Data privacy and security issues in e-wallet services in Malaysia

Abstract

E-wallets have emerged as the leading fintech product in Malaysia, offering seamless and convenient payment services. Their popularity has been encouraged by the Malaysian government through various initiatives. However, this rise in e-wallet usage has also brought forth new data privacy and security challenges. E-wallet providers collect and process significant amounts of personal data, unlocking its value through artificial intelligence (AI) and automated decision-making. While automation presents opportunities for improved business decisions, it also poses a risk to privacy. Furthermore, the need to protect and maintain this valuable data raises concerns about Malaysia's existing data protection laws, specifically the Personal Data Protection Act 2010 (PDPA). This study aims to assess the effectiveness of Malaysia's current legal framework for e-wallets in Malaysia by examining relevant regulations. By incorporating doctrinal legal research and comparative studies from other jurisdictions, this research finds that the current Malaysian data protection law is insufficient in addressing the data processing challenges presented by e-wallets. It is necessary to strengthen the legal framework by selectively adopting key provisions of the European Union General Data Protection Regulation (GDPR) and the Singapore Personal Data Protection Act 2012 to support the growth of e-wallets while safeguarding user privacy and investor interests. This research suggests a model that Malaysia should adopt to strengthen its legal framework and align it with international data protection standards, thereby giving Malaysian e-wallet providers a competitive edge in the global market.