Assessing the alignment of automotive privacy practices with Malaysia's PDPA

Mohd Shani, Nur Shahirah Hafizah and Mansor, Hafizah (2025) Assessing the alignment of automotive privacy practices with Malaysia's PDPA. International Journal on Perceptive and Cognitive Computing, 11 (1). pp. 122-134. E-ISSN 2462-229X

PDF - Published Version Download (3MB)

Abstract

Every day, the technology around us rapidly develops, and we see a global shift in the car industry. Despite the growth of car technology, we can see many data breaches in the car ownership life cycle. In one research by Mozilla, 84% of car brands surveyed reserve the right to share user data with third-party companies, and 76% can sell it. It has drawn a lot of attention in the car privacy industry as customers should have control over their data and privacy because of the different sensitivity levels of this data. In Malaysia, any connected device that handles personal data is subject to the Personal Data Protection Act 2010 (PDPA) which is an act that regulates the processing of personal data regarding commercial transactions. This study evaluates the compliance of automotive privacy policies with Malaysia's Personal Data Protection Act (PDPA), focusing on the privacy policies of Honda, Perodua, BMW, Nissan, Toyota, and Tesla. As connected car technologies become more prevalent, concerns regarding data privacy have intensified, necessitating strict adherence to privacy regulations. The study analyses these brands' privacy policies by extracting and evaluating keywords related to PDPA principles, such as data processing, security, retention, and data subject rights using Python keyword extraction. The extracted keywords are then used in the manual analysis for each privacy policy across PDPA. Findings reveal varying levels of compliance: Toyota emerges as the most compliant brand with a score of 2.571 out of 3, followed by Tesla at 2.285, indicating relatively high adherence to PDPA requirements. In contrast, Perodua shows the lowest compliance score at 1.428, highlighting critical gaps in data retention, security, and access principles. BMW, Honda, and Nissan demonstrate moderate compliance, scoring 1.857, 1.714, and 1.571, respectively. These results suggest that while some brands have made progress in aligning with PDPA principles, significant gaps remain in key areas, particularly in security, retention, and access, indicating a need for substantial policy revisions to improve data protection in the automotive sector

Item Type:	Article (Journal)
Uncontrolled Keywords:	Automotive, PDPA, GDPR, Privacy Policy, Keywords, Compliance
Subjects:	T Technology > T Technology (General)
Kulliyyahs/Centres/Divisions/Institutes (Can select more than one option. Press CONTROL button):	Kulliyyah of Information and Communication Technology > Department of Computer Science Kulliyyah of Information and Communication Technology > Department of Computer Science
Depositing User:	Hafizah Mansor
Date Deposited:	28 Nov 2025 16:19
Last Modified:	28 Nov 2025 16:19
Queue Number:	2025-11-Q305
URI:	http://irep.iium.edu.my/id/eprint/124833

Actions (login required)

View Item