Search results
1 – 10 of 271Jawahitha Sarabdeen and Mohamed Mazahir Mohamed Ishak
General Data Protection Regulation (GDPR) of the European Union (EU) was passed to protect data privacy. Though the GDPR intended to address issues related to data privacy in the…
Abstract
Purpose
General Data Protection Regulation (GDPR) of the European Union (EU) was passed to protect data privacy. Though the GDPR intended to address issues related to data privacy in the EU, it created an extra-territorial effect through Articles 3, 45 and 46. Extra-territorial effect refers to the application or the effect of local laws and regulations in another country. Lawmakers around the globe passed or intensified their efforts to pass laws to have personal data privacy covered so that they meet the adequacy requirement under Articles 45–46 of GDPR while providing comprehensive legislation locally. This study aims to analyze the Malaysian and Saudi Arabian legislation on health data privacy and their adequacy in meeting GDPR data privacy protection requirements.
Design/methodology/approach
The research used a systematic literature review, legal content analysis and comparative analysis to critically analyze the health data protection in Malaysia and Saudi Arabia in comparison with GDPR and to see the adequacy of health data protection that could meet the requirement of EU data transfer requirement.
Findings
The finding suggested that the private sector is better regulated in Malaysia than the public sector. Saudi Arabia has some general laws to cover health data privacy in both public and private sector organizations until the newly passed data protection law is implemented in 2024. The finding also suggested that the Personal Data Protection Act 2010 of Malaysia and the Personal Data Protection Law 2022 of Saudi Arabia could be considered “adequate” under GDPR.
Originality/value
The research would be able to identify the key principles that could identify the adequacy of the laws about health data in Malaysia and Saudi Arabia as there is a dearth of literature in this area. This will help to propose suggestions to improve the laws concerning health data protection so that various stakeholders can benefit from it.
Details
Keywords
Christine Prince, Nessrine Omrani and Francesco Schiavone
Research on online user privacy shows that empirical evidence on how privacy literacy relates to users' information privacy empowerment is missing. To fill this gap, this paper…
Abstract
Purpose
Research on online user privacy shows that empirical evidence on how privacy literacy relates to users' information privacy empowerment is missing. To fill this gap, this paper investigated the respective influence of two primary dimensions of online privacy literacy – namely declarative and procedural knowledge – on online users' information privacy empowerment.
Design/methodology/approach
An empirical analysis is conducted using a dataset collected in Europe. This survey was conducted in 2019 among 27,524 representative respondents of the European population.
Findings
The main results show that users' procedural knowledge is positively linked to users' privacy empowerment. The relationship between users' declarative knowledge and users' privacy empowerment is partially supported. While greater awareness about firms and organizations practices in terms of data collections and further uses conditions was found to be significantly associated with increased users' privacy empowerment, unpredictably, results revealed that the awareness about the GDPR and user’s privacy empowerment are negatively associated. The empirical findings reveal also that greater online privacy literacy is associated with heightened users' information privacy empowerment.
Originality/value
While few advanced studies made systematic efforts to measure changes occurred on websites since the GDPR enforcement, it remains unclear, however, how individuals perceive, understand and apply the GDPR rights/guarantees and their likelihood to strengthen users' information privacy control. Therefore, this paper contributes empirically to understanding how online users' privacy literacy shaped by both users' declarative and procedural knowledge is likely to affect users' information privacy empowerment. The study empirically investigates the effectiveness of the GDPR in raising users' information privacy empowerment from user-based perspective. Results stress the importance of greater transparency of data tracking and processing decisions made by online businesses and services to strengthen users' control over information privacy. Study findings also put emphasis on the crucial need for more educational efforts to raise users' awareness about the GDPR rights/guarantees related to data protection. Empirical findings also show that users who are more likely to adopt self-protective approaches to reinforce personal data privacy are more likely to perceive greater control over personal data. A broad implication of this finding for practitioners and E-businesses stresses the need for empowering users with adequate privacy protection tools to ensure more confidential transactions.
Details
Keywords
Yelena Smirnova and Victoriano Travieso-Morales
The general data protection regulation (GDPR) was designed to address privacy challenges posed by globalisation and rapid technological advancements; however, its implementation…
Abstract
Purpose
The general data protection regulation (GDPR) was designed to address privacy challenges posed by globalisation and rapid technological advancements; however, its implementation has also introduced new hurdles for companies. This study aims to analyse and synthesise the existing literature that focuses on challenges of GDPR implementation in business enterprises, while also outlining the directions for future research.
Design/methodology/approach
The methodology of this review follows the preferred reporting items for systematic reviews and meta-analysis guidelines. It uses an extensive search strategy across Scopus and Web of Science databases, rigorously applying inclusion and exclusion criteria, yielding a detailed analysis of 16 selected studies that concentrate on GDPR implementation challenges in business organisations.
Findings
The findings indicate a predominant use of conceptual study methodologies in prior research, often limited to specific countries and technology-driven sectors. There is also an inclination towards exploring GDPR challenges within small and medium enterprises, while larger enterprises remain comparatively unexplored. Additionally, further investigation is needed to understand the implications of emerging technologies on GDPR compliance.
Research limitations/implications
This study’s limitations include reliance of the search strategy on two databases, potential exclusion of relevant research, limited existing literature on GDPR implementation challenges in business context and possible influence of diverse methodologies and contexts of previous studies on generalisability of the findings.
Originality/value
The originality of this review lies in its exclusive focus on analysing GDPR implementation challenges within the business context, coupled with a fresh categorisation of these challenges into technical, legal, organisational, and regulatory dimensions.
Details
Keywords
Fatema Kawaf, Annaleis Montgomery and Marius Thuemmler
The paper addresses the privacy–personalisation paradox in the post-GDPR-2018 era. As the regulation came in a bid to regulate the collection and use of personal data, its…
Abstract
Purpose
The paper addresses the privacy–personalisation paradox in the post-GDPR-2018 era. As the regulation came in a bid to regulate the collection and use of personal data, its implications remain underexplored. The research question is: How do consumers perceive the matter of personal data collection for the use of highly targeted and personalised ads post-GDPR-2018? The invasion of privacy vs the benefits of highly personalised digital marketing.
Design/methodology/approach
To address the research question, this qualitative study conducts semi-structured interviews with 14 individuals, consisting of average users and digital experts.
Findings
This paper reports on increasing consumer vulnerability post-GDPR-2018 due to increased awareness of personal data collection yet incessant lack of control, particularly regarding the repercussions of the digital footprint. The privacy paradox remains an issue except among experts, and personalisation remains necessary, yet critical challenges arise (e.g. filter bubbles and intrusion).
Practical implications
Policy implications include education, regulating consent platforms and encouraging consensual sharing of personal data.
Originality/value
While the privacy–personalisation paradox has been widely studied, the impact of GDPR-2018 has rarely been addressed in the literature. GDPR-2018 has seemingly had little impact on instilling a sense of security for consumers; if anything, this paper highlights greater concerns for privacy as users sign away their rights on consent forms to access websites, thus contributing novel insights to this area of research.
Details
Keywords
The purpose of this general review is to address the evolution and development of the Fair Information Practice Principles (FIPPs).
Abstract
Purpose
The purpose of this general review is to address the evolution and development of the Fair Information Practice Principles (FIPPs).
Design/methodology/approach
This study presents FIPPs from several establishments, compare them and map them to the General Data Protection Regulation (GDPR). Additionally, this study presents and discuss similarities and differences among FIPP sets.
Findings
Although the subject matter of the FIPP sets is very similar, there are differences: their scope differs significantly. The comparison among FIPP sets is presented, and it provides relevant information related to the connectedness between privacy principles.
Originality/value
This study considers the GDPR to be the pinnacle of the efforts to improve personal data protection; it became a role model for other countries to implement similar regulations.
Details
Keywords
The study focusses on the legal issues surrounding artificial intelligence (AI), which are being investigated and debated about several European Union initiatives to manage and…
Abstract
The study focusses on the legal issues surrounding artificial intelligence (AI), which are being investigated and debated about several European Union initiatives to manage and regulate Information and Communication Technologies. The goal is to discuss the benefits and drawbacks of adopting AI technology and the ramifications for the articulations of law and politics in democratic constitutional countries. Thus, the study aims to identify socio-legal concerns and possible solutions to protect individuals’ interests. The exploratory study is based on statutes, rules, and committee reports. The study has used news pieces, reports issued by organisations and legal websites. The study revealed computer security vulnerabilities, unfairness, bias and discrimination, and legal personhood and intellectual property issues. Issues with privacy and data protection, liability for harm, and lack of accountability will all be discussed. The vulnerability framework is utilised in this chapter to strengthen comprehension of key areas of concern and to motivate risk and impact mitigation solutions to safeguard human welfare. Given the importance of AI’s effects on weak individuals and groups as well as their legal rights, this chapter contributes to the discourse, which is essential. The chapter advances the conversation while appreciating the legal work done in AI and the fact that this sector needs constant review and flexibility. As AI technology advances, new legal challenges, vulnerabilities, and implications for data privacy will inevitably arise, necessitating increased monitoring and research.
Details
Keywords
Patience Mpofu, Solomon Hopewell Kembo, Marlvern Chimbwanda, Saulo Jacques, Nevil Chitiyo and Kudakwashe Zvarevashe
In response to food supply constraints resulting from coronavirus disease 2019 (COVID-19) restrictions, in the year 2020, the project developed automated household Aquaponics…
Abstract
Purpose
In response to food supply constraints resulting from coronavirus disease 2019 (COVID-19) restrictions, in the year 2020, the project developed automated household Aquaponics units to guarantee food self-sufficiency. However, the automated aquaponics solution did not fully comply with data privacy and portability best practices to protect the data of household owners. The purpose of this study is to develop a data privacy and portability layer on top of the previously developed automated Aquaponics units.
Design/methodology/approach
Design Science Research (DSR) is the research method implemented in this study.
Findings
General Data Protection and Privacy Regulations (GDPR)-inspired principles empowering data subjects including data minimisation, purpose limitation, storage limitation as well as integrity and confidentiality can be implemented in a federated learning (FL) architecture using Pinecone Matrix home servers and edge devices.
Research limitations/implications
The literature reviewed for this study demonstrates that the GDPR right to data portability can have a positive impact on data protection by giving individuals more control over their own data. This is achieved by allowing data subjects to obtain their personal information from a data controller in a format that makes it simple to reuse it in another context and to transmit this information freely to any other data controller of their choice. Data portability is not strictly governed or enforced by data protection laws in the developing world, such as Zimbabwe's Data Protection Act of 2021.
Practical implications
Privacy requirements can be implemented in end-point technology such as smartphones, microcontrollers and single board computer clusters enabling data subjects to be incentivised whilst unlocking the value of their own data in the process fostering competition among data controllers and processors.
Originality/value
The use of end-to-end encryption with Matrix Pinecone on edge endpoints and fog servers, as well as the practical implementation of data portability, are currently not adequately covered in the literature. The study acts as a springboard for a future conversation on the topic.
Details
Keywords
This paper aims to examine the probable effect of the General Data Protection Regulation of the European Union on the transfer of financial intelligence to a third country without…
Abstract
Purpose
This paper aims to examine the probable effect of the General Data Protection Regulation of the European Union on the transfer of financial intelligence to a third country without an adequacy decision.
Design/methodology/approach
This is an analytical study of the financial intelligence exchange mechanisms between the Bangladesh Financial Intelligence Unit (BFIU) and its foreign counterparts. The research analyses the key challenges this national agency faces in using the Egmont Group membership to import financial intelligence from jurisdictions with a superior data protection regime.
Findings
Membership in the Egmont Group of Financial Intelligence Units does not guarantee unrestricted international intelligence exchange. Existing data protection regulations in Bangladesh are inadequate. This may forbid the transfer of the financial intelligence linked to European Union (EU) data subjects to Bangladesh.
Research limitations/implications
This paper does not cover a thorough discussion on any specific alternative tools for data transfer from the EU to a third country except for “appropriate safeguards” options.
Practical implications
The results of this study will help understand the existing legal and institutional limitations that may prevent intelligence exchange between the BFIU and its EU counterparts.
Originality/value
The study helps ascertain the legislative reform necessary in Bangladesh, a third country, to facilitate the transfer of financial intelligence from the EU.
Details
Keywords
Efrosini Siougle, Sophia Dimelis and Nikolaos Malevris
This study explores the link between ISO 9001 certification, personal data protection and firm performance using financial balance sheet and survey data. The security aspect of…
Abstract
Purpose
This study explores the link between ISO 9001 certification, personal data protection and firm performance using financial balance sheet and survey data. The security aspect of data protection is analyzed based on the major requirements of the General Data Protection Regulation and mapped to the relevant controls of the ISO/IEC 27001/27002 standards.
Design/methodology/approach
The research analysis is based on 96 ISO 9001–certified and non-certified publicly traded manufacturing and service firms that responded to a structured questionnaire. The authors develop and empirically test their theoretical model using the structural equation modeling technique and follow a difference-in-differences econometric modeling approach to estimate financial performance differences between certified and non-certified firms accounting for the level of data protection.
Findings
The estimates indicate three core dimensions in the areas of “policies, procedures and responsibilities,” “access control management” and “risk-reduction techniques” as desirable components in establishing the concept of data security. The estimates also suggest that the data protection level has significantly impacted the performance of certified firms relative to the non-certified. Controlling for the effect of industry-level factors reveals a positive relationship between data security and high-technological intensity.
Practical implications
The results imply that improving the level of compliance to data protection enhances the link between certification and firm performance.
Originality/value
This study fills a gap in the literature by empirically testing the influence of data protection on the relationship between quality certification and firm performance.
Details
Keywords
Ghulam Mustafa, Waqas Rafiq, Naveed Jhamat, Zeeshan Arshad and Farhana Aziz Rana
This study aims to evaluate blockchain as an e-government governance model. It assesses its alignment with legal frameworks, emphasizing robustness against disruptions and…
Abstract
Purpose
This study aims to evaluate blockchain as an e-government governance model. It assesses its alignment with legal frameworks, emphasizing robustness against disruptions and adherence to existing laws.
Design/methodology/approach
The paper explores blockchain’s potential in e-government, focusing on legal, ethical and governance aspects. It conducts an in-depth analysis of blockchain’s integration into data governance, emphasizing legal compliance and resilient security protocols.
Findings
The study comprehensively evaluates blockchain’s implementation, covering privacy, interoperability, consensus mechanisms, scalability and regulatory alignment. It highlights governance’s critical role in ensuring legal compliance within blockchain paradigms.
Research limitations/implications
Ethical and legal concerns arising from blockchain adoption remain unresolved. The study underscores how blockchain challenges its core principles of anonymity and decentralization in e-government settings.
Practical implications
The framework outlined offers potential for diverse technological environments, albeit raising ethical and legal queries. It emphasizes governance’s pivotal role in achieving legal compliance in blockchain adoption.
Social implications
Blockchain’s impact on legal and ethical facets necessitates further exploration to align with its core principles while addressing governance in e-government settings.
Originality/value
This study presents a robust framework for assessing blockchain’s viability in e-government, emphasizing legal compliance, despite ethical and legal intricacies that challenge its fundamental principles.
Details