Search results

Purpose: This chapter sets out to lay out and analyse the effectiveness of the General Data Protection Regulation (GDPR), a recently established European Union (EU) regulation, in the local insurance industry.

Methodology: This was done through a systematic literature review to determine what has already been done and then a survey as a primary research tool to gather information. The survey was aimed at clients and employees of insurance entities.

Findings: The general results are that effectiveness can be segmented into different factors and vary regarding the respondents’ confidence. Other findings include that the GDPR has increased costs, and its expectations are unclear. These findings suggest that although the GDPR was influential in the insurance market, some issues about this regulation still exist.

Conclusions: GDPR fulfils its purposes; however, the implementation process of this regulation can be facilitated if better guidelines are issued for entities to follow to understand its expectations better and follow the law and fulfil its purposes most efficiently.

Practical implications: These conclusions imply that the GDPR can be improved in the future. Overall, as a regulation, it is suitable for the different member states of the EU, including small states like Malta.

This paper aims to identify the reasons why cases of leakage of patient personal data often occur in the health sector. This paper also analyzes personal data protection regulations in the health sector from a comparative legal perspective between Indonesia, Singapore and the European Union (EU).

This type of research is legal research. The research approach used is the statute approach and conceptual approach. The focus of this study in this research is Indonesia with a comparative study in Singapore and the EU.

Cases of leakage of patient personal data in Indonesia often occur. In 2021, the data for 230,000 COVID-19 patients was leaked and sold on the Rapid Forums dark web forum. A patient’s personal data is a human right that must be protected. Compared to Singapore and the EU, Indonesia is a country that does not yet have a law on the protection of personal data. This condition causes cases of leakage of patients’ personal data to occur frequently.

This study analyzes the regulation and protection of patients’ personal data in Indonesia, Singapore and the EU to construct a regulatory design for the protection of patients’ personal data.

The results of this study are useful for constructing regulations governing the protection of patients’ personal data. The regulation is to protect the patient’s personal data like a patient’s human right.

The ideal regulatory design can prevent data breaches. Based on the results of comparative studies, in Singapore and the EU, cases of personal data leakage are rare because they have a regulatory framework regarding the protection of patients’ personal data.

Legal strategies that can be taken to prevent and overcome patient data breaches include the establishment of an Act on Personal Data Protection; the Personal Data Protection Commission; and management of patients’ personal data.

General Data Protection Regulation (GDPR) of the European Union (EU) was passed to protect data privacy. Though the GDPR intended to address issues related to data privacy in the EU, it created an extra-territorial effect through Articles 3, 45 and 46. Extra-territorial effect refers to the application or the effect of local laws and regulations in another country. Lawmakers around the globe passed or intensified their efforts to pass laws to have personal data privacy covered so that they meet the adequacy requirement under Articles 45–46 of GDPR while providing comprehensive legislation locally. This study aims to analyze the Malaysian and Saudi Arabian legislation on health data privacy and their adequacy in meeting GDPR data privacy protection requirements.

The research used a systematic literature review, legal content analysis and comparative analysis to critically analyze the health data protection in Malaysia and Saudi Arabia in comparison with GDPR and to see the adequacy of health data protection that could meet the requirement of EU data transfer requirement.

The finding suggested that the private sector is better regulated in Malaysia than the public sector. Saudi Arabia has some general laws to cover health data privacy in both public and private sector organizations until the newly passed data protection law is implemented in 2024. The finding also suggested that the Personal Data Protection Act 2010 of Malaysia and the Personal Data Protection Law 2022 of Saudi Arabia could be considered “adequate” under GDPR.

The research would be able to identify the key principles that could identify the adequacy of the laws about health data in Malaysia and Saudi Arabia as there is a dearth of literature in this area. This will help to propose suggestions to improve the laws concerning health data protection so that various stakeholders can benefit from it.

This chapter analyzes the compliance of some category of Open Data in Politics with EU General Data Protection Regulation (GDPR) requirements. After clarifying the legal basis of this framework, with specific attention to the processing procedures that conform to the legitimate interests pursued by the data controller, including open data licenses or anonymization techniques, that can result in partial application of the GDPR, but there is no generic guarantee, and, as a consequence, an appropriate process of analysis and management of risks is required.

Within a larger mandate of reviewing the key global trends concerning consumer protection in the electronic commerce (e-commerce) literature, this study aims to study the legal framework concerning e-commerce and consumer protection in the Sultanate of Oman and to analyse the current regulations concerning e-commerce and consumer protection.

This study followed the normative legal research approach and resorted to the desk research process to facilitate content analysis of literature containing consumer protection legislation and regulatory provisions in Oman in particular and the rest of the world in general.

The study reveals that consumer protection initiatives in Oman are well entrenched for offline transactions, but are relatively new and limited for e-commerce. In spite of the promulgation of consumer protection laws, electronic transaction law and cybercrime law, consumer protection measures for e-commerce in Oman do not address a large number of the global concerns necessary to build consumer confidence and trust in the online environment.

There is a dearth of information concerning Oman on this topic in the extant literature. The research also witnessed the lack of empirical data on the issue of consumer protection and e-commerce in Oman that offer a detailed database of consumer complaints and associated outcomes.

The mechanism of consumer protection in electronic transactions is not robust in many countries. Because of the lack of comprehensive and robust legislation, consumers remain vulnerable in the online contractual purchase process. Moving beyond the fragmented legislation, many countries are currently mulling an all-comprehensive e-commerce law, implications of this paper will help the policymakers in identifying the focus areas.

Consumer protection is a burning global issue in this era of consumerism. It is important to build consumer trust, transparency and integrity of transactions to reduce the risk and uncertainties of purchase.

Consumer protection studies conducted in the context of Oman, hitherto, deal more with data protection and dispute resolution mechanisms, and less with legal provisions, regulations and consumer confidence. The study shares newer insights based on a systematic review of legal and business databases. It is the first study of its kind in the context of Oman and the Middle East in general.

This paper aims to identify the controls provisioned in ISO/IEC 27001:2013 and ISO/IEC 27002:2013 that need to be extended to adequately meet, data protection requirements set by the General Data Protection Regulation (GDPR); it also indicates security management actions an organisation needs to perform to fulfil GDPR requirements. Thus, ISO/IEC 27001:2013 compliant organisations, can use this paper as a basis for extending the already existing security control modules towards data protection; and as guidance for reaching compliance with the regulation.

This study has followed a two-step approach; first, synergies between ISO/IEC 27001:2013 modules and GDPR requirements were identified, by analysing all 14 control modules of the ISO/IEC 27001:2013 and proposing the appropriate actions towards the satisfaction of data protection requirements. Second, this paper identified GDPR requirements not addressed by ISO/IEC 27001:2013.

The findings of this work include the identification of the common ground between the security controls that ISO/IEC 27001:2013 includes and the requirements that the GDPR imposes; the actions that need to be performed based on these security controls to adequately meet the data protection requirements that the GDPR imposes; and the identification of the remaining actions an ISO/IEC 27001 compliant organisation needs to perform to be able to adhere with the GDPR.

This paper provides a gap analysis and a further steps identification regarding the additional actions that need to be performed to allow an ISO/IEC 27001:2013 certified organisation to be compliant with the GDPR.

This paper aims to examine the probable effect of the General Data Protection Regulation of the European Union on the transfer of financial intelligence to a third country without an adequacy decision.

This is an analytical study of the financial intelligence exchange mechanisms between the Bangladesh Financial Intelligence Unit (BFIU) and its foreign counterparts. The research analyses the key challenges this national agency faces in using the Egmont Group membership to import financial intelligence from jurisdictions with a superior data protection regime.

Membership in the Egmont Group of Financial Intelligence Units does not guarantee unrestricted international intelligence exchange. Existing data protection regulations in Bangladesh are inadequate. This may forbid the transfer of the financial intelligence linked to European Union (EU) data subjects to Bangladesh.

This paper does not cover a thorough discussion on any specific alternative tools for data transfer from the EU to a third country except for “appropriate safeguards” options.

The results of this study will help understand the existing legal and institutional limitations that may prevent intelligence exchange between the BFIU and its EU counterparts.

The study helps ascertain the legislative reform necessary in Bangladesh, a third country, to facilitate the transfer of financial intelligence from the EU.

The purpose of this paper is two-fold: to explore the legal issue of the importance of personal data protection in the digital economy sector and to propose a legal framework for personal data protection as a consumer protection strategy and accelerate the digital economy.

This study is legal research. The research approach used was the comparative approach and statute approach. The legal materials used are all regulations regarding personal data protection that apply in Indonesia, Hong Kong and Malaysia. The technique of collecting legal materials is done by using library research techniques.

The value of Indonesia’s digital economy is the biggest in the Southeast Asia region, but data breach is still a big challenge to face. The Indonesian Consumers Foundation (Yayasan Lembaga Konsumen Indonesia) recorded 54 cases of a data breach in e-commerce, 27 cases in peer-to-peer lending and 5 cases in electronic money. Based on the results of a comparative study with Hong Kong and Malaysia, Indonesia has yet no specific Act that comprehensively regulates personal data protection. Indonesia also does not have a personal data protection commission. Criminal sanctions and civil claims related to data breaches have not yet been regulated.

This study examines the data breach problem in the Indonesian digital economy sector. However, the legal construction of personal data protection regulations is built on the results of a comparative study with Hong Kong and Malaysia.

The results of this study can be useful for constructing the ideal regulation regarding the protection of personal data in the digital economy sector.

The results of the recommendations in this study are expected to develop and strengthen the protection of personal data in the Indonesian digital economy sector. Besides aiming to prevent the misuse of personal data, the regulation aims to protect consumers and accelerate the growth of the digital economy.

Indonesia needs to create a personal data protection act. The act should at least cover such issues: personal data protection principles; types of personal data; management of personal data; mechanism of personal data protection and security; commission of personal data protection; transfers of personal data; resolution mechanism of personal data dispute and criminal sanctions and civil claims.

The move toward e-health care in various countries is envisaged to reduce the cost of provision of health care, improve the quality of care and reduce medical errors. The most significant problem is the protection of patients’ data privacy. If the patients are reluctant or refuse to participate in health care system due to lack of privacy laws and regulations, the benefit of the full-fledged e-health care system cannot be materialized. The purpose of this paper is to investigate the available e-health data privacy protection laws and the perception of the people using the e-health care facilities.

The researchers used content analysis to analyze the availability and comprehensive nature of the laws and regulations. The researchers also used survey method. Participants in the study comprised of health care professionals (n=46) and health care users (n=187) who are based in the Dubai, United Arab Emirates. The researchers applied descriptive statistics mechanisms and correlational analysis to analyze the data in the survey.

The content analysis revealed that the available health data protection laws are limited in scope. The survey results, however, showed that the respondents felt that they could trust the e-health services systems offered in the UAE as the data collected is protected, the rights are not violated. The research also revealed that there was no significance difference between the nationality and the privacy data statements. All the nationality agreed that there is protection in place for the protection of e-health data. There was no significance difference between the demographic data sets and the many data protection principles.

The findings on the users’ perception could help to evaluate the success in realizing current strategies and an action plan of benchmarking could be introduced.

The chapter deliberates on research ethics and the unanticipated side effects that technological developments have brought in the past decades. It looks at data protection and privacy through the prism of ethics and focuses on the need for safeguarding the fundamental rights of the research participants in the new digital era. Acknowledging the benefits of data analytics for boosting scientific process, the chapter reflects on the main principles and specific research derogations, introduced by the EU General Data Protection Regulation. Further on, it discusses some of the most pressing ethics concerns, related to the use, reuse, and misuse of data; the distinction between publicly available and open data; ethics challenges in online recruitment of research participants; and the potential bias and representativeness problems of Big Data research. The chapter underscores that all challenges should be properly addressed at the outset of research design. Highlighting the power asymmetries between Big Data studies and individuals’ rights to data protection, human dignity, and respect for private and family life, the chapter argues that anonymization may be reasonable, yet not the ultimate ethics solution. It asserts that while anonymization techniques may protect individual data protection rights, the former may not be sufficient to prevent discrimination and stigmatization of entire groups of populations. Finally, the chapter suggests some approaches for ensuring ethics compliance in the digital era.