Section 129.1 of the Personal Data Protection Act (PDPA) prohibits a data user from transferring the personal data of a data subject to a place outside of Malaysia unless to places specified by the Minister, upon the recommendation of the Personal Data Protection Commissioner, by notification published in the Gazette. The Minister may specify such places that have any law in force which is substantially similar to the PDPA, serves the same purpose as the PDPA, or ensures an adequate level of protection in relation to the processing of personal data which is at least equivalent to the level of protection afforded by the PDPA. Section 129.3 of the PDPA provides exceptions whereby a data user may transfer any personal data to a place outside Malaysia if:
- the data subject has given their consent to the transfer;
- the transfer is necessary for the performance of a contract between the data subject and the data user;
- the transfer is necessary for the conclusion or performance of a contract between the data user and a third party which is entered into at the request of the data subject or is in the interests of the data subject;
- the transfer is for the purpose of any legal proceedings, obtaining legal advice or for establishing, exercising, or defending legal rights;
- the data user has reasonable grounds for believing that in all circumstances of the case, the transfer is for the avoidance or mitigation of adverse action against the data subject; it is not practicable to obtain the consent in writing of the data subject to that transfer; and where it is practicable to obtain consent, the data subject would have given their consent;
- the data user has taken all reasonable precautions and exercised all due diligence to ensure that personal data will not be processed in any manner which, if that place were Malaysia, would be a contravention of the PDPA;
- the transfer is necessary in order to protect the vital interests of the data subject; or
- the transfer is necessary as it is in the public interest in circumstances as determined by the Minister.

Malaysia has joined an agreement with binding commitments to open transfers of data across borders: the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP, Art. 14.11)

Malaysia has ratified the World Intellectual Property Organization (WIPO) Copyright Treaty.

Data protection is primarily governed by the Personal Data Protection Act 2010, Malaysia's first comprehensive personal data protection legislation. It purports to safeguard personal data by requiring data users to comply with certain obligations and confer certain rights to the data subject in relation to their personal data.

Malaysia has ratified the World Intellectual Property Organization (WIPO) Performances and Phonograms Treaty.

Section 116B(1) of the Criminal Procedure Code (Act 593) provides police officers with a warrant from a magistrate with the power to be given access to encrypted data, including through the provision of a “necessary password, encryption code, decryption code, software or hardware and any other means required to enable comprehension of the computerised data”. Failure to comply is an offence punishable by imprisonment or a fine.

In Malaysia, trade secrets and confidential information are protected by the common law tort of breach of confidential information and/or by contract. Trade secrets are protected as long as they consistently meet the eligibility for being confidential information.
According to Art. 35 of the Trade Descriptions Act, any person who discloses or makes use of any confidential information or document with respect to a particular enterprise or the affairs of an individual obtained by virtue of any provision of this Act commits an offence. The law defines confidential information as trade, business, or industrial information that belongs to any person, has economic value, and is not generally available to or known by others.

It is reported that there is an obligation for passive infrastructure sharing in Malaysia to deliver telecom services to end users.

According to Section 2.1 of the Malaysian Communications and Multimedia Commission (MCMC) Guidelines, foreign applicants must incorporate a local company to obtain a license in the telecom sector. For class licenses, there are no restrictions on foreign equity investment. However, applications for individual licenses are assessed on a case-by-case basis and are subject to certain equity restrictions. While foreign participation in the equity of Network Facility Providers (NFPs) and Network Service Providers (NSPs) can be up to 70% according to government websites, it is reported that in practice, individual licenses often require a minimum 30% Bumiputera (the majority Malay ethnic group) shareholding and foreign shareholding is capped at 49%. These equity restrictions do not apply if the license holder is a publicly listed company but do apply if the licensee is a private limited company held by a public limited company.

It is reported that Telekom Malaysia, the national telecommunications firm and a major provider of fixed-line and broadband services with an approximate market share of 95%, is subject to a foreign shareholding cap of 30% overall and 5% for individual investors.

It is reported that more than 50% of the shares of Telekom Malaysia, Malaysia's incumbent telecommunications operator, are owned by sovereign wealth funds, boards and companies linked to the government or state-owned enterprises.

It is reported that Malaysia does not mandate functional separation for operators with significant market power (SMP) in the telecom market. However, there has been an obligation of accounting separation since 2016.

Applications for individual licenses are reportedly assessed on a case-by-case basis. The Minister may grant a license based on the recommendations of the Malaysian Communications and Multimedia Commission (MCMC) under the Communications and Multimedia Act (CMA), taking into account the specified documents outlined in Regulation 7 of the Communications and Multimedia (Licensing) Regulations 2000. Applicants must submit an application to the MCMC, provide supporting documentation, and pay an application fee of RM 10,000 (approx. 2,000 USD) per individual license. The MCMC then has 60 days to evaluate the application and make a recommendation to the Minister, who has 30 days to approve it.

Malaysia has only partially appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

According to the Malaysian Communications And Multimedia Commission Act 1998, the Malaysian Communications and Multimedia Commission, the executive authority for the supervision and administration of services in the telecommunications sector, is independent from the government in the decision-making process.