Search results

General Data Protection Regulation (GDPR) of the European Union (EU) was passed to protect data privacy. Though the GDPR intended to address issues related to data privacy in the EU, it created an extra-territorial effect through Articles 3, 45 and 46. Extra-territorial effect refers to the application or the effect of local laws and regulations in another country. Lawmakers around the globe passed or intensified their efforts to pass laws to have personal data privacy covered so that they meet the adequacy requirement under Articles 45–46 of GDPR while providing comprehensive legislation locally. This study aims to analyze the Malaysian and Saudi Arabian legislation on health data privacy and their adequacy in meeting GDPR data privacy protection requirements.

The research used a systematic literature review, legal content analysis and comparative analysis to critically analyze the health data protection in Malaysia and Saudi Arabia in comparison with GDPR and to see the adequacy of health data protection that could meet the requirement of EU data transfer requirement.

The finding suggested that the private sector is better regulated in Malaysia than the public sector. Saudi Arabia has some general laws to cover health data privacy in both public and private sector organizations until the newly passed data protection law is implemented in 2024. The finding also suggested that the Personal Data Protection Act 2010 of Malaysia and the Personal Data Protection Law 2022 of Saudi Arabia could be considered “adequate” under GDPR.

The research would be able to identify the key principles that could identify the adequacy of the laws about health data in Malaysia and Saudi Arabia as there is a dearth of literature in this area. This will help to propose suggestions to improve the laws concerning health data protection so that various stakeholders can benefit from it.

This study explores the link between ISO 9001 certification, personal data protection and firm performance using financial balance sheet and survey data. The security aspect of data protection is analyzed based on the major requirements of the General Data Protection Regulation and mapped to the relevant controls of the ISO/IEC 27001/27002 standards.

The research analysis is based on 96 ISO 9001–certified and non-certified publicly traded manufacturing and service firms that responded to a structured questionnaire. The authors develop and empirically test their theoretical model using the structural equation modeling technique and follow a difference-in-differences econometric modeling approach to estimate financial performance differences between certified and non-certified firms accounting for the level of data protection.

The estimates indicate three core dimensions in the areas of “policies, procedures and responsibilities,” “access control management” and “risk-reduction techniques” as desirable components in establishing the concept of data security. The estimates also suggest that the data protection level has significantly impacted the performance of certified firms relative to the non-certified. Controlling for the effect of industry-level factors reveals a positive relationship between data security and high-technological intensity.

The results imply that improving the level of compliance to data protection enhances the link between certification and firm performance.

This study fills a gap in the literature by empirically testing the influence of data protection on the relationship between quality certification and firm performance.

Personal data is a powerful tool. The more someone know about us, the more power they got over us. But who will control the most of our personal data? Does the government and the big tech really care about our personal data? This paper aims to look at data practices, data-related policy making as well as its economic consequences in the context of emerging economies.

Using qualitative methods such as literature review and analysis of numerous government documents, this paper inquires into the dynamics in the use of data by the business sectors, explains how data governance can add value to the business sectors while ensuring customers’ data privacy protection based on the data governance mechanism framework and details what it takes.

Using the case of Indonesian recent development on data privacy regulation, this paper describes the problems and threats to personal data protection. The advent of latest computing and mobile technology is shifting power relations between the governments, the big tech, as well as the end users. To conclude, the strategy and policy recommendations for implementing data privacy protection are also presented.

This paper provides a timely synthesis of data practices in the context of developing countries, particularly in relation to policy making and economic consequences. This paper also identifies and shares several promising future research ideas.

This paper aims to examine the probable effect of the General Data Protection Regulation of the European Union on the transfer of financial intelligence to a third country without an adequacy decision.

This is an analytical study of the financial intelligence exchange mechanisms between the Bangladesh Financial Intelligence Unit (BFIU) and its foreign counterparts. The research analyses the key challenges this national agency faces in using the Egmont Group membership to import financial intelligence from jurisdictions with a superior data protection regime.

Membership in the Egmont Group of Financial Intelligence Units does not guarantee unrestricted international intelligence exchange. Existing data protection regulations in Bangladesh are inadequate. This may forbid the transfer of the financial intelligence linked to European Union (EU) data subjects to Bangladesh.

This paper does not cover a thorough discussion on any specific alternative tools for data transfer from the EU to a third country except for “appropriate safeguards” options.

The results of this study will help understand the existing legal and institutional limitations that may prevent intelligence exchange between the BFIU and its EU counterparts.

The study helps ascertain the legislative reform necessary in Bangladesh, a third country, to facilitate the transfer of financial intelligence from the EU.

Research on online user privacy shows that empirical evidence on how privacy literacy relates to users' information privacy empowerment is missing. To fill this gap, this paper investigated the respective influence of two primary dimensions of online privacy literacy – namely declarative and procedural knowledge – on online users' information privacy empowerment.

An empirical analysis is conducted using a dataset collected in Europe. This survey was conducted in 2019 among 27,524 representative respondents of the European population.

The main results show that users' procedural knowledge is positively linked to users' privacy empowerment. The relationship between users' declarative knowledge and users' privacy empowerment is partially supported. While greater awareness about firms and organizations practices in terms of data collections and further uses conditions was found to be significantly associated with increased users' privacy empowerment, unpredictably, results revealed that the awareness about the GDPR and user’s privacy empowerment are negatively associated. The empirical findings reveal also that greater online privacy literacy is associated with heightened users' information privacy empowerment.

While few advanced studies made systematic efforts to measure changes occurred on websites since the GDPR enforcement, it remains unclear, however, how individuals perceive, understand and apply the GDPR rights/guarantees and their likelihood to strengthen users' information privacy control. Therefore, this paper contributes empirically to understanding how online users' privacy literacy shaped by both users' declarative and procedural knowledge is likely to affect users' information privacy empowerment. The study empirically investigates the effectiveness of the GDPR in raising users' information privacy empowerment from user-based perspective. Results stress the importance of greater transparency of data tracking and processing decisions made by online businesses and services to strengthen users' control over information privacy. Study findings also put emphasis on the crucial need for more educational efforts to raise users' awareness about the GDPR rights/guarantees related to data protection. Empirical findings also show that users who are more likely to adopt self-protective approaches to reinforce personal data privacy are more likely to perceive greater control over personal data. A broad implication of this finding for practitioners and E-businesses stresses the need for empowering users with adequate privacy protection tools to ensure more confidential transactions.

The Regulatory Technology (RegTech) is said to be the use of information technology for regulatory monitoring, reporting and compliance. It is used to solve regulatory and compliance issues more effectively and efficiently. Regulators with the digitization of regulation and datafication of processes would get empowered to manage volumes of data. RegTech would assist them in understanding innovative products, transactions, risks, reporting and any market manipulation activities in real time. For successful use of RegTech, the regulatory framework of a country should be comprehensive to address issues that may arise in the use of RegTech. Thus, the purpose of this article is to analyze the adequacy of the Saudi Arabian legal framework to address RegTech adoption.

The researcher using logical analysis method analyzed the available laws and interpreted the law to see the applicability and the adequacy of laws to regulate the use of RegTech in Saudi Arabia. The content analysis was also used in this research to analyze the literature. This analysis helped to explain the available literature on the research topic and its relevancy and the gap in literature.

The analysis using the logical and content methodologies shows that Saudi Arabia has general law to address some of the issues that might arise in the adoption of RegTech. Nonetheless, amending some of the existing laws or introducing guidelines could help better uplift of RegTech and similar technologies in Saudi Arabia.

As businesses and regulatory authorities embrace technology for better and efficient delivery of services and products in Saudi Arabia, the research is timely to analyze the adequacy of the laws in Saudi Arabia for adoption of RegTech. In the use of RegTech, issues related to privacy, due diligence, accountability and transparency could arise, however, there is a dearth of literature in these areas relating to technology adoption.

The general data protection regulation (GDPR) was designed to address privacy challenges posed by globalisation and rapid technological advancements; however, its implementation has also introduced new hurdles for companies. This study aims to analyse and synthesise the existing literature that focuses on challenges of GDPR implementation in business enterprises, while also outlining the directions for future research.

The methodology of this review follows the preferred reporting items for systematic reviews and meta-analysis guidelines. It uses an extensive search strategy across Scopus and Web of Science databases, rigorously applying inclusion and exclusion criteria, yielding a detailed analysis of 16 selected studies that concentrate on GDPR implementation challenges in business organisations.

The findings indicate a predominant use of conceptual study methodologies in prior research, often limited to specific countries and technology-driven sectors. There is also an inclination towards exploring GDPR challenges within small and medium enterprises, while larger enterprises remain comparatively unexplored. Additionally, further investigation is needed to understand the implications of emerging technologies on GDPR compliance.

This study’s limitations include reliance of the search strategy on two databases, potential exclusion of relevant research, limited existing literature on GDPR implementation challenges in business context and possible influence of diverse methodologies and contexts of previous studies on generalisability of the findings.

The originality of this review lies in its exclusive focus on analysing GDPR implementation challenges within the business context, coupled with a fresh categorisation of these challenges into technical, legal, organisational, and regulatory dimensions.

The purpose of this paper is to try to reach the main factors that could put national security at risk as a result of government cloud computing programs.

The paper adopts the analytical approach to first lay foundations of the relation between national security, cybersecurity and cloud computing, then it moves to analyze the main vulnerabilities that could affect national security in cases of government cloud computing usage.

The paper reached several findings such as the relation between cybersecurity and national security as well as a group of factors that may affect national security when governments shift to cloud computing mainly pertaining to storing data over the internet, the involvement of a third party, the lack of clear regulatory frameworks inside and between countries.

Governments are continuously working on developing their digital capacities to meet citizens’ demands. One of the most trending technologies adopted by governments is “cloud computing”, because of the tremendous advantages that the technology provides; such as huge cost-cutting, huge storage and computing capabilities. However, shifting to cloud computing raises a lot of security concerns.

The value of the paper resides in the novelty of the topic, which is a new contribution to the theoretical literature on relations between new technologies and national security. It is empirically important as well to help governments stay safe while enjoying the advantages of cloud computing.

The management of consumer privacy has become a critical concern for organizations in the age of artificial intelligence–powered marketing. The impact of data on the market environment has brought both benefits and challenges, with marketers gaining valuable insights but also raising privacy concerns. As artificial intelligence–powered marketing advances, consumer vulnerability increases due to the sensitivity of collected data. This vulnerability leads some consumers to resort to falsifying information, posing a significant threat to the digital economy. Privacy empowerment and customer control play a vital role in addressing these challenges. This chapter explores the influencing factors and ethical considerations surrounding data falsification. It also discusses strategies to mitigate perceived vulnerability through privacy controls and explores the consequences of data breaches and customer vulnerability. The chapter further emphasizes the need for organizations to balance benefits, risks, and customer trust while harnessing the value of customer data. An ethical framework for data privacy marketing audits is proposed to help organizations assess their data practices responsibly and competitively. By integrating personal data protection strategies within an ethical framework, organizations can protect consumer privacy, enhance customer trust, and maintain their competitive edge in the market.

This study aims to analyze the platforming scenario at a Brazilian university as well as the data security process for students and professors.

This research brings an analysis through a qualitative approach of the platformization process in a Brazilian teaching institution.

The results point to a lack of knowledge on the part of teachers regarding data security in the platforming scenario, as well as the lack of effectiveness of institutions in protecting student data.

Within the Brazilian scenario, this research seeks to contribute to the discussion on platformization in view of the gaps and existing demands on this process in the country.