Search results

1 – 10 of over 21000
To view the access options for this content please click here
Book part
Publication date: 7 May 2019

Francesco Ciclosi, Paolo Ceravolo, Ernesto Damiani and Donato De Ieso

This chapter analyzes the compliance of some category of Open Data in Politics with EU General Data Protection Regulation (GDPR) requirements. After clarifying the legal…

Abstract

This chapter analyzes the compliance of some category of Open Data in Politics with EU General Data Protection Regulation (GDPR) requirements. After clarifying the legal basis of this framework, with specific attention to the processing procedures that conform to the legitimate interests pursued by the data controller, including open data licenses or anonymization techniques, that can result in partial application of the GDPR, but there is no generic guarantee, and, as a consequence, an appropriate process of analysis and management of risks is required.

Details

Politics and Technology in the Post-Truth Era
Type: Book
ISBN: 978-1-78756-984-3

Keywords

To view the access options for this content please click here
Article
Publication date: 7 May 2020

Rakesh Belwal, Rahima Al Shibli and Shweta Belwal

Within a larger mandate of reviewing the key global trends concerning consumer protection in the electronic commerce (e-commerce) literature, this study aims to study the…

Abstract

Purpose

Within a larger mandate of reviewing the key global trends concerning consumer protection in the electronic commerce (e-commerce) literature, this study aims to study the legal framework concerning e-commerce and consumer protection in the Sultanate of Oman and to analyse the current regulations concerning e-commerce and consumer protection.

Design/methodology/approach

This study followed the normative legal research approach and resorted to the desk research process to facilitate content analysis of literature containing consumer protection legislation and regulatory provisions in Oman in particular and the rest of the world in general.

Findings

The study reveals that consumer protection initiatives in Oman are well entrenched for offline transactions, but are relatively new and limited for e-commerce. In spite of the promulgation of consumer protection laws, electronic transaction law and cybercrime law, consumer protection measures for e-commerce in Oman do not address a large number of the global concerns necessary to build consumer confidence and trust in the online environment.

Research limitations/implications

There is a dearth of information concerning Oman on this topic in the extant literature. The research also witnessed the lack of empirical data on the issue of consumer protection and e-commerce in Oman that offer a detailed database of consumer complaints and associated outcomes.

Practical implications

The mechanism of consumer protection in electronic transactions is not robust in many countries. Because of the lack of comprehensive and robust legislation, consumers remain vulnerable in the online contractual purchase process. Moving beyond the fragmented legislation, many countries are currently mulling an all-comprehensive e-commerce law, implications of this paper will help the policymakers in identifying the focus areas.

Social implications

Consumer protection is a burning global issue in this era of consumerism. It is important to build consumer trust, transparency and integrity of transactions to reduce the risk and uncertainties of purchase.

Originality/value

Consumer protection studies conducted in the context of Oman, hitherto, deal more with data protection and dispute resolution mechanisms, and less with legal provisions, regulations and consumer confidence. The study shares newer insights based on a systematic review of legal and business databases. It is the first study of its kind in the context of Oman and the Middle East in general.

Details

Journal of Information, Communication and Ethics in Society, vol. 19 no. 1
Type: Research Article
ISSN: 1477-996X

Keywords

To view the access options for this content please click here
Article
Publication date: 8 June 2020

Vasiliki Diamantopoulou, Aggeliki Tsohou and Maria Karyda

This paper aims to identify the controls provisioned in ISO/IEC 27001:2013 and ISO/IEC 27002:2013 that need to be extended to adequately meet, data protection requirements…

Abstract

Purpose

This paper aims to identify the controls provisioned in ISO/IEC 27001:2013 and ISO/IEC 27002:2013 that need to be extended to adequately meet, data protection requirements set by the General Data Protection Regulation (GDPR); it also indicates security management actions an organisation needs to perform to fulfil GDPR requirements. Thus, ISO/IEC 27001:2013 compliant organisations, can use this paper as a basis for extending the already existing security control modules towards data protection; and as guidance for reaching compliance with the regulation.

Design/methodology/approach

This study has followed a two-step approach; first, synergies between ISO/IEC 27001:2013 modules and GDPR requirements were identified, by analysing all 14 control modules of the ISO/IEC 27001:2013 and proposing the appropriate actions towards the satisfaction of data protection requirements. Second, this paper identified GDPR requirements not addressed by ISO/IEC 27001:2013.

Findings

The findings of this work include the identification of the common ground between the security controls that ISO/IEC 27001:2013 includes and the requirements that the GDPR imposes; the actions that need to be performed based on these security controls to adequately meet the data protection requirements that the GDPR imposes; and the identification of the remaining actions an ISO/IEC 27001 compliant organisation needs to perform to be able to adhere with the GDPR.

Originality/value

This paper provides a gap analysis and a further steps identification regarding the additional actions that need to be performed to allow an ISO/IEC 27001:2013 certified organisation to be compliant with the GDPR.

Details

Information & Computer Security, vol. 28 no. 4
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article
Publication date: 20 October 2021

Al Sentot Sudarwanto and Dona Budi Budi Kharisma

The purpose of this paper is two-fold: to explore the legal issue of the importance of personal data protection in the digital economy sector and to propose a legal…

Abstract

Purpose

The purpose of this paper is two-fold: to explore the legal issue of the importance of personal data protection in the digital economy sector and to propose a legal framework for personal data protection as a consumer protection strategy and accelerate the digital economy.

Design/methodology/approach

This study is legal research. The research approach used was the comparative approach and statute approach. The legal materials used are all regulations regarding personal data protection that apply in Indonesia, Hong Kong and Malaysia. The technique of collecting legal materials is done by using library research techniques.

Findings

The value of Indonesia’s digital economy is the biggest in the Southeast Asia region, but data breach is still a big challenge to face. The Indonesian Consumers Foundation (Yayasan Lembaga Konsumen Indonesia) recorded 54 cases of a data breach in e-commerce, 27 cases in peer-to-peer lending and 5 cases in electronic money. Based on the results of a comparative study with Hong Kong and Malaysia, Indonesia has yet no specific Act that comprehensively regulates personal data protection. Indonesia also does not have a personal data protection commission. Criminal sanctions and civil claims related to data breaches have not yet been regulated.

Research limitations/implications

This study examines the data breach problem in the Indonesian digital economy sector. However, the legal construction of personal data protection regulations is built on the results of a comparative study with Hong Kong and Malaysia.

Practical implications

The results of this study can be useful for constructing the ideal regulation regarding the protection of personal data in the digital economy sector.

Social implications

The results of the recommendations in this study are expected to develop and strengthen the protection of personal data in the Indonesian digital economy sector. Besides aiming to prevent the misuse of personal data, the regulation aims to protect consumers and accelerate the growth of the digital economy.

Originality/value

Indonesia needs to create a personal data protection act. The act should at least cover such issues: personal data protection principles; types of personal data; management of personal data; mechanism of personal data protection and security; commission of personal data protection; transfers of personal data; resolution mechanism of personal data dispute and criminal sanctions and civil claims.

Details

Journal of Financial Crime, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 1359-0790

Keywords

To view the access options for this content please click here
Article
Publication date: 6 August 2018

Jawahitha Sarabdeen and Immanuel Azaad Moonesar

The move toward e-health care in various countries is envisaged to reduce the cost of provision of health care, improve the quality of care and reduce medical errors. The…

Downloads
1192

Abstract

Purpose

The move toward e-health care in various countries is envisaged to reduce the cost of provision of health care, improve the quality of care and reduce medical errors. The most significant problem is the protection of patients’ data privacy. If the patients are reluctant or refuse to participate in health care system due to lack of privacy laws and regulations, the benefit of the full-fledged e-health care system cannot be materialized. The purpose of this paper is to investigate the available e-health data privacy protection laws and the perception of the people using the e-health care facilities.

Design/methodology/approach

The researchers used content analysis to analyze the availability and comprehensive nature of the laws and regulations. The researchers also used survey method. Participants in the study comprised of health care professionals (n=46) and health care users (n=187) who are based in the Dubai, United Arab Emirates. The researchers applied descriptive statistics mechanisms and correlational analysis to analyze the data in the survey.

Findings

The content analysis revealed that the available health data protection laws are limited in scope. The survey results, however, showed that the respondents felt that they could trust the e-health services systems offered in the UAE as the data collected is protected, the rights are not violated. The research also revealed that there was no significance difference between the nationality and the privacy data statements. All the nationality agreed that there is protection in place for the protection of e-health data. There was no significance difference between the demographic data sets and the many data protection principles.

Originality/value

The findings on the users’ perception could help to evaluate the success in realizing current strategies and an action plan of benchmarking could be introduced.

Details

Benchmarking: An International Journal, vol. 25 no. 6
Type: Research Article
ISSN: 1463-5771

Keywords

To view the access options for this content please click here
Book part
Publication date: 6 December 2018

Albena Kuyumdzhieva

The chapter deliberates on research ethics and the unanticipated side effects that technological developments have brought in the past decades. It looks at data protection

Abstract

The chapter deliberates on research ethics and the unanticipated side effects that technological developments have brought in the past decades. It looks at data protection and privacy through the prism of ethics and focuses on the need for safeguarding the fundamental rights of the research participants in the new digital era. Acknowledging the benefits of data analytics for boosting scientific process, the chapter reflects on the main principles and specific research derogations, introduced by the EU General Data Protection Regulation. Further on, it discusses some of the most pressing ethics concerns, related to the use, reuse, and misuse of data; the distinction between publicly available and open data; ethics challenges in online recruitment of research participants; and the potential bias and representativeness problems of Big Data research. The chapter underscores that all challenges should be properly addressed at the outset of research design. Highlighting the power asymmetries between Big Data studies and individuals’ rights to data protection, human dignity, and respect for private and family life, the chapter argues that anonymization may be reasonable, yet not the ultimate ethics solution. It asserts that while anonymization techniques may protect individual data protection rights, the former may not be sufficient to prevent discrimination and stigmatization of entire groups of populations. Finally, the chapter suggests some approaches for ensuring ethics compliance in the digital era.

Details

Ethics and Integrity in Health and Life Sciences Research
Type: Book
ISBN: 978-1-78743-572-8

Keywords

To view the access options for this content please click here

Abstract

Details

Drones and the Law
Type: Book
ISBN: 978-1-80043-249-9

To view the access options for this content please click here
Article
Publication date: 3 June 2019

Gonçalo Almeida Teixeira, Miguel Mira da Silva and Ruben Pereira

The digital paradigm people live in today, which drastically increased the consumption of data, is a threat to their privacy. To create a high level of privacy protection

Downloads
1491

Abstract

Purpose

The digital paradigm people live in today, which drastically increased the consumption of data, is a threat to their privacy. To create a high level of privacy protection for its citizens, the European Union proposed the General Data Protection Regulation (GDPR), which introduces obligations for organizations regarding the storing, processing, collecting and disclosing of data. This paper aims to identify the critical success factors of GDPR implementation.

Design/methodology/approach

A systematic literature review was conducted by following a strict review protocol, where 32 documents were found relevant to perform the review and to answer to the proposed research questions.

Findings

The critical success factors of GDPR implementation were identified, including barriers and enablers. Furthermore, benefits of complying with GDPR were identified.

Research limitations/implications

As GDPR is a relatively recent subject, there are still few scientific papers about it. Therefore, the authors were unable to neither identify nor present a robust conclusion regarding specific topics, such as practical outcomes.

Originality/value

On the basis of the literature, the identified critical success factors may be useful for organizations as these can be better prepared to achieve compliance by prioritizing the enablers and avoiding the barriers.

Details

Digital Policy, Regulation and Governance, vol. 21 no. 4
Type: Research Article
ISSN: 2398-5038

Keywords

To view the access options for this content please click here
Article
Publication date: 14 December 2018

Annegret Bendiek and Magnus Römer

This paper aims to explain how the EU projects its own data protection regime to third states and the US in particular. Digital services have become a central element in…

Downloads
2438

Abstract

Purpose

This paper aims to explain how the EU projects its own data protection regime to third states and the US in particular. Digital services have become a central element in the transatlantic economy. A substantial part of that trade is associated with the transfer of data, most of it personal, requiring many of the new products and services emerging to adhere to data protection standards. Yet different conceptions of data protection exist across the Atlantic, with the EU putting a particular focus on protecting the fundamental right to privacy.

Design/methodology/approach

Using the distinction between positive and negative forms of market integration as a starting point (Scharpf, 1997), this paper examines the question of how the EU is projecting its own data protection regime to third states. The so-called California effect (Vogel, 1997) and the utilization of trade agreements in the EU’s foreign policy and external relations are well researched. With decreasing effectiveness and limited territorial reach of its enlargement policy, the EU found trade agreements to be particularly effective to set standards on a global level (Lavenex and Schimmelfennig, 2009). The existence of the single market makes the Union not only an important locus of regulation but also a strong economic actor with the global ambition of digital assertiveness. In the past, establishing standards for the EU’s vast consumer market has proven effective in compelling non-European market participants to join.

Findings

As the globe’s largest consumer market, Europe aims to project its own data protection laws through the market place principle (lex loci solutionis), requiring any data processor to follow its laws whenever European customers’ data are processed. This paper argues that European data protection law creates a “California Effect”, whereby the EU exerts pressure on extra-territorial markets by unilateral standard setting.

Originality/value

With its GDPR, the EU may have defused the problem of European citizens’ data being stored and evaluated according to the US law. However, it has also set a precedent of extra-territorial applicability of its legislation – despite having previously criticized the USA for such practices. By now, international companies increasingly store data of European customers in Europe to prevent conflicts with EU law. With this decision, the EU will apply its own law on others’ sovereign territory. Conflicts created through the extra-territorial effects of national law may contradict the principle of due diligence obligations but are nevertheless not illegitimate. They may, however, have further unintended effects: Other major economies are likely to be less reluctant in the future about passing legal provisions with extra-territorial effect.

Details

Digital Policy, Regulation and Governance, vol. 21 no. 1
Type: Research Article
ISSN: 2398-5038

Keywords

To view the access options for this content please click here
Article
Publication date: 9 August 2021

Luís Leite, Daniel Rodrigues dos Santos and Fernando Almeida

This paper aims to explore the changes imposed by the general data protection regulation (GDPR) on software engineering practices. The fundamental objective is to have a…

Abstract

Purpose

This paper aims to explore the changes imposed by the general data protection regulation (GDPR) on software engineering practices. The fundamental objective is to have a perception of the practices and phases that have experienced the greatest changes. Additionally, it aims to identify a set of good practices that can be adopted by software engineering companies.

Design/methodology/approach

This study uses a qualitative methodology through four case studies involving Portuguese software engineering companies. Two of these companies are small and medium enterprises (SMEs) while the other remaining two are micro-companies. The thematic analysis is adopted to identify patterns in the performed interviews.

Findings

The findings indicate that significant changes have occurred at all stages of software development. In particular, the initial stages of identifying requirements and modeling processes were the stages that experienced the greatest changes. On the opposite, the technical development phase has not noticeably changed but, nevertheless, it is necessary to look at the importance of training software developers for GDPR rules and practices.

Research limitations/implications

Two relevant limitations were identified as follows: only four case studies involving micro-companies and SMEs were considered, and only the traditional software development methodology was considered. The use of agile methodologies was not explored in this study and the findings can only be mainly applied to the waterfall model.

Originality/value

This study offers mainly practical contributions by identifying a set of challenges that are posed to software engineering companies by the implementation of GDPR. Through their knowledge, it is expected to help these companies to better prepare themselves and anticipate the challenges they will necessarily face.

Details

Information & Computer Security, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 2056-4961

Keywords

1 – 10 of over 21000