Assessing the Alignment of Automotive Privacy Practices with Malaysia's PDPA
DOI:
https://doi.org/10.31436/ijpcc.v11i1.529Keywords:
Automotive, PDPA, GDPR, Privacy Policy, Keywords, ComplianceAbstract
Every day, the technology around us rapidly develops, and we see a global shift in the car industry. Despite the growth of car technology, we can see many data breaches in the car ownership life cycle. In one research by Mozilla, 84% of car brands surveyed reserve the right to share user data with third-party companies, and 76% can sell it. It has drawn a lot of attention in the car privacy industry as customers should have control over their data and privacy because of the different sensitivity levels of this data. In Malaysia, any connected device that handles personal data is subject to the Personal Data Protection Act 2010 (PDPA) which is an act that regulates the processing of personal data regarding commercial transactions. This study evaluates the compliance of automotive privacy policies with Malaysia's Personal Data Protection Act (PDPA), focusing on the privacy policies of Honda, Perodua, BMW, Nissan, Toyota, and Tesla. As connected car technologies become more prevalent, concerns regarding data privacy have intensified, necessitating strict adherence to privacy regulations. The study analyses these brands' privacy policies by extracting and evaluating keywords related to PDPA principles, such as data processing, security, retention, and data subject rights using Python keyword extraction. The extracted keywords are then used in the manual analysis for each privacy policy across PDPA. Findings reveal varying levels of compliance: Toyota emerges as the most compliant brand with a score of 2.571 out of 3, followed by Tesla at 2.285, indicating relatively high adherence to PDPA requirements. In contrast, Perodua shows the lowest compliance score at 1.428, highlighting critical gaps in data retention, security, and access principles. BMW, Honda, and Nissan demonstrate moderate compliance, scoring 1.857, 1.714, and 1.571, respectively. These results suggest that while some brands have made progress in aligning with PDPA principles, significant gaps remain in key areas, particularly in security, retention, and access, indicating a need for substantial policy revisions to improve data protection in the automotive sector.
References
Smith, A., & Jones, B. (2023). Data Privacy Challenges in the Automotive Industry: Navigating the Era of Connected Vehicles. Journal of Automotive Technology and Ethics, 15(2), 123-145.
Jen, M., Misha, R., & Zoe, M. (2023). It's Official: Cars Are Terrible at Privacy and Security. Mozilla Foundation. Retrieved from https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/
Fowler, G. A. (2022). Few Read Privacy Policies. Would They If They Were Shorter? The Washington Post. Retrieved from https://www.washingtonpost.com/business/2023/09/07/car-privacy-mozilla-report
Brown, C. (2022). Global Data Protection Regulations and Their Impact on Automotive Data Management. International Journal of Data Law, 8(1), 78-102.
Bodei, C., Costantino, G., de Vincenzi, M., Matteucci, I., & Monreale, A. (2023). Vehicle Data Collection: A Privacy Policy Analysis and Comparison. International Conference on Information Systems Security and Privacy, 626–633
Garikayi.Madzudzo, madeline.cheah, & milena.kukova. (2020). Data Protection and Connected Vehicles: Privacy Policy Analysis from a Consumer Perspective. https://doi.org/10.13140/RG.2.2.28097.17769
Prevost, S., & Kettani, H. (2019, October 23). On data privacy in modern personal vehicles. ACM International Conference Proceeding Series. https://doi.org/10.1145/3372938.3372940
Bella, G., & Biondi, P. (2023). Car Drivers’ Privacy Awareness and Concerns. https://doi.org/10.13140/RG.2.2.14411.98080
Zaeem, R. N., & Barber, K. S. (2021). The Effect of the GDPR on Privacy Policies. ACM Transactions on Management Information Systems, 12(1). https://doi.org/10.1145/3389685
Vallet, F. (2019). The GDPR and Its Application in Connected Vehicles—Compliance and Good Practices. In Lecture Notes in Mobility (pp. 245–254). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-14156-1_21
Pesé, M. D., & Shin, K. G. (2019). Survey of automotive privacy regulations and privacy-related attacks. SAE Technical Papers, 2019-April(April). https://doi.org/10.4271/2019-01-0479
Miskam, S., Sholehuddin, N., Shahwahid, F. M., Raja, T. N., Aziz, A., & Mansor, N. (2023). Data Privacy Practices of Private Higher Education Institutions in Malaysia: A Preliminary Study. Journal of Information and Communication Technology, 8(2).
Kara, I., Üniversitesi, Ç. K., Aydos, M., & Akca, A. (2020). Privacy, Security and Legal Aspects of Autonomous Vehicles.
Amur, Z. H., Hooi, Y. K., Soomro, G. M., Bhanbhro, H., Karyem, S., & Sohu, N. (2023). Unlocking the Potential of Keyword Extraction: The Need for Access to High-Quality Datasets. https://doi.org/10.3390/app
Bkakria, A., Brika, L., & Brika, L. A. (2023). A Framework for Privacy Policy Enforcement for Connected Automotive Systems.
McDonald, A. M., Reeder, R. W., Kelley, P. G., & Cranor, L. F. (2009). A Comparative Study of Online Privacy Policies and Formats.
Spalevi?, Ž., & Vi?entijevi?, K. (2022). GDPR and Challenges of Personal Data Protection
Das Chaudhury, R., & Choe, C. (2023). Digital Privacy: GDPR and Its Lessons for Australia. Australian Economic Review, 56(2), 204–220. https://doi.org/10.1111/1467-8462.12506
Alibeigi, A., & Munir, A. B. (2020). Malaysian Personal Data Protection Act: A Mysterious Application
Maria Cristina Gaeta. (2019). Data protection and self-driving cars: the consent to the processing of personal data in compliance with GDPR. 24, 1–48.
Cejas, O. A., Azeem, M. I., Abualhaija, S., & Briand, L. C. (2023). NLP-Based Automated Compliance Checking of Data Processing Agreements Against GDPR. IEEE Transactions on Software Engineering, 49(9), 4282–4303. https://doi.org/10.1109/TSE.2023.3288901
Aberkane, A. J., Poels, G., & Broucke, S. vanden. (2021). Exploring Automated GDPR-Compliance in Requirements Engineering: A Systematic Mapping Study. IEEE Access, 9, 66542–66559. https://doi.org/10.1109/ACCESS.2021.3076921
Smith, J. (2020). Compliance in the Digital Age: Methods and Models. Compliance Press.
