Search results

The general data protection regulation (GDPR) was designed to address privacy challenges posed by globalisation and rapid technological advancements; however, its implementation has also introduced new hurdles for companies. This study aims to analyse and synthesise the existing literature that focuses on challenges of GDPR implementation in business enterprises, while also outlining the directions for future research.

The methodology of this review follows the preferred reporting items for systematic reviews and meta-analysis guidelines. It uses an extensive search strategy across Scopus and Web of Science databases, rigorously applying inclusion and exclusion criteria, yielding a detailed analysis of 16 selected studies that concentrate on GDPR implementation challenges in business organisations.

The findings indicate a predominant use of conceptual study methodologies in prior research, often limited to specific countries and technology-driven sectors. There is also an inclination towards exploring GDPR challenges within small and medium enterprises, while larger enterprises remain comparatively unexplored. Additionally, further investigation is needed to understand the implications of emerging technologies on GDPR compliance.

This study’s limitations include reliance of the search strategy on two databases, potential exclusion of relevant research, limited existing literature on GDPR implementation challenges in business context and possible influence of diverse methodologies and contexts of previous studies on generalisability of the findings.

The originality of this review lies in its exclusive focus on analysing GDPR implementation challenges within the business context, coupled with a fresh categorisation of these challenges into technical, legal, organisational, and regulatory dimensions.

Research on online user privacy shows that empirical evidence on how privacy literacy relates to users' information privacy empowerment is missing. To fill this gap, this paper investigated the respective influence of two primary dimensions of online privacy literacy – namely declarative and procedural knowledge – on online users' information privacy empowerment.

An empirical analysis is conducted using a dataset collected in Europe. This survey was conducted in 2019 among 27,524 representative respondents of the European population.

The main results show that users' procedural knowledge is positively linked to users' privacy empowerment. The relationship between users' declarative knowledge and users' privacy empowerment is partially supported. While greater awareness about firms and organizations practices in terms of data collections and further uses conditions was found to be significantly associated with increased users' privacy empowerment, unpredictably, results revealed that the awareness about the GDPR and user’s privacy empowerment are negatively associated. The empirical findings reveal also that greater online privacy literacy is associated with heightened users' information privacy empowerment.

While few advanced studies made systematic efforts to measure changes occurred on websites since the GDPR enforcement, it remains unclear, however, how individuals perceive, understand and apply the GDPR rights/guarantees and their likelihood to strengthen users' information privacy control. Therefore, this paper contributes empirically to understanding how online users' privacy literacy shaped by both users' declarative and procedural knowledge is likely to affect users' information privacy empowerment. The study empirically investigates the effectiveness of the GDPR in raising users' information privacy empowerment from user-based perspective. Results stress the importance of greater transparency of data tracking and processing decisions made by online businesses and services to strengthen users' control over information privacy. Study findings also put emphasis on the crucial need for more educational efforts to raise users' awareness about the GDPR rights/guarantees related to data protection. Empirical findings also show that users who are more likely to adopt self-protective approaches to reinforce personal data privacy are more likely to perceive greater control over personal data. A broad implication of this finding for practitioners and E-businesses stresses the need for empowering users with adequate privacy protection tools to ensure more confidential transactions.

This paper aims to examine the probable effect of the General Data Protection Regulation of the European Union on the transfer of financial intelligence to a third country without an adequacy decision.

This is an analytical study of the financial intelligence exchange mechanisms between the Bangladesh Financial Intelligence Unit (BFIU) and its foreign counterparts. The research analyses the key challenges this national agency faces in using the Egmont Group membership to import financial intelligence from jurisdictions with a superior data protection regime.

Membership in the Egmont Group of Financial Intelligence Units does not guarantee unrestricted international intelligence exchange. Existing data protection regulations in Bangladesh are inadequate. This may forbid the transfer of the financial intelligence linked to European Union (EU) data subjects to Bangladesh.

This paper does not cover a thorough discussion on any specific alternative tools for data transfer from the EU to a third country except for “appropriate safeguards” options.

The results of this study will help understand the existing legal and institutional limitations that may prevent intelligence exchange between the BFIU and its EU counterparts.

The study helps ascertain the legislative reform necessary in Bangladesh, a third country, to facilitate the transfer of financial intelligence from the EU.

This paper aims to identify the reasons why cases of leakage of patient personal data often occur in the health sector. This paper also analyzes personal data protection regulations in the health sector from a comparative legal perspective between Indonesia, Singapore and the European Union (EU).

This type of research is legal research. The research approach used is the statute approach and conceptual approach. The focus of this study in this research is Indonesia with a comparative study in Singapore and the EU.

Cases of leakage of patient personal data in Indonesia often occur. In 2021, the data for 230,000 COVID-19 patients was leaked and sold on the Rapid Forums dark web forum. A patient’s personal data is a human right that must be protected. Compared to Singapore and the EU, Indonesia is a country that does not yet have a law on the protection of personal data. This condition causes cases of leakage of patients’ personal data to occur frequently.

This study analyzes the regulation and protection of patients’ personal data in Indonesia, Singapore and the EU to construct a regulatory design for the protection of patients’ personal data.

The results of this study are useful for constructing regulations governing the protection of patients’ personal data. The regulation is to protect the patient’s personal data like a patient’s human right.

The ideal regulatory design can prevent data breaches. Based on the results of comparative studies, in Singapore and the EU, cases of personal data leakage are rare because they have a regulatory framework regarding the protection of patients’ personal data.

Legal strategies that can be taken to prevent and overcome patient data breaches include the establishment of an Act on Personal Data Protection; the Personal Data Protection Commission; and management of patients’ personal data.

This study explores the link between ISO 9001 certification, personal data protection and firm performance using financial balance sheet and survey data. The security aspect of data protection is analyzed based on the major requirements of the General Data Protection Regulation and mapped to the relevant controls of the ISO/IEC 27001/27002 standards.

The research analysis is based on 96 ISO 9001–certified and non-certified publicly traded manufacturing and service firms that responded to a structured questionnaire. The authors develop and empirically test their theoretical model using the structural equation modeling technique and follow a difference-in-differences econometric modeling approach to estimate financial performance differences between certified and non-certified firms accounting for the level of data protection.

The estimates indicate three core dimensions in the areas of “policies, procedures and responsibilities,” “access control management” and “risk-reduction techniques” as desirable components in establishing the concept of data security. The estimates also suggest that the data protection level has significantly impacted the performance of certified firms relative to the non-certified. Controlling for the effect of industry-level factors reveals a positive relationship between data security and high-technological intensity.

The results imply that improving the level of compliance to data protection enhances the link between certification and firm performance.

This study fills a gap in the literature by empirically testing the influence of data protection on the relationship between quality certification and firm performance.

This paper aims to examine the nature and extent of disclosure on the use of big data by online platform companies and how these disclosures address and discharge stakeholder accountability.

Content analysis of annual reports and data policy documents of 100 online platform companies were used for this study. More specifically, the study develops a comprehensive big data disclosure framework to assess the nature and extent of disclosures provided in corporate reports. This framework also assists in evaluating the effect of the size of the company, industry and country in which they operate on disclosures.

The analysis reveals that most companies made limited disclosure on how they manage big data. Only two of the 100 online platform companies have provided moderate disclosures on big data related issues. The focus of disclosure by the online platform companies is more on data regulation compliance and privacy protection, but significantly less on the accountability and ethical issues of big data use. More specifically, critical issues, such as stakeholder engagement, breaches of customer information and data reporting and controlling mechanisms are largely overlooked in current disclosures. The analysis confirms that current attention has been predominantly given to powerful stakeholders such as regulators as a result of compliance pressure while the accountability pressure has yet to keep up the pace.

The study findings may be limited by the use of a new accountability disclosure index and the specific focus on online platform companies.

Although big data permeates, the number of users and uses grow and big data use has become more ingrained into society, this study provides evidence that ethical and accountability issues persist, even among the largest online companies. The findings of this study improve the understanding of the current state of online companies’ reporting practices on big data use, particularly the issues and gaps in the reporting process, which will help policymakers and standard setters develop future data disclosure policies.

From these findings, the study improves the understanding of the current state of online companies’ reporting practices on big data use, particularly the issues and gaps in the reporting process – which are helpful for policymakers and standard setters to develop data disclosure policies.

This study provides an analysis of ethical and social issues surrounding big data accountability, an emerging but increasingly important area that needs urgent attention and more research. It also adds a new disclosure dimension to the existing accountability literature and provides practical suggestions to balance the interaction between online platform companies and their stakeholders to promote the responsible use of big data.

The paper addresses the privacy–personalisation paradox in the post-GDPR-2018 era. As the regulation came in a bid to regulate the collection and use of personal data, its implications remain underexplored. The research question is: How do consumers perceive the matter of personal data collection for the use of highly targeted and personalised ads post-GDPR-2018? The invasion of privacy vs the benefits of highly personalised digital marketing.

To address the research question, this qualitative study conducts semi-structured interviews with 14 individuals, consisting of average users and digital experts.

This paper reports on increasing consumer vulnerability post-GDPR-2018 due to increased awareness of personal data collection yet incessant lack of control, particularly regarding the repercussions of the digital footprint. The privacy paradox remains an issue except among experts, and personalisation remains necessary, yet critical challenges arise (e.g. filter bubbles and intrusion).

Policy implications include education, regulating consent platforms and encouraging consensual sharing of personal data.

While the privacy–personalisation paradox has been widely studied, the impact of GDPR-2018 has rarely been addressed in the literature. GDPR-2018 has seemingly had little impact on instilling a sense of security for consumers; if anything, this paper highlights greater concerns for privacy as users sign away their rights on consent forms to access websites, thus contributing novel insights to this area of research.

Employees may feel overwhelmed with information privacy choices and have difficulties understanding what they are committing to in the digital workplace. This paper aims to analyze the role of different thinking styles for effort reduction, such as the use of intuition, when employees make decisions about the credibility and trustworthiness of workplace information privacy issues in Slovakia. While the General Data Protection Regulation sets precise requirements for valid consent, organizations are classified as data controllers and are subject to credibility judgments by their employees.

Data was collected from 230 employees in Slovakia using a survey questionnaire. Quantitative analysis using SPSS was conducted to describe employees thinking preferences when judging the credibility of information privacy in their organizations.

The survey participants revealed their perceived credibility and trust in personal data protection and thinking preferences. Unconscious thinking is the type of effort reduction often reported by participants, who perceive high credibility and trust in personal data protection. This study can help managers and data controllers in small- and medium-sized enterprises in reflecting about the way in which people use different thinking processes for decision-making about information privacy in their organizations.

This study set out to explore how decision-making processes at the workplace relate to credibility of data practices. Focusing on the use of different types of intuition, the authors explored whether the preference for a specific decision-making style can explain the perceived credibility of data practices. The part of the workforce in the sample did not have a strict predisposition to use either intuitive or rational thinking.

The contribution provides scholars with an overview of the field of intuition, a field that is likely to grow given the challenges of digitalization for organizations, such as shitstorms, cyberattacks and whistleblowing.

The most well-known concepts from intuition research, e.g. the dual process theory, and practice are tested simultaneously, therewith contributing to the applied literature on domain-specific preferences for intuition and deliberation in decision-making.

Sharing patient health information (PHI) among hospitals has been much slower than the adoption of health record systems. This paper aims to investigate if privacy regulation (PR) or security measures (SMs) influence hospitals’ use of health information exchange (HIE) to share PHI with other providers (e.g. physicians, labs, hospitals). The study specifically focuses on how multiple PRs can impede and a strong national security infrastructure (NSI) can support HIE.

The study uses secondary data from a multi-national and multi-hospital survey administered by the European Union. The multi-level structure of the cross-sectional panel data is used to test the influence of both hospital-level (e.g. PR) and national-level variables (e.g. NSI) on HIE. A total of nine types of HIE, three types of PRs, nine SMs and other relevant control variables are considered. This study uses a two-level random intercept generalized linear model to test the hypothesis proposed in the study.

The study finds that national-level PRs (NLPR) have the strongest positive influence on HIE in comparison to regional (RLPR) and hospital-level (HLPR) PRs. Moreover, the study finds evidence that the presence of RLPR and HLPR, on average, decreases the positive impact of NLPR by 264%. The SMs also have a significant and positive impact on HIE. Adoption of an additional SM can increase the odds of engaging in a certain type of HIE between 21% and 61%. On the other hand, a strong NSI can also amplify the positive impact of SM on certain types of HIE.

This study extends prior research on the role of PRs in enabling HIE by considering the complexities brought up by adopting multiple PRs. NLPRs have the strongest impact on HIE in comparison to RLPRs or HLPRs. Moreover, public infrastructure initiatives such as those related to secure communications can also complement SMs adopted by the providers by encouraging HIE.

Artificial intelligence (AI) has sparked interest in various areas, including marketing. However, this exhilaration is being tempered by growing concerns about the moral and legal implications of using AI in marketing. Although previous research has revealed various ethical and legal issues, such as algorithmic discrimination and data privacy, there are no definitive answers. This paper aims to fill this gap by investigating AI’s ethical and legal concerns in marketing and suggesting feasible solutions.

The paper synthesises information from academic articles, industry reports, case studies and legal documents through a thematic literature review. A qualitative analysis approach categorises and interprets ethical and legal challenges and proposes potential solutions.

The findings of this paper raise concerns about ethical and legal challenges related to AI in the marketing area. Ethical concerns related to discrimination, bias, manipulation, job displacement, absence of social interaction, cybersecurity, unintended consequences, environmental impact, privacy and legal issues such as consumer security, responsibility, liability, brand protection, competition law, agreements, data protection, consumer protection and intellectual property rights are discussed in the paper, and their potential solutions are discussed.

Notwithstanding the interesting insights gathered from this investigation of the ethical and legal consequences of AI in marketing, it is important to recognise the limits of this research. Initially, the focus of this study is confined to a review of the most important ethical and legal issues pertaining to AI in marketing. Additional possible repercussions, such as those associated with intellectual property, contracts and licencing, should be investigated more deeply in future studies. Despite the fact that this study gives various answers and best practices for tackling the stated ethical and legal concerns, the viability and efficacy of these solutions may differ depending on the context and industry. Thus, more research and case studies are required to evaluate the applicability and efficacy of these solutions in other circumstances. This research is mostly based on a literature review and may not represent the experiences or opinions of all stakeholders engaged in AI-powered marketing. Further study might involve interviews or surveys with marketing professionals, customers and other key stakeholders to offer a full knowledge of the practical difficulties and solutions. Because of the rapid speed of technical progress, AI’s ethical and regulatory ramifications in marketing are continually increasing. Consequently, this work should be a springboard for more research and continuing conversations on this subject.

This study’s findings have several practical implications for marketing professionals. Emphasising openness and explainability: Marketing professionals should prioritise transparency in their use of AI, ensuring that customers are fully informed about data collection and utilisation for targeted advertising. By promoting openness and explainability, marketers can foster customer trust and avoid the negative consequences of a lack of transparency. Establishing ethical guidelines: Marketing professionals need to develop ethical rules for the creation and implementation of AI-powered marketing strategies. Adhering to ethical principles ensures compliance with legal norms and aligns with the organisation’s values and ideals. Investing in bias detection tools and privacy-enhancing technology: To mitigate risks associated with AI in marketing, marketers should allocate resources to develop and implement bias detection tools and privacy-enhancing technology. These tools can identify and address biases in AI algorithms, safeguard consumer privacy and extract valuable insights from consumer data.

This study’s social implications emphasise the need for a comprehensive approach to address the ethical and legal challenges of AI in marketing. This includes adopting a responsible innovation framework, promoting ethical leadership, using ethical decision-making frameworks and conducting multidisciplinary research. By incorporating these approaches, marketers can navigate the complexities of AI in marketing responsibly, foster an ethical organisational culture, make informed ethical decisions and develop effective solutions. Such practices promote public trust, ensure equitable distribution of benefits and risk, and mitigate potential negative social consequences associated with AI in marketing.

To the best of the authors’ knowledge, this paper is among the first to explore potential solutions comprehensively. This paper provides a nuanced understanding of the challenges by using a multidisciplinary framework and synthesising various sources. It contributes valuable insights for academia and industry.