Search results

Purpose: This chapter sets out to lay out and analyse the effectiveness of the General Data Protection Regulation (GDPR), a recently established European Union (EU) regulation, in the local insurance industry.

Methodology: This was done through a systematic literature review to determine what has already been done and then a survey as a primary research tool to gather information. The survey was aimed at clients and employees of insurance entities.

Findings: The general results are that effectiveness can be segmented into different factors and vary regarding the respondents’ confidence. Other findings include that the GDPR has increased costs, and its expectations are unclear. These findings suggest that although the GDPR was influential in the insurance market, some issues about this regulation still exist.

Conclusions: GDPR fulfils its purposes; however, the implementation process of this regulation can be facilitated if better guidelines are issued for entities to follow to understand its expectations better and follow the law and fulfil its purposes most efficiently.

Practical implications: These conclusions imply that the GDPR can be improved in the future. Overall, as a regulation, it is suitable for the different member states of the EU, including small states like Malta.

This chapter analyzes the compliance of some category of Open Data in Politics with EU General Data Protection Regulation (GDPR) requirements. After clarifying the legal basis of this framework, with specific attention to the processing procedures that conform to the legitimate interests pursued by the data controller, including open data licenses or anonymization techniques, that can result in partial application of the GDPR, but there is no generic guarantee, and, as a consequence, an appropriate process of analysis and management of risks is required.

The chapter deliberates on research ethics and the unanticipated side effects that technological developments have brought in the past decades. It looks at data protection and privacy through the prism of ethics and focuses on the need for safeguarding the fundamental rights of the research participants in the new digital era. Acknowledging the benefits of data analytics for boosting scientific process, the chapter reflects on the main principles and specific research derogations, introduced by the EU General Data Protection Regulation. Further on, it discusses some of the most pressing ethics concerns, related to the use, reuse, and misuse of data; the distinction between publicly available and open data; ethics challenges in online recruitment of research participants; and the potential bias and representativeness problems of Big Data research. The chapter underscores that all challenges should be properly addressed at the outset of research design. Highlighting the power asymmetries between Big Data studies and individuals’ rights to data protection, human dignity, and respect for private and family life, the chapter argues that anonymization may be reasonable, yet not the ultimate ethics solution. It asserts that while anonymization techniques may protect individual data protection rights, the former may not be sufficient to prevent discrimination and stigmatization of entire groups of populations. Finally, the chapter suggests some approaches for ensuring ethics compliance in the digital era.

The study focusses on the legal issues surrounding artificial intelligence (AI), which are being investigated and debated about several European Union initiatives to manage and regulate Information and Communication Technologies. The goal is to discuss the benefits and drawbacks of adopting AI technology and the ramifications for the articulations of law and politics in democratic constitutional countries. Thus, the study aims to identify socio-legal concerns and possible solutions to protect individuals’ interests. The exploratory study is based on statutes, rules, and committee reports. The study has used news pieces, reports issued by organisations and legal websites. The study revealed computer security vulnerabilities, unfairness, bias and discrimination, and legal personhood and intellectual property issues. Issues with privacy and data protection, liability for harm, and lack of accountability will all be discussed. The vulnerability framework is utilised in this chapter to strengthen comprehension of key areas of concern and to motivate risk and impact mitigation solutions to safeguard human welfare. Given the importance of AI’s effects on weak individuals and groups as well as their legal rights, this chapter contributes to the discourse, which is essential. The chapter advances the conversation while appreciating the legal work done in AI and the fact that this sector needs constant review and flexibility. As AI technology advances, new legal challenges, vulnerabilities, and implications for data privacy will inevitably arise, necessitating increased monitoring and research.

Involvement of children in research on different aspects of children's rights, including research on violence against children, is continuously increasing, as is the interest in participatory approaches (European Agency for Fundamental Rights [FRA], 2014; Larsson et al., 2018; UN Committee on the Rights of the Child, 2011). Svevo-Cianci et al. (2011) noted that ‘as researchers commit to learning from community members, including children and adolescents themselves, it has become more clear that an understanding of the lived reality and definition of violence for children in their individual communities, is essential to envision and implement effective child protection’ (p. 985).

In this chapter, the legislative context regarding children's rights to be heard and participate is initially discussed; currently applied age requirements for children to acquire rights across the countries of the European Union (EU) are briefly presented; and children's potential roles and relevant provisions for their participation in social research are explored. The last part is dedicated to the presentation and discussion of the General Data Protection Regulation (GDPR; Regulation [EU] 2016/679, 2016) – specifically, children's personal data–related recitals and articles; the importance of the definition of a legal basis for personal data processing according to the GDPR, including consent; and the necessary information to be provided to children before their data are processed.

Introduction: The insurance industry is vulnerable to attacks as it deals with the personal information of its consumers and puts the insurance company’s business at risk in the event of data breach or abuse. To ensure the security of customer data, insurance companies must comply with various data protection requirements, including requirements imposed by laws, regulations, and standards. Following such a wide range of conditions can be challenging for insurance providers. For a long time, risk management has controlled data protection to ensure compliance with data protection law and ensure that data are processed correctly and that people’s fundamental rights are protected effectively.

Purpose: This chapter explains the role and significance of risk management. An organised way to identify and assess risks, mitigate or avoid risks as much as possible, and then manage and accept the remaining risks, implemented in data protection as needed, explained by the supervisory authority, is implemented by the responsible organisation. This document highlights the growing consensus surrounding risk management as an essential tool for adequate data protection. Furthermore, it addresses vital considerations that affect the role of risk in data protection law and practice.

Need for study: There is an increasing consensus towards the role and significance of risk management in data protection in the insurance market. As a result, regulators and legislators are focussing on valuable and new attention on standardising and expanding data protection in risk management practices. This paper has attempted to identify critical issues and principles of risk management in data protection.

Methodology: Secondary data analysis was conducted in this study by reviewing literature related to data protection, risk management, and the insurance sector. Again, science direct was used as a source of information. For this study, the literature review approach was chosen since it allows us to trace the growth of the subject matter and identify the patterns that have formed through time.

Findings: The insurance industry comprises general insurance and life insurance. It is found that there are various studies conducted on the privacy violation and data breaches of individuals in the insurance industry. The study also identifies the factors causing privacy issues and recommends improving data privacy management in the insurance market.

Practical implications: The current study can be referred to by academicians, marketers, industry people, and policymakers. In addition, the study encourages companies and academicians to investigate further the process of data protection in the insurance industry.

The attempt to establish a common European framework for core platforms' duties and responsibilities toward other actors in the digital environment is at the core of the recent scholarly debate surrounding the Digital Markets Act (DMA) proposal. In particular, the everlasting juxtaposition between the “data power” – as emerging from recent cases (Section 2) – that dominant tech companies enjoy and the concept of consumer sovereignty (Section 3) lies at the core of the proposal's attempt to identify digital core platforms as market gatekeepers. Accordingly, this chapter critically investigates the divide between power imbalance and consumer sovereignty in light of the architecture designed by the DMA, with a specific focus on its effectiveness in identifying gatekeepers' power drivers (Section 4). After highlighting the main critical aspects of the pertinent rules, opportunities for fruitful developments are then identified through the reframing of some of the notions considered in the proposal, and namely the role of “lock-in” effects and “data accumulation” (Section 5). Lastly, this chapter suggests that the DMA advancements – while desirable – are bound to be fragmentary in the absence of a wider appraisal of the nature of data power imbalance dynamics in the modern digital markets (Section 6).

This chapter explores young individuals’ attitude toward protection of personal data. Specifically, the discussion focuses on the General Data Protection Regulation (GDPR) and the introduction of a property right over personal data. To this end, a total of 10 in-depth interviews were conducted with both Albanian and Italian college students. Transcribed data from the interviews were analyzed through thematic analysis. Four main themes emerged from the interviews: (i) distrust toward the way personal data are used online, (ii) no change in behavior after the introduction of GDPR, (iii) limited knowledge regarding terms and conditions of websites, and (iv) individual desire for more control over his/her data. In light of the research findings, the present contribution highlights that, despite the GDPR enhances individuals’ data protection and rights, there is an intention–behavior gap that has been labeled in the literature as “privacy paradox.” Furthermore, findings reveal that treating personal data as a property right has pros and cons.