Search results

Research on online user privacy shows that empirical evidence on how privacy literacy relates to users' information privacy empowerment is missing. To fill this gap, this paper investigated the respective influence of two primary dimensions of online privacy literacy – namely declarative and procedural knowledge – on online users' information privacy empowerment.

An empirical analysis is conducted using a dataset collected in Europe. This survey was conducted in 2019 among 27,524 representative respondents of the European population.

The main results show that users' procedural knowledge is positively linked to users' privacy empowerment. The relationship between users' declarative knowledge and users' privacy empowerment is partially supported. While greater awareness about firms and organizations practices in terms of data collections and further uses conditions was found to be significantly associated with increased users' privacy empowerment, unpredictably, results revealed that the awareness about the GDPR and user’s privacy empowerment are negatively associated. The empirical findings reveal also that greater online privacy literacy is associated with heightened users' information privacy empowerment.

While few advanced studies made systematic efforts to measure changes occurred on websites since the GDPR enforcement, it remains unclear, however, how individuals perceive, understand and apply the GDPR rights/guarantees and their likelihood to strengthen users' information privacy control. Therefore, this paper contributes empirically to understanding how online users' privacy literacy shaped by both users' declarative and procedural knowledge is likely to affect users' information privacy empowerment. The study empirically investigates the effectiveness of the GDPR in raising users' information privacy empowerment from user-based perspective. Results stress the importance of greater transparency of data tracking and processing decisions made by online businesses and services to strengthen users' control over information privacy. Study findings also put emphasis on the crucial need for more educational efforts to raise users' awareness about the GDPR rights/guarantees related to data protection. Empirical findings also show that users who are more likely to adopt self-protective approaches to reinforce personal data privacy are more likely to perceive greater control over personal data. A broad implication of this finding for practitioners and E-businesses stresses the need for empowering users with adequate privacy protection tools to ensure more confidential transactions.

The General Data Protection Regulation (GDPR) introduces significant data protection obligations on all organizations within the European Union (EU) and those transacting with EU citizens. This paper presents the GDPR privacy label and uses two empirical studies to examine the effectiveness of this approach in influencing consumers' privacy perceptions and related behavioral intentions.

The paper tests the efficacy of two GDPR privacy label designs, a consent-based label and a static label. Study 1 examines the effects of each label on perceptions of risk, control and privacy. Study 2 investigates the influence of consumers' privacy perceptions on perceived trustworthiness and willingness to interact with the organization.

The findings support the potential of GDPR privacy labels for positively influencing perceptions of risk, control, privacy and trustworthiness and enhancing consumers' willingness to transact and disclose data to online organizations.

The findings are useful for organizations required to comply with the GDPR and present a solution to requirements for transparent communications and explicit consent.

This study examines and demonstrates the efficacy of visualized privacy policies in impacting consumer privacy perceptions and behavioral intentions.

Many organizations are challenged by different and, perhaps, opposite, registration and protection obligations of information regarding their employees. The purpose of this paper is to explore how organizations balance the registration obligations of the Icelandic equal pay standard (EPS) and the protection requirements of the general data protection regulation (GDPR). It aims to raise awareness of how information professionals can ensure that documentation on the education and skills of employees is authentic, traceable and secure.

The analytical framework covered multiple-cases and semi-structured interviews with various professionals and comprehensive documentary analysis.

The findings indicate that the organizations were not properly prepared for the implementation of the EPS and were hesitant regarding further registration of personal information due to GDPR. Documentary analysis also revealed critical attitudes towards the legal endorsement of the standard and its potential success.

There is a lack of studies explaining the juxtaposition of information and records management and the legal and regulatory environment. This paper provides a unique description of how information and recordkeeping practices function with the requirements of the EPS whilst complying with GDPR. The results could bring valuable opportunities for the information profession regarding the development, implementation, administration and maintenance of documentary evidence regarding the requirements of international and national standards and legislations and advance their collaboration with other professionals in the management of information.

In response to food supply constraints resulting from coronavirus disease 2019 (COVID-19) restrictions, in the year 2020, the project developed automated household Aquaponics units to guarantee food self-sufficiency. However, the automated aquaponics solution did not fully comply with data privacy and portability best practices to protect the data of household owners. The purpose of this study is to develop a data privacy and portability layer on top of the previously developed automated Aquaponics units.

Design Science Research (DSR) is the research method implemented in this study.

General Data Protection and Privacy Regulations (GDPR)-inspired principles empowering data subjects including data minimisation, purpose limitation, storage limitation as well as integrity and confidentiality can be implemented in a federated learning (FL) architecture using Pinecone Matrix home servers and edge devices.

The literature reviewed for this study demonstrates that the GDPR right to data portability can have a positive impact on data protection by giving individuals more control over their own data. This is achieved by allowing data subjects to obtain their personal information from a data controller in a format that makes it simple to reuse it in another context and to transmit this information freely to any other data controller of their choice. Data portability is not strictly governed or enforced by data protection laws in the developing world, such as Zimbabwe's Data Protection Act of 2021.

Privacy requirements can be implemented in end-point technology such as smartphones, microcontrollers and single board computer clusters enabling data subjects to be incentivised whilst unlocking the value of their own data in the process fostering competition among data controllers and processors.

The use of end-to-end encryption with Matrix Pinecone on edge endpoints and fog servers, as well as the practical implementation of data portability, are currently not adequately covered in the literature. The study acts as a springboard for a future conversation on the topic.

Involvement of children in research on different aspects of children's rights, including research on violence against children, is continuously increasing, as is the interest in participatory approaches (European Agency for Fundamental Rights [FRA], 2014; Larsson et al., 2018; UN Committee on the Rights of the Child, 2011). Svevo-Cianci et al. (2011) noted that ‘as researchers commit to learning from community members, including children and adolescents themselves, it has become more clear that an understanding of the lived reality and definition of violence for children in their individual communities, is essential to envision and implement effective child protection’ (p. 985).

In this chapter, the legislative context regarding children's rights to be heard and participate is initially discussed; currently applied age requirements for children to acquire rights across the countries of the European Union (EU) are briefly presented; and children's potential roles and relevant provisions for their participation in social research are explored. The last part is dedicated to the presentation and discussion of the General Data Protection Regulation (GDPR; Regulation [EU] 2016/679, 2016) – specifically, children's personal data–related recitals and articles; the importance of the definition of a legal basis for personal data processing according to the GDPR, including consent; and the necessary information to be provided to children before their data are processed.

This paper aims to spark a debate by presenting the need for developing data ecosystems in Europe that meet the social and public good while committing to democratic and ethical standards; suggesting a taxonomy of data infrastructures and institutions to support this need; using the case study of Barcelona as the flagship city trailblazing a critical policy agenda of smart cities to show the limitations and contradictions of the current state of affairs; and ultimately, proposing a preliminary roadmap for institutional and governance empowerment that could enable effective data ecosystems in Europe.

This paper draws on lessons learned in previous publications available in the sustainability (Calzada, 2018), regions (Calzada and Cowie, 2017; Calzada, 2019), Zenodo (Calzada and Almirall, 2019), RSA Journal (Calzada, 2019) and IJIS (Calzada, 2020) journals and ongoing and updated fieldwork about the Barcelona case study stemming from an intensive fieldwork action research that started in 2017. The methodology used in these publications was based on the mixed-method technique of triangulation via action research encompassing in-depth interviews, direct participation in policy events and desk research. The case study was identified as the most effective methodology.

This paper, drawing from lessons learned from the Barcelona case study, elucidates on the need to establish pan-European data infrastructures and institutions – collectively data ecosystems – to protect citizens’ digital rights in European cities and regions. The paper reveals three main priorities proposing a preliminary roadmap for local and regional governments, namely, advocacy, suggesting the need for city and regional networks; governance, requiring guidance and applied, neutral and non-partisan research in policy; and pan-European agencies, leading and mobilising data infrastructures and institutions at the European level.

From the very beginning, this paper acknowledges its ambition, and thus its limitations and clarifies its attempt to provide just an overview rather than a deep research analysis. This paper presents several research limitations and implications regarding the scope. The paper starts by presenting the need for data ecosystems, then structures this need through two taxonomies, all illustrated through the Barcelona case study and finally, concludes with a roadmap consisting of three priorities. The paper uses previous published and ongoing fieldwork findings in Barcelona as a way to lead, and thus encourage the proliferation of more cases through Cities Coalition for Digital Rights (CCDR).

This paper presents practical implications for local and regional authorities of the CCDR network. As such, the main three priorities of the preliminary roadmap could help those European cities and regions already part of the CCDR network to establish and build operational data ecosystems by establishing a comprehensive pan-European policy from the bottom-up that aligns with the timely policy developments advocated by the European Commission. This paper can inspire policymakers by providing guidelines to better coordinate among a diverse set of cities and regions in Europe.

The leading data governance models worldwide from China and the USA and the advent of Big Data are dramatically reshaping citizens’ relationship with data. Against this backdrop and directly influenced by the General Data Protection Regulation (GDPR), Europe has, perhaps, for the first time, spoken with its own voice by blending data and smart city research and policy formulations. Inquiries and emerging insights into the potential urban experiments on data ecosystems, consisting of data infrastructures and institutions operating in European cities and regions, become increasingly crucial. Thus, the main social implications are for those multi-stakeholder policy schemes already operating in European cities and regions.

In previous research, data ecosystems were not directly related to digital rights amidst the global digital geopolitical context and, more specifically, were not connected to the two taxonomies (on data infrastructures and institutions) that could be directly applied to a case study, like the one presented about Barcelona. Thus, this paper shows novelty and originality by also opening up (based on previous fieldwork action research) a way to take strategic action to establish a pan-European strategy among cities and regions through three specific priorities. This paper can ultimately support practice and lead to new research and policy avenues.

The voices of children and young people have been largely neglected in discussions of the extent to which the internet takes into account their needs and concerns. This paper aims to highlight young people’s lived experiences of being online.

Results are drawn from the UnBias project’s youth led discussions, “Youth Juries” with young people predominantly aged between 13 and 17 years.

Whilst the young people are able to use their agency online in some circumstances, many often experience feelings of disempowerment and resignation, particularly in relation to the terms and conditions and user agreements that are ubiquitous to digital technologies, social media platforms and other websites.

Although changes are afoot as part of the General Data Protection Regulation (herein the GDPR) to simplify the terms and conditions of online platforms (European Union, 2016), it offers little practical guidance on how it should be implemented to children. The voices and opinions of children and young people are put forward as suggestions for how the “clear communication to data subjects” required by Article 12 of the GDPR in particular should be implemented, for example, recommendations about how terms and conditions can be made more accessible.

Children and young people are an often overlooked demographic of online users. This paper argues for the importance of this group being involved in any changes that may affect them, by putting forward recommendations from the children and young people themselves.

Since the European Union’s (EU) Charter of Fundamental Rights became binding in 2009, data protection has attained the status of a fundamental right (Article 8) throughout the EU. This chapter discusses the relevance of data protection in the context of security. It shows that data protection has been of particular relevance in the German context – not only against the backdrop of rapidly evolving information technology, but also of the historical experiences with political regimes collecting information in order to oppress citizens.