Photo - Deepak Pillai (1).jpg

Deepak Pillai


Practice Area:

Technology, Media & Telecommunications
Data Privacy & Protection

BA (Law), University of Durham, UK
Advocate & Solicitor, High Court of Malaya

T +603 2273 1919 / +603 2267 2675

Deepak heads Christopher & Lee Ong’s Technology, Media and Telecommunications, and Data Privacy & Protection Practice Group. He has been practising exclusively in the areas of technology and telecommunications law and data protection since 1997 and is acknowledged as a leading technology and telecommunications lawyer in Malaysia.

Deepak advises clients on matters relating to information technology ("IT") contracts, electronic commerce, online financial services, outsourcing, telecommunications, IT security, data protection and digital media.

He advises a wide array of international, private and public sector clientele in addressing the commercial, regulatory and policy issues relating to information and communications technology law, ranging from negotiating complex information technology contracts to advising public sector agencies on proposed technology related legislation and policies.

Deepak has been consecutively listed by the established legal directories as a leading individual in the area of IT and telecommunications since 2001. He is listed on Asia Business Law Journal’s Top 100 Malaysian Lawyers to Watch, and is the only Band 1 leading lawyer to be ranked for Technology, Media & Telecoms by Chambers Asia-Pacific. Deepak is also ranked as a Tier 1 leading individual for TMT by The Legal 500 Asia Pacific.

He is described by clients of the firm as "the most recognised IT specialist in Malaysia", and "pioneering the practice of IT law as a discrete area of law in Malaysia... almost single-handedly educating the market" and "he has an innate understanding of technology related issues whether from the legal or the business standpoint".

  • Appointed by one of the three entities granted conditional approval (“Client”) by the Securities Commission Malaysia ("SC"), to advise them on meeting the SC’s conditions in relation to the operation of their digital asset exchanges (“DAX”) platform. This matter is significant as the recognition of DAX broadens the range of digital investment opportunities available to Malaysians and provides the basic legal framework for market operators that previously conducted business without regulation and at the consumer’s own risk.
  • Appointed by one of Malaysia’s largest reinsurers to review and negotiate the services and service level agreement for provisioning of cloud services under an Infrastructure as a Service ("IaaS") arrangement for a Client who is regulated by the Central Bank of Malaysia, and hence was required to comply with prescribed guidelines and standards.
  • Appointed by a leading Malaysian universal bank to advise, review and negotiate legal documentation for the provisioning of cloud services under a Software as a Service ("SaaS") as well as a Platform as a Service ("PaaS") arrangement.
  • Appointed by a globally renowned social media platform operator to render comprehensive regulatory and compliance legal advice for a range of products across various sectors, while also advising on liability and enforcement risks for the client as an online marketplace provider. Additionally, we also provided regulatory and compliance advice for foreign-sourced products, addressing challenges related to liability for sellers.
  • Engaged by a German multinational pharmaceutical and life sciences company to advise on the legal and regulatory approvals and requirements in relation to its digital farming project, which involves the use and operation of drones to apply crop protection products in fields and to collect Agricultural Data related to plant production. This cross-border matter included multiple jurisdictions including Malaysia, Indonesia, Vietnam, Philippines, Thailand, Cambodia, and Myanmar.
  • Engaged by a Malaysian universal bank to advise them on their proposed acquisition of (by way of a collaboration / joint venture for the development or for the exclusive licensing or use) a novel software program in Malaysia which comprises the use of principally open-source software ("OSS") together with certain proprietary software as constituent parts.
  • Engaged by a global provider of enterprise software support products and services listed on NASDAQ, to assist in assessing whether the client’s online SAP maintenance and support services provided to Malaysian businesses would be subject to digital service tax, following the introduction a new digital service tax in Malaysia, pursuant to amendments to the Service Tax Act 2018.
  • Advised a Canadian multinational financial services company in relation to the use of electronic signatures in Malaysia.
  • Advised Malaysia’s largest financial services group on the first consumer and corporate Internet Banking service.
  • Advised a South Korean video game developer and publisher in respect of their proposed use of tokens for their gaming platform, in particular on the legal expiration date for the use of its gaming tokens by end users in Malaysia.
  • Appointed a global data technology provider in relation to the setting up, configuration, operationalisation and maintenance of a Digital Free Trade Zone ("DFTZ") e-Services Platform. The DFTZ e-Services Platform is integrated with other business and government service platforms to facilitate a paperless, end-to-end data capture, data storage, data exchange and data analytics process in order to facilitate the B2B and B2C internet trade activities.
  • Assisted a Fortune 500 multinational technology company to prepare a comprehensive briefing paper to seek qualifying foreign government status for the purpose of the US Clarifying Lawful Overseas Use of Data Act ("US CLOUD Act"), which essentially authorises the US government to compel disclosure of electronic communications or data upon request if stored by a US-based company, regardless of the data location.
  • Advised the chosen concessionaire of the insurance industry on the structuring and setting up Malaysia’s nationwide on-line automotive insurance claims system.
  • Advised the Government of Malaysia on its legal policy and drawing up the guidelines in relation to the adoption and use of open-source software within the public sector.
  • Advised the Government of Malaysia as to the drawing up of Malaysia’s domain name dispute resolution procedure and rules ("MYDRP") for the .my internet domain.
  • Advised a national security agency on the legislative framework applicable to cyber activities in Malaysia as part of a cross-governmental working group initiative.
  • Engaged by Malaysia’s national cyber security specialist agency under the Ministry of Communications and Multimedia Malaysia to assist with the preparation of the set of terms and conditions for the use of the Malaysian Vulnerability Database Management System Platform.
  • Advised a technology company on their proposed rollout of the services in Malaysia and appointed as lead counsel for a multi-jurisdictional legal and regulatory assessment which included obtaining legal advice from our counterpart offices in Singapore, Thailand and Indonesia.
  • Assisted the largest mobile network operator in Singapore with regards to regulatory advice on the licensing requirements for a new cross-border mobile payments scheme in Malaysia, which would also be operated in several other jurisdictions.
  • Advised a European multinational engineering and technology company to provide legal advice on two online portals operated by the client – a developer portal for software developers to subscribe to Software as a Service ("SaaS") offerings and a marketplace to place orders for Internet of Things products, support services and bundle packages for various offerings.
  • Represented the Selangor State Government in implementing a state-wide network of CCTV cameras for the purposes of security and traffic monitoring via a BLT arrangement.
  • Assisted a Malaysian universal bank on its proposed digitalisation of its banking processes and documentation, in particular its proposed offering of loan products and hire purchase products based on a “straight through process” via its digital platform.
  • Advised an American Fortune 500 multinational technology company on the laws and regulations applicable to the use of the cloud version of its services by companies specifically in the telecommunications and media sector.
  • Acted for several Malaysian financial services groups in negotiating their respective contracts for the replacement of their core banking systems, and the relevant licensing, support and maintenance agreements.
  • Advised and acted for several Malaysian financial services groups in negotiating a variety of outsourcing arrangements, including but not limited to the outsourcing of IT infrastructure, application management, security services, self-service terminals and the transfer of the relevant staff.
  • Advised and acted for a financial group in negotiating the first central bank approved co-location of primary IT infrastructure with a global service provider.
  • Advised Malaysia’s largest financial services group on the front and back-end agreements required in order to implement and roll out several mobile applications on a regional basis.
  • Advised a Malaysian universal bank to assist on the consultation exercise conducted by the Ministry of Domestic Trade, Co-operatives and Consumerism in respect of a comprehensive review of the Electronic Commerce Act 2006.
  • Advised a major Malaysian telecommunications provider as to the implementation of digital signatures in accordance with Digital Signature Act 1997 and the Electronic Commerce Act 2006 for the purpose of a mobile content development service.
  • Advised a global hardware and services provider on their cloud services offering for the Malaysian market, including addressing regulatory obstacles, requirements of specific sectors and the applicable terms and conditions.
  • Advised and represented an MSC status company on the structuring and setting up of an E-Passport issuance and management service in the Kingdom of Cambodia.
  • Advised a publicly listed IT Solutions provider on the structuring and setting up of the commercial and transactional framework for the provision and issuance of National Identity Cards on a BOT model in the Republic of Indonesia.
  • Advised the Malaysian Intellectual Property Office ("MyIPO")  in the drafting of various agreements required for setting up an online intellectual property marketplace for the listing, valuation and trading of intellectual property.
  • Rendered Malaysia-specific regulatory and legal advice to a global travel and accommodation service provider.
  • Acted for a government backed applied IT research and development centre and dratted their standard agreements for collaboration, research, development, technology acquisition and licensing.
  • Advised a Malaysian universal bank with a presence throughout the ASEAN region on ensuring the adoption of electronic signatures under the Electronic Commerce Act 2006 ("ECA") and digital signatures under the Digital Signature Act 1997 ("DSA") as a means of getting around the reduced physical interaction between customers and the bank in the short term and also to aid the bank’s long term digitalisation drive.
  • Advised on the possible use of electronic bills of lading in Malaysia, from a Malaysian legal perspective as well as our understanding and insights of the current Malaysian industry practices, indicating an important milestone in the global shipping industry wherein there is a move from conventional bills of lading to a fully electronic system of e-bills of lading which would revolutionise the global shipping industry.
  • Appointed by a leading global tech conglomerate to conduct a third country transfer risk assessment on the adequacy of Malaysia’s data protection laws, pursuant to the European Union Court of Justice’s decision in the case of Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (Case C-311/18), also known as the Schrems II case.
  • Appointed by one of the top three largest banks in Malaysia to act as its external legal counsel for the development and regional implementation of its newly upgraded core online banking platform which replaces the existing platform to feature better user experience across multiple business segments and user personas.
  • Advised the sole appointed administrator of the deposit insurance system in Malaysia on all aspects and legal considerations pertaining to the subscription and use of cloud services and potential contractual implications which could arise from the subscription and procurement of cloud services.
  • Assisted and provided responses for a multi-jurisdictional questionnaire, legal advice and due diligence work concerning the launch of a highly confidential product, by a globally recognised technology manufacturer, in Malaysia (amongst other jurisdictions).
  • Acted as the external legal counsel for a SPV in the telecommunications industry owned by the Malaysian government, on the deployment of In Building Solutions ("IBS") in approximately 250 buildings/sites approved by the Malaysian Communications and Multimedia Commission ("MCMC") in connection with the nationwide 5G rollout in Malaysia.
  • Acted as Malaysian counsel for a foreign telecommunications company in relation to the provision of regulatory advice on the allocation of spectrum for satellite services and liaising with the Malaysian Communications and Multimedia Commission on behalf of the client with regards to the relevant applications.
  • Engaged by a Global Fortune 500 Japanese telecommunications operator to advise on the applicable licensing and regulatory requirements under Malaysian telecommunications laws, in respect of its operation of SD-WAN (i.e., software-defined networking in a wide area network) services, and provision of internet access services, in Malaysia.
  • Appointed by one of the pioneer mobile operators in Malaysia to advise them in relation to a spectrum sharing arrangement made pursuant to a Master Collaboration Agreement between the client and its affiliate.
  • Represented clients and participated in the drafting of the subsidiary legislation to the Communications and Multimedia Act 1998.
  • Participated in setting up the Communications and Multimedia Content Forum of Malaysia and the drafting of the Malaysian Communications and Multimedia Content Code.
  • Acted for a consortium of companies on the implementation of Mobile Number Portability in Malaysia and negotiated the various agreements between the Malaysian Communications and Multimedia Commission, mobile operators and the consortium partners.
  • Advised a leading big data and AI software development company in Asia on potential legal and regulatory restrictions on its planned rollout of an identity verification product to enterprise clients in Malaysia which utilises web crawlers on certain third-party data sources.
  • Advised a registered Initial Exchange Offering ("IEO") operator with the Securities Commission on legal issues, and agreement drafting and finalisation between the Client and the third-party vendor in relation to the development, purchase, and maintenance of a multi asset digital fundraising, investment, and custodian platform, using blockchains and smart contracts as the underlying technology of its IEO offering / service.
  • Appointed by the Malaysian subsidiary of a Fortune 500 company providing end-to-end network services, IT solutions and data centres for multinational corporations, to advise on data transfer requirements and restrictions that may impact the intended outsourcing exercise of its back-end functions.
  • Advised and represented clients in discussions with the Malaysian Communications and Multimedia Commission in relation to the five-year periodic review of the Numbering and Electronic Addressing Plan.
  • Advised on a joint venture agreement to build and operate a state-wide next generation network for the state of Penang, inclusive of drafting the relevant agreements.
  • Advised the administrator of the .my domain on the re-delegation of the management of the .my domain name space and obtained the relevant regulatory consents from the Malaysian Communications and Multimedia Commission and ICANN.
  • Advised various multinational telecommunication companies and service providers on the regulatory and licensing requirements of the Malaysian telecommunications industry, including their respective applications for various licences under the Malaysian Communications and Multimedia Act 1998.
  • Appointed by the Client to provide additional legal advice and assistance in relation to the ongoing operational and compliance requirements of the Client’s rollout of Satellite Internet Services in Malaysia.
Data Privacy & Protection 
  • Appointed by a leading global tech conglomerate that has been described as one of the most influential economic and cultural forces in the world and one of the world’s most valuable brands, to conduct a third country transfer risk assessment on the adequacy of Malaysia’s data protection laws.
  • Appointed by an English manufacturer of luxury sports cars and grand tourers intending to roll out connected cars in Malaysia to advise on the regulatory requirements and approvals in relation the PDPA 2010 and personal data which may be collected, transferred, stored, and processed by the connected cars. We also advised on the applicability of telecommunications licences and certification requirements in relation to the provision of certain telecommunication components of the connected cars.
  • Acted as Malaysian counsel for an e-commerce platform in relation to a multi-jurisdictional data breach incident. This included advising them on data breach notification requirements in Malaysia and represented the client in communications with the Personal Data Protection Commissioner.
  • Acted as Malaysian counsel to a large Chinese digital payment platform on its proposed global risk control program from data protection and financial regulatory perspective, and assisted in drawing up template documentation to enable transfers of personal data and financial data from merchant acquiring entities of the Group (across various jurisdictions in Asia) to its centralised centre in Singapore.
  • Acted for the Data User Forum for the Communications and Multimedia Sector ("Forum"). The Forum includes key players in the Malaysian communications sector, including Malaysia’s largest telecommunications and mobile operator service providers, broadcasting television network, and Malaysia’s largest converged communications service provider, to name a few. We were engaged to draft the Personal Data Protection Code of Practice for Licensees Under the Communications and Multimedia Act 1998. We were also engaged by the Forum to review and provide feedback on the Public Consultation Paper for The Implementation of Data Breach Notification issued by the Commissioner in August 2018.
  • Appointed by The Association of Banks in Malaysia to conduct a review and assessment on the applicability and impact of the EU’s General Data Protection Regulation ("GDPR") to Malaysian banks and financial institutions.
  • Appointed by The Association of Banks in Malaysia to assist in a public consultation exercise on the review of the Malaysian Personal Data Protection Act 2010 ("PDPA"). This included assisting the client in forming their feedback to the Personal Data Protection Commissioner on the proposed amendments to the PDPA, based on the industry’s business and operational needs.
  • Advised one of the leading global insurers in the Malaysian market in respect of the discovery of a potential data breach incident arising from their internal system error during the processing of customers’ claims.
  • Represented a leading global beauty-retail chain in relation to their data breach incident, acting as the contact point between the client and the Personal Data Protection Commissioner. Successfully mitigated the client’s exposure to the PDPA and imposition of penalties, in respect of the discovery of a data breach incident involving their e-commerce database, serving approximately 1.9 million of its e-commerce customers across Southeast Asian countries, as well as Hong Kong SAR, Australia and New Zealand.
  • Engaged by a leading e-commerce platform in Southeast Asia to advise on the data protection considerations in respect of a proposed collaboration with one of the largest commercial banks in Malaysia to launch a co-branded credit card.
  • Engaged by a Fortune 500 Malaysian oil and gas company to assist them for a period of one year to advise and closely assist in the implementation of the group-wide data protection compliance framework, in view of the coming into force of the EU General Data Protection Regulation ("GDPR"). During our engagement, we liaised with their ad hoc data protection working committee, their appointed management consultant for the purpose of risk assessment, and several EU data protection legal counsel to develop and implement a bespoke data protection compliance framework for the client and its group of companies, comprising more than 400 operating companies and subsidiaries worldwide.
  • Advised one of the largest online payment gateway service providers in Malaysia, who had fallen victim to a cybersecurity breach, orchestrated by an unidentified perpetrator, on the risk exposure and potential liability arising from the outsourcing of functions and agreements entered in, as well as their regulatory exposure under the Personal Data Protection Act 2010.
  • Assisted a multinational Fortune 500 oil & gas company in rendering legal advice pertaining to the management and containment of several separate incidents involving personal data breaches and on its notification obligations to the Personal Data Protection Commissioner, the Royal Malaysia Police and affected individuals
  • Preparing and providing the IT industry response to the Personal Data Protection legislation proposed by the Malaysian Government in 1999.
  • Advised a broad range of institutional clientele on compliance with the Malaysian Personal Data Protection Act 2010 prior to its enactment, including conducting audits of their personal data collection practices, making recommendations for compliance, amending their relevant agreements, drawing up relevant policies and procedures.
  • Represented the banking and financial sector in drawing up a mandatory industry code of practice which shall have the force of law upon approval of the Privacy Commissioner.
  • Advised various multinationals on specific issues privacy, e.g., transfer of personal data abroad, privacy notices for employees and agreements with data processors.
  • Represented the communications and broadcasting sector in drawing up a mandatory industry code of practice which shall have the force of law upon approval of the Privacy Commissioner.
  • Advised on a multi-jurisdictional fundraising exercise for a subsidiary of a prominent airline group, involving the utilization of contractual rights over data (including personal data) as collateral for a substantial USD loan. We also conducted extensive research to guide the client on the feasibility of assigning contractual rights over personal data under the Malaysian PDPA 2010.
  • Advised the operator and provider of centralised information sharing platforms and services for conventional insurers and takaful operators (Islamic insurers) in Malaysia on the legal feasibility of a proposed integration project that aimed to integrate an existing database maintained by a trade association in Malaysia for life insurers and takaful operators with the Client’s centralised automated claims and underwriting exchange, from a data protection perspective.
 Memberships / Directorships 
  • Chairman, Ad hoc Committee on Data Protection, Bar Council, Malaysia
  • Member, IT and Cyberlaw Committee, Bar Council, Malaysia
  • Panellist for Domain Name Disputes, Kuala Lumpur Regional Centre for Arbitration ("KLRCA")
  • Associate Member, The National ICT Association of Malaysia ("PIKOM")
  • Member, The Society of Computers and Law (UK)
  • Member, International Technology Law Association (USA)