Privacy Protection Policy and Online Users' Data Leakage: a Study on Malaysia's PDPA 2010

Chung, Jia Ee (2025) Privacy Protection Policy and Online Users' Data Leakage: a Study on Malaysia's PDPA 2010. Masters thesis, Tunku Abdul Rahman University of Management and Technology.

Text 62 Chung Jia Ee (MMC).pdf Restricted to Registered users only Download (977kB)

Abstract

The rapid development of digital media has significantly facilitated daily communication activities, making it an integral part of modern life. However, this widespread usage introduces significant risks, including cyberattacks, data breaches, malware, and privacy concerns. Effective prevention of these threats requires a multifaceted approach involving technical solutions, education, awareness, and robust security policies and procedures. The Personal Data Protection Act 2010 (PDPA 2010) can be summarised into three key aspects, which are Foundational Framework, Evolution of Business Maturity, and Building Trust in the Online Community. The PDPA 2010 serves as a foundational framework, providing comprehensive guidelines and regulations for the appropriate handling of personal data by data users. This framework prioritises individual privacy and data security, enabling users to make informed decisions when utilising their personal data. Additionally, the PDPA’s key principles and rights influence companies’ practices and behaviour, promoting transparency, accountability, and data protection in the digital realm. However, it also exhibits several weaknesses, particularly in the context of the evolving Internet landscape. Although it offers basic protection, its effectiveness is limited, with companies often adhering to it more out of fear of penalties than a genuine commitment to data privacy. Key issues with the PDPA 2010 include its exclusion of government agencies, limitations to commercial transactions, lack of proactive enforcement, insufficient penalties for non-compliance, etc. These shortcomings are further exacerbated by the PDPA’s inability to adapt to technological advancements and address the digital divide. Enhanced cooperation between agencies, increased awareness and training, particularly in rural areas, and learning from frameworks like the European Union’s General Data Protection Regulations (GDPR) are essential for improving Malaysia’s data protection landscape. This study employs documentary analysis and in-depth interviews to explore the performance and approaches of the PDPA 2010. Six interviewees from diverse professional fields, including ICT professionals, legal practitioners, and academics, were interviewed to gather insights for the study. Both purposive and snowball sampling methods were employed to identify and select the interviewees. The findings highlight the PDPA’s strengths and weaknesses in protecting online users from personal data leakage and suggest possible improvements for better privacy protection. Institutionalism is utilised to illustrate how institutional structures and norms impact the PDPA's effectiveness. Institutional Isomorphism suggests that aligning with international standards and fostering a more inclusive approach could significantly enhance Malaysia’s data protection framework. The study concludes with recommendations for strengthening policies, laws, and procedures to better safeguard personal data in the digital age. Keyword: Data Protection, Internet, Malaysia, PDPA 2010, Privacy Policy