Search results

Within a larger mandate of reviewing the key global trends concerning consumer protection in the electronic commerce (e-commerce) literature, this study aims to study the legal framework concerning e-commerce and consumer protection in the Sultanate of Oman and to analyse the current regulations concerning e-commerce and consumer protection.

This study followed the normative legal research approach and resorted to the desk research process to facilitate content analysis of literature containing consumer protection legislation and regulatory provisions in Oman in particular and the rest of the world in general.

The study reveals that consumer protection initiatives in Oman are well entrenched for offline transactions, but are relatively new and limited for e-commerce. In spite of the promulgation of consumer protection laws, electronic transaction law and cybercrime law, consumer protection measures for e-commerce in Oman do not address a large number of the global concerns necessary to build consumer confidence and trust in the online environment.

There is a dearth of information concerning Oman on this topic in the extant literature. The research also witnessed the lack of empirical data on the issue of consumer protection and e-commerce in Oman that offer a detailed database of consumer complaints and associated outcomes.

The mechanism of consumer protection in electronic transactions is not robust in many countries. Because of the lack of comprehensive and robust legislation, consumers remain vulnerable in the online contractual purchase process. Moving beyond the fragmented legislation, many countries are currently mulling an all-comprehensive e-commerce law, implications of this paper will help the policymakers in identifying the focus areas.

Consumer protection is a burning global issue in this era of consumerism. It is important to build consumer trust, transparency and integrity of transactions to reduce the risk and uncertainties of purchase.

Consumer protection studies conducted in the context of Oman, hitherto, deal more with data protection and dispute resolution mechanisms, and less with legal provisions, regulations and consumer confidence. The study shares newer insights based on a systematic review of legal and business databases. It is the first study of its kind in the context of Oman and the Middle East in general.

This paper aims to identify the controls provisioned in ISO/IEC 27001:2013 and ISO/IEC 27002:2013 that need to be extended to adequately meet, data protection requirements set by the General Data Protection Regulation (GDPR); it also indicates security management actions an organisation needs to perform to fulfil GDPR requirements. Thus, ISO/IEC 27001:2013 compliant organisations, can use this paper as a basis for extending the already existing security control modules towards data protection; and as guidance for reaching compliance with the regulation.

This study has followed a two-step approach; first, synergies between ISO/IEC 27001:2013 modules and GDPR requirements were identified, by analysing all 14 control modules of the ISO/IEC 27001:2013 and proposing the appropriate actions towards the satisfaction of data protection requirements. Second, this paper identified GDPR requirements not addressed by ISO/IEC 27001:2013.

The findings of this work include the identification of the common ground between the security controls that ISO/IEC 27001:2013 includes and the requirements that the GDPR imposes; the actions that need to be performed based on these security controls to adequately meet the data protection requirements that the GDPR imposes; and the identification of the remaining actions an ISO/IEC 27001 compliant organisation needs to perform to be able to adhere with the GDPR.

This paper provides a gap analysis and a further steps identification regarding the additional actions that need to be performed to allow an ISO/IEC 27001:2013 certified organisation to be compliant with the GDPR.

This paper aims to examine the probable effect of the General Data Protection Regulation of the European Union on the transfer of financial intelligence to a third country without an adequacy decision.

This is an analytical study of the financial intelligence exchange mechanisms between the Bangladesh Financial Intelligence Unit (BFIU) and its foreign counterparts. The research analyses the key challenges this national agency faces in using the Egmont Group membership to import financial intelligence from jurisdictions with a superior data protection regime.

Membership in the Egmont Group of Financial Intelligence Units does not guarantee unrestricted international intelligence exchange. Existing data protection regulations in Bangladesh are inadequate. This may forbid the transfer of the financial intelligence linked to European Union (EU) data subjects to Bangladesh.

This paper does not cover a thorough discussion on any specific alternative tools for data transfer from the EU to a third country except for “appropriate safeguards” options.

The results of this study will help understand the existing legal and institutional limitations that may prevent intelligence exchange between the BFIU and its EU counterparts.

The study helps ascertain the legislative reform necessary in Bangladesh, a third country, to facilitate the transfer of financial intelligence from the EU.

The purpose of this paper is two-fold: to explore the legal issue of the importance of personal data protection in the digital economy sector and to propose a legal framework for personal data protection as a consumer protection strategy and accelerate the digital economy.

This study is legal research. The research approach used was the comparative approach and statute approach. The legal materials used are all regulations regarding personal data protection that apply in Indonesia, Hong Kong and Malaysia. The technique of collecting legal materials is done by using library research techniques.

The value of Indonesia’s digital economy is the biggest in the Southeast Asia region, but data breach is still a big challenge to face. The Indonesian Consumers Foundation (Yayasan Lembaga Konsumen Indonesia) recorded 54 cases of a data breach in e-commerce, 27 cases in peer-to-peer lending and 5 cases in electronic money. Based on the results of a comparative study with Hong Kong and Malaysia, Indonesia has yet no specific Act that comprehensively regulates personal data protection. Indonesia also does not have a personal data protection commission. Criminal sanctions and civil claims related to data breaches have not yet been regulated.

This study examines the data breach problem in the Indonesian digital economy sector. However, the legal construction of personal data protection regulations is built on the results of a comparative study with Hong Kong and Malaysia.

The results of this study can be useful for constructing the ideal regulation regarding the protection of personal data in the digital economy sector.

The results of the recommendations in this study are expected to develop and strengthen the protection of personal data in the Indonesian digital economy sector. Besides aiming to prevent the misuse of personal data, the regulation aims to protect consumers and accelerate the growth of the digital economy.

Indonesia needs to create a personal data protection act. The act should at least cover such issues: personal data protection principles; types of personal data; management of personal data; mechanism of personal data protection and security; commission of personal data protection; transfers of personal data; resolution mechanism of personal data dispute and criminal sanctions and civil claims.

The move toward e-health care in various countries is envisaged to reduce the cost of provision of health care, improve the quality of care and reduce medical errors. The most significant problem is the protection of patients’ data privacy. If the patients are reluctant or refuse to participate in health care system due to lack of privacy laws and regulations, the benefit of the full-fledged e-health care system cannot be materialized. The purpose of this paper is to investigate the available e-health data privacy protection laws and the perception of the people using the e-health care facilities.

The researchers used content analysis to analyze the availability and comprehensive nature of the laws and regulations. The researchers also used survey method. Participants in the study comprised of health care professionals (n=46) and health care users (n=187) who are based in the Dubai, United Arab Emirates. The researchers applied descriptive statistics mechanisms and correlational analysis to analyze the data in the survey.

The content analysis revealed that the available health data protection laws are limited in scope. The survey results, however, showed that the respondents felt that they could trust the e-health services systems offered in the UAE as the data collected is protected, the rights are not violated. The research also revealed that there was no significance difference between the nationality and the privacy data statements. All the nationality agreed that there is protection in place for the protection of e-health data. There was no significance difference between the demographic data sets and the many data protection principles.

The findings on the users’ perception could help to evaluate the success in realizing current strategies and an action plan of benchmarking could be introduced.

The digital paradigm people live in today, which drastically increased the consumption of data, is a threat to their privacy. To create a high level of privacy protection for its citizens, the European Union proposed the General Data Protection Regulation (GDPR), which introduces obligations for organizations regarding the storing, processing, collecting and disclosing of data. This paper aims to identify the critical success factors of GDPR implementation.

A systematic literature review was conducted by following a strict review protocol, where 32 documents were found relevant to perform the review and to answer to the proposed research questions.

The critical success factors of GDPR implementation were identified, including barriers and enablers. Furthermore, benefits of complying with GDPR were identified.

As GDPR is a relatively recent subject, there are still few scientific papers about it. Therefore, the authors were unable to neither identify nor present a robust conclusion regarding specific topics, such as practical outcomes.

On the basis of the literature, the identified critical success factors may be useful for organizations as these can be better prepared to achieve compliance by prioritizing the enablers and avoiding the barriers.

The purpose of this general review is to address the evolution and development of the Fair Information Practice Principles (FIPPs).

This study presents FIPPs from several establishments, compare them and map them to the General Data Protection Regulation (GDPR). Additionally, this study presents and discuss similarities and differences among FIPP sets.

Although the subject matter of the FIPP sets is very similar, there are differences: their scope differs significantly. The comparison among FIPP sets is presented, and it provides relevant information related to the connectedness between privacy principles.

This study considers the GDPR to be the pinnacle of the efforts to improve personal data protection; it became a role model for other countries to implement similar regulations.

This paper aims to explain how the EU projects its own data protection regime to third states and the US in particular. Digital services have become a central element in the transatlantic economy. A substantial part of that trade is associated with the transfer of data, most of it personal, requiring many of the new products and services emerging to adhere to data protection standards. Yet different conceptions of data protection exist across the Atlantic, with the EU putting a particular focus on protecting the fundamental right to privacy.

Using the distinction between positive and negative forms of market integration as a starting point (Scharpf, 1997), this paper examines the question of how the EU is projecting its own data protection regime to third states. The so-called California effect (Vogel, 1997) and the utilization of trade agreements in the EU’s foreign policy and external relations are well researched. With decreasing effectiveness and limited territorial reach of its enlargement policy, the EU found trade agreements to be particularly effective to set standards on a global level (Lavenex and Schimmelfennig, 2009). The existence of the single market makes the Union not only an important locus of regulation but also a strong economic actor with the global ambition of digital assertiveness. In the past, establishing standards for the EU’s vast consumer market has proven effective in compelling non-European market participants to join.

As the globe’s largest consumer market, Europe aims to project its own data protection laws through the market place principle (lex loci solutionis), requiring any data processor to follow its laws whenever European customers’ data are processed. This paper argues that European data protection law creates a “California Effect”, whereby the EU exerts pressure on extra-territorial markets by unilateral standard setting.

With its GDPR, the EU may have defused the problem of European citizens’ data being stored and evaluated according to the US law. However, it has also set a precedent of extra-territorial applicability of its legislation – despite having previously criticized the USA for such practices. By now, international companies increasingly store data of European customers in Europe to prevent conflicts with EU law. With this decision, the EU will apply its own law on others’ sovereign territory. Conflicts created through the extra-territorial effects of national law may contradict the principle of due diligence obligations but are nevertheless not illegitimate. They may, however, have further unintended effects: Other major economies are likely to be less reluctant in the future about passing legal provisions with extra-territorial effect.

On May 25, 2018, the General Data Protection Regulation (GDPR) became mandatory for all organizations that handle the personal data of European Union citizens. This exploratory study aims to determine the critical success factors (CSFs) related to implementing the GDPR in Portuguese public higher education institutions (HEIs).

This study adopts a multimethod methodology with qualitative and quantitative methods. A multiple case study was carried out in Portuguese public universities. As procedures for data collecting and analysis, semistructured interviews with 26 questions were conducted with the data protection officers of these universities during May and July 2019 to derive a set of CSFs. Next, the Delphi method has been applied to determine the ranking of the CSFs. The hierarchical clusters analysis has also been applied to determine the cluster with essential CSFs. To derive the CSF, the method by Caralli et al. (2004) has been applied.

This study has identified the list of 16 CSFs related to the implementation of GDPR in HEIs, among which we can highlight, for instance, empower workers on the GDPR; commit top management with the GDPR; implement the GDPR with the involvement of management and workers; create a culture for data protection; and create a decentralized team of pivots for data protection.

It could have been more enriching in the CSF determination process if all Portuguese public universities had participated in this study. In fact, within their many similarities, universities are also very different in approaching privacy and data protection. New studies are needed to determine whether the CSFs identified apply equally to other organizations, namely, private HEIs with less bureaucracy.

Identifying CSFs related to GDPR implementation in Portuguese public universities is a new area of study. This paper is a contribution to its development.

The implementation of European data protection is a challenge for businesses and has imposed legal, technical and organizational changes for companies. This study aims to explore the benefits and challenges that companies operating in the information technology (IT) sector have experienced in applying the European data protection. Additionally, this study aims to explore whether the benefits and challenges faced by these companies were different considering their dimension and the state of implementation of the regulation.

This study adopts a quantitative methodology, based on a survey conducted with Portuguese IT companies. The survey is composed of 30 questions divided into three sections, namely, control data; assessment; and benefits and challenges. The survey was created on Google Drive and distributed among Portuguese IT companies between March and April of 2019. The data were analyzed using the Stata software using descriptive and inferential analysis techniques using the ANOVA one-way test.

A total of 286 responses were received. The main benefits identified by the application of European data protection include increased confidence and legal clarification. On the other hand, the main challenges include the execution of audits to systems and processes and the application of the right to erasure. The findings allow us to conclude that the state of implementation of the general data protection regulation (GDPR), and the type of company are discriminating factors in the perception of benefits and challenges.

This study has essentially practical implications. Based on the synthesis of the benefits and challenges posed by the adoption of European data protection, it is possible to assess the relative importance and impact of the benefits and challenges faced by companies in the IT sector. However, this study does not explore the type of challenges that are placed at each stage of the adoption of European data protection and does not take into account the specificities of the activities carried out by each of these companies.

The implementation of the GDPR is still in an initial phase. This study is pioneering in synthesizing the main benefits and challenges of its adoption considering the companies operating in the IT sector. Furthermore, this study explores the impact of the size of the company and the status of implementation of the GDPR on the perception of the established benefits and challenges.