboration / joint venture for the development or for the exclusive licensing or use) a novel software program in Malaysia which comprises the use of principally open source software (“OSS”) together with certain proprietary software as constituent parts.
  • Advised a South Korean video game developer and publisher in respect of their proposed use of tokens for their gaming platform, in particular on the legal expiration date for the use of its gaming tokens by end users in Malaysia.
  • Engaged by a global provider of enterprise software support products and services listed on NASDAQ, to assist in assessing whether the client’s online SAP maintenance and support services provided to Malaysian businesses would be subject to digital service tax, following the introduction a new digital service tax in Malaysia, pursuant to amendments to the Service Tax Act 2018.
  • Appointed a global data technology provider in relation to the setting up, configuration, operationalisation and maintenance of a Digital Free Trade Zone (the “DFTZ”) e-Services Platform. The DFTZ e-Services Platform is integrated with other business and government service platforms to facilitate a paperless, end-to-end data capture, data storage, data exchange and data analytics process in order to facilitate the B2B and B2C internet trade activities.
  • Advised a Canadian multinational financial services company in relation to the use of electronic signatures in Malaysia.
  • Assisted a Fortune 500 multinational technology company to prepare a comprehensive briefing paper to seek qualifying foreign government status for the purpose of the US Clarifying Lawful Overseas Use of Data Act (US CLOUD Act), which essentially authorises the US government to compel disclosure of electronic communications or data upon request if stored by a US-based company, regardless of the data location.
  • Advised Malaysia’s largest financial services group on the first consumer and corporate Internet Banking service.
  • Advised the chosen concessionaire of the insurance industry on the structuring and setting up Malaysia’s nationwide on-line automotive insurance claims system.
  • Advised the Government of Malaysia on its legal policy and drawing up the guidelines in relation to the adoption and use of open source software within the public sector.
  • Advised the Government of Malaysia as to the drawing up of Malaysia’s domain name dispute resolution procedure and rules (MYDRP) for the .my internet domain.
  • Engaged by Malaysia’s national cyber security specialist agency under the Ministry of Communications and Multimedia Malaysia to assist with the preparation of the set of terms and conditions for the use of the Malaysian Vulnerability Database Management System Platform.
  • Advised a technology company on their proposed roll-out of the services in Malaysia and appointed as lead counsel for a multi-jurisdictional legal and regulatory assessment which included obtaining legal advice from our counterpart offices in Singapore, Thailand and Indonesia.
  • Assisted the largest mobile network operator in Singapore with regards to regulatory advice on the licensing requirements for a new cross-border mobile payments scheme in Malaysia, which would also be operated in several other jurisdictions.
  • Advised a European multinational engineering and technology company to provide legal advice on two online portals operated by the client – a developer portal for software developers to subscribe to Software as a Service (SaaS) offerings and a marketplace to place orders for Internet of Things products, support services and bundle packages for various offerings.
  • Assisted a Malaysian universal bank on its proposed digitalisation of its banking processes and documentation, in particular its proposed offering of loan products and hire purchase products based on a “straight through process” via its digital platform.
  • Advised a national security agency on the legislative framework applicable to cyber activities in Malaysia as part of a cross-governmental working group initiative.
  • Advised an American Fortune 500 multinational technology company on the laws and regulations applicable to the use of the cloud version of its services by companies specifically in the telecommunications and media sector.
  • Represented the Selangor State Government in implementing a state-wide network of CCTV cameras for the purposes of security and traffic monitoring via a BLT arrangement.
  • Acted for several Malaysian financial services groups in negotiating their respective contracts for the replacement of their core banking systems, and the relevant licensing, support and maintenance agreements.
  • Advised and acted for several Malaysian financial services groups in negotiating a variety of outsourcing arrangements, including but not limited to the outsourcing of IT infrastructure, application management, security services, self-service terminals and the transfer of the relevant staff.
  • Advised and acted for a financial group in negotiating the first central bank approved co-location of primary IT infrastructure with a global service provider.
  • Advised Malaysia’s largest financial services group on the front and back-end agreements required in order to implement and roll-out several mobile applications on a regional basis.
  • Advised a Malaysian universal bank to assist on the consultation exercise conducted by the Ministry of Domestic Trade, Co-operatives and Consumerism in respect of a comprehensive review of the Electronic Commerce Act 2006.
  • Advised a major Malaysian telecommunications provider as to the implementation of digital signatures in accordance with Digital Signature Act 1997 and the Electronic Commerce Act 2006 for the purpose of a mobile content development service.
  • Advised a global hardware and services provider on their cloud services offering for the Malaysian market, including addressing regulatory obstacles, requirements of specific sectors and the applicable terms and conditions.
  • Advised and represented an MSC status company on the structuring and setting up of an E-Passport issuance and management service in the Kingdom of Cambodia.
  • Advised a publicly listed IT Solutions provider on the structuring and setting up of the commercial and transactional framework for the provision and issuance of National Identity Cards on a BOT model in the Republic of Indonesia.
  • Advised the Malaysian Intellectual Property Office (MyIPO) in the drafting of various agreements required for setting up an online Intellectual Property marketplace for the listing, valuation and trading of Intellectual Property.
  • Rendered Malaysia specific regulatory and legal advice to a global travel and accommodation service provider.
  • Acted for a government backed applied IT research and development centre and dratted their standard agreements for collaboration, research, development, technology acquisition and licensing.
 Telecommunications 
  • Acted as Malaysian counsel for a foreign telecommunications company in relation to the provision of regulatory advice on the allocation of spectrum for satellite services and liaising with the Malaysian Communications and Multimedia Commission on behalf of the client with regards to the relevant applications.
  • Engaged by a Global Fortune 500 Japanese telecommunications operator to advise on the applicable licensing and regulatory requirements under Malaysian telecommunications laws, in respect of its operation of SD-WAN (i.e. software-defined networking in a wide area network) services, and provision of internet access services, in Malaysia.
  • Appointed by one of the pioneer mobile operators in Malaysia to advise them in relation to a spectrum sharing arrangement made pursuant to a Master Collaboration Agreement between the client and its affiliate.
  • Represented clients and participated in the drafting of the subsidiary legislation to the Communications and Multimedia Act 1998.
  • Participated in setting up the Communications and Multimedia Content Forum of Malaysia and the drafting of the Malaysian Communications and Multimedia Content Code.
  • Acted for a consortium of companies on the implementation of Mobile Number Portability in Malaysia and negotiated the various agreements between the Malaysian Communications and Multimedia Commission, mobile operators and the consortium partners.
  • Advised and represented clients in discussions with the Malaysian Communications and Multimedia Commission in relation to the five year periodic review of the Numbering and Electronic Addressing Plan.
  • Advised on a joint venture agreement to build and operate a state-wide next generation network for the state of Penang, inclusive of drafting the relevant agreements.
  • Advised the administrator of the .my domain on the re-delegation of the management of the .my domain name space and obtained the relevant regulatory consents from the Malaysian Communications and Multimedia Commission and ICANN.
  • Advised various multinational telecommunication companies and service providers on the regulatory and licensing requirements of the Malaysian telecommunications industry, including their respective applications for various licences under the Malaysian Communications and Multimedia Act 1998.
Data Privacy & Protection 
  • Acted as Malaysian counsel for an e-commerce platform in relation to a multi-jurisdictional data breach incident. This included advising them on data breach notification requirements in Malaysia and represented the client in communications with the Personal Data Protection Commissioner.
  • Acted as Malaysian counsel to a large Chinese digital payment platform on its proposed global risk control program from data protection and financial regulatory perspective, and assisted in drawing up template documentation to enable transfers of personal data and financial data from merchant acquiring entities of the Group (across various jurisdictions in Asia) to its centralised centre in Singapore.
  • Acted for the Data User Forum for the Communications and Multimedia Sector (the “Forum”). The Forum includes key players in the Malaysian communications sector, including Malaysia’s largest telecommunications and mobile operator service providers, broadcasting television network, and Malaysia’s largest converged communications service provider, to name a few. We were engaged to draft the Personal Data Protection Code of Practice for Licensees Under the Communications and Multimedia Act 1998. We were also engaged by the Forum to review and provide feedback on the Public Consultation Paper for The Implementation of Data Breach Notification issued by the Commissioner in August 2018.
  • Appointed by The Association of Banks in Malaysia to conduct a review and assessment on the applicability and impact of the EU’s General Data Protection Regulation (“GDPR”) to Malaysian banks and financial institutions.
  • Appointed by The Association of Banks in Malaysia to assist in a public consultation exercise on the review of the Malaysian Personal Data Protection Act 2010 (PDPA). This included assisting the client in forming their feedback to the Personal Data Protection Commissioner on the proposed amendments to the PDPA, based on the industry’s business and operational needs.
  • Represented a leading global beauty-retail chain in relation to their data breach incident, acting as the contact point between the client and the Personal Data Protection Commissioner. Successfully mitigated the client’s exposure to the PDPA and imposition of penalties, in respect of the discovery of a data breach incident involving their e-commerce database, serving approximately 1.9 million of its e-commerce customers across South East Asian countries, as well as Hong Kong SAR, Australia and New Zealand.
  • Advised one of the leading global insurers in the Malaysian market in respect of the discovery of a potential data breach incident arising from their internal system error during the processing of customers’ claims.
  • Engaged by a leading e-commerce platform in Southeast Asia to advise on the data protection considerations in respect of a proposed collaboration with one of the largest commercial banks in Malaysia to launch a co-branded credit card.
  • Engaged by a Fortune 500 Malaysian oil and gas company to assist them for a period of one year to advise and closely assist in the implementation of the group-wide data protection compliance framework, in view of the coming into force of the EU General Data Protection Regulation (GDPR). During our engagement, we liaised with their ad hoc data protection working committee, their appointed management consultant for the purpose of risk assessment, and several EU data protection legal counsel to develop and implement a bespoke data protection compliance framework for the client and its group of companies, comprising more than 400 operating companies and subsidiaries worldwide.
  • Preparing and providing the IT industry response to the Personal Data Protection legislation proposed by the Malaysian Government in 1999.
  • Advised a broad range of institutional clientele on compliance with the Malaysian Personal Data Protection Act 2010 prior to its enactment, including conducting audits of their personal data collection practices, making recommendations for compliance, amending their relevant agreements, drawing up relevant policies and procedures.
  • Represented the banking and financial sector in drawing up a mandatory industry code of practice which shall have the force of law upon approval of the Privacy Commissioner.
  • Represented the communications and broadcasting sector in drawing up a mandatory industry code of practice which shall have the force of law upon approval of the Privacy Commissioner.
  • Advised various multi-nationals on specific issues privacy, e.g. transfer of personal data abroad, privacy notices for employees and agreements with data processors.
 Memberships / Directorships 
  • Chairman, Ad-hoc Committee on Data Protection, Bar Council, Malaysia
  • Member, IT and Cyberlaw Committee, Bar Council, Malaysia
  • Panellist for Domain Name Disputes, Kuala Lumpur Regional Centre for Arbitration (KLRCA)
  • Associate member, The National ICT Association of Malaysia (PIKOM)
  • Member, the Society of Computers and Law (UK)
  • Member, International Technology Law Association (USA)
 Publications 
  • Contributor, Global Cyber Incident Response and Data Breach Notification Toolkit: Cyber Incident Response and Data Breach Notification (Malaysia) and Information Security Considerations (Malaysia), 2020 Edition, Practical Law Data Privacy Advisor, published by Thomson Reuters (Professional) UK Limited.
  • Co-Author, Malaysian Chapter of the International Comparative Legal Guides (ICLG), Cybersecurity 2020, 3rd Edition (2020 Edition), published by Global Legal Group Ltd (URL: https://iclg.com/practice-areas/cybersecurity-laws-and-regulations/malaysia).
  • Co-Author, Malaysian Chapter of the International Comparative Legal Guides (ICLG), Data Protection 2019, 6th Edition (2019 Edition), published by Global Legal Group Ltd (URL: https://iclg.com/practice-areas/data-protection-laws-and-regulations/malaysia).
  • Co-Author, Malaysian Chapter of the International Comparative Legal Guides (ICLG), Cybersecurity 2019, 2nd Edition (2019 Edition), published by Global Legal Group Ltd.
  • Contributor, Malaysian Chapter of the Data Protection & Privacy: Jurisdictional Comparisons (part of the European Lawyer Reference International Series), 3rd Edition (2016 Edition), published by Thomson Reuters (Professional) UK Limited.
  • Co-Author, Data Privacy Asia Newsletter, "Data Protection Recent Developments: The "Minimum" Standards for the Security, Retention and Integrity of Personal Data and the Compounding Regulations", April 2016.
  • Contributor, Compendium on Information Network Security, Malaysian Communications and Multimedia Commission (MCMC)