Search results

General Data Protection Regulation (GDPR) of the European Union (EU) was passed to protect data privacy. Though the GDPR intended to address issues related to data privacy in the EU, it created an extra-territorial effect through Articles 3, 45 and 46. Extra-territorial effect refers to the application or the effect of local laws and regulations in another country. Lawmakers around the globe passed or intensified their efforts to pass laws to have personal data privacy covered so that they meet the adequacy requirement under Articles 45–46 of GDPR while providing comprehensive legislation locally. This study aims to analyze the Malaysian and Saudi Arabian legislation on health data privacy and their adequacy in meeting GDPR data privacy protection requirements.

The research used a systematic literature review, legal content analysis and comparative analysis to critically analyze the health data protection in Malaysia and Saudi Arabia in comparison with GDPR and to see the adequacy of health data protection that could meet the requirement of EU data transfer requirement.

The finding suggested that the private sector is better regulated in Malaysia than the public sector. Saudi Arabia has some general laws to cover health data privacy in both public and private sector organizations until the newly passed data protection law is implemented in 2024. The finding also suggested that the Personal Data Protection Act 2010 of Malaysia and the Personal Data Protection Law 2022 of Saudi Arabia could be considered “adequate” under GDPR.

The research would be able to identify the key principles that could identify the adequacy of the laws about health data in Malaysia and Saudi Arabia as there is a dearth of literature in this area. This will help to propose suggestions to improve the laws concerning health data protection so that various stakeholders can benefit from it.

This paper aims to examine the probable effect of the General Data Protection Regulation of the European Union on the transfer of financial intelligence to a third country without an adequacy decision.

This is an analytical study of the financial intelligence exchange mechanisms between the Bangladesh Financial Intelligence Unit (BFIU) and its foreign counterparts. The research analyses the key challenges this national agency faces in using the Egmont Group membership to import financial intelligence from jurisdictions with a superior data protection regime.

Membership in the Egmont Group of Financial Intelligence Units does not guarantee unrestricted international intelligence exchange. Existing data protection regulations in Bangladesh are inadequate. This may forbid the transfer of the financial intelligence linked to European Union (EU) data subjects to Bangladesh.

This paper does not cover a thorough discussion on any specific alternative tools for data transfer from the EU to a third country except for “appropriate safeguards” options.

The results of this study will help understand the existing legal and institutional limitations that may prevent intelligence exchange between the BFIU and its EU counterparts.

The study helps ascertain the legislative reform necessary in Bangladesh, a third country, to facilitate the transfer of financial intelligence from the EU.

Introduction: As Internet usage increases, so does widespread concern about surveillance and privacy. While most of the research primarily focuses on a particular digital setting, these problems cut beyond national boundaries and impact economies everywhere.

Purpose: This study critically analyses the Data Protection Bill 2019’s effectiveness within the context of surveillance and privacy in India’s digital economy. Investigating critical provisions of the bill, comparing it to international privacy laws and standards, and identifying potential gaps and weaknesses, this study provides insights into the bill’s ability to protect personal data and limit surveillance practices.

Methodology: The chapter is based on secondary sources of data, including academic articles, government reports, and news articles on the topics of surveillance, privacy, and the Data Protection Bill 2019 in India, involving content and critical discourse analyses.

Findings: The Data Protection Bill 2019 evaluation reveals a set of provisions with the overarching intent to safeguard citizens’ privacy worldwide and curtail undue surveillance practices exercised by both governmental bodies and private enterprises. Intricately delineates the entitlements of individuals concerning their data, encompassing vital aspects such as the right to access, rectify, and erase their data, the bill mandates stringent adherence to the principle of explicit consent when collecting and processing personal data.

Nevertheless, a comprehensive analysis also reveals several gaps and constraints inherent in the bill’s framework. One such area is the inclusion of exemptions for governmental entities, an aspect that raises international concerns regarding potential disparities in data protection practices.

The study focusses on the legal issues surrounding artificial intelligence (AI), which are being investigated and debated about several European Union initiatives to manage and regulate Information and Communication Technologies. The goal is to discuss the benefits and drawbacks of adopting AI technology and the ramifications for the articulations of law and politics in democratic constitutional countries. Thus, the study aims to identify socio-legal concerns and possible solutions to protect individuals’ interests. The exploratory study is based on statutes, rules, and committee reports. The study has used news pieces, reports issued by organisations and legal websites. The study revealed computer security vulnerabilities, unfairness, bias and discrimination, and legal personhood and intellectual property issues. Issues with privacy and data protection, liability for harm, and lack of accountability will all be discussed. The vulnerability framework is utilised in this chapter to strengthen comprehension of key areas of concern and to motivate risk and impact mitigation solutions to safeguard human welfare. Given the importance of AI’s effects on weak individuals and groups as well as their legal rights, this chapter contributes to the discourse, which is essential. The chapter advances the conversation while appreciating the legal work done in AI and the fact that this sector needs constant review and flexibility. As AI technology advances, new legal challenges, vulnerabilities, and implications for data privacy will inevitably arise, necessitating increased monitoring and research.

Involvement of children in research on different aspects of children's rights, including research on violence against children, is continuously increasing, as is the interest in participatory approaches (European Agency for Fundamental Rights [FRA], 2014; Larsson et al., 2018; UN Committee on the Rights of the Child, 2011). Svevo-Cianci et al. (2011) noted that ‘as researchers commit to learning from community members, including children and adolescents themselves, it has become more clear that an understanding of the lived reality and definition of violence for children in their individual communities, is essential to envision and implement effective child protection’ (p. 985).

In this chapter, the legislative context regarding children's rights to be heard and participate is initially discussed; currently applied age requirements for children to acquire rights across the countries of the European Union (EU) are briefly presented; and children's potential roles and relevant provisions for their participation in social research are explored. The last part is dedicated to the presentation and discussion of the General Data Protection Regulation (GDPR; Regulation [EU] 2016/679, 2016) – specifically, children's personal data–related recitals and articles; the importance of the definition of a legal basis for personal data processing according to the GDPR, including consent; and the necessary information to be provided to children before their data are processed.

Personal data is a powerful tool. The more someone know about us, the more power they got over us. But who will control the most of our personal data? Does the government and the big tech really care about our personal data? This paper aims to look at data practices, data-related policy making as well as its economic consequences in the context of emerging economies.

Using qualitative methods such as literature review and analysis of numerous government documents, this paper inquires into the dynamics in the use of data by the business sectors, explains how data governance can add value to the business sectors while ensuring customers’ data privacy protection based on the data governance mechanism framework and details what it takes.

Using the case of Indonesian recent development on data privacy regulation, this paper describes the problems and threats to personal data protection. The advent of latest computing and mobile technology is shifting power relations between the governments, the big tech, as well as the end users. To conclude, the strategy and policy recommendations for implementing data privacy protection are also presented.

This paper provides a timely synthesis of data practices in the context of developing countries, particularly in relation to policy making and economic consequences. This paper also identifies and shares several promising future research ideas.

The general data protection regulation (GDPR) was designed to address privacy challenges posed by globalisation and rapid technological advancements; however, its implementation has also introduced new hurdles for companies. This study aims to analyse and synthesise the existing literature that focuses on challenges of GDPR implementation in business enterprises, while also outlining the directions for future research.

The methodology of this review follows the preferred reporting items for systematic reviews and meta-analysis guidelines. It uses an extensive search strategy across Scopus and Web of Science databases, rigorously applying inclusion and exclusion criteria, yielding a detailed analysis of 16 selected studies that concentrate on GDPR implementation challenges in business organisations.

The findings indicate a predominant use of conceptual study methodologies in prior research, often limited to specific countries and technology-driven sectors. There is also an inclination towards exploring GDPR challenges within small and medium enterprises, while larger enterprises remain comparatively unexplored. Additionally, further investigation is needed to understand the implications of emerging technologies on GDPR compliance.

This study’s limitations include reliance of the search strategy on two databases, potential exclusion of relevant research, limited existing literature on GDPR implementation challenges in business context and possible influence of diverse methodologies and contexts of previous studies on generalisability of the findings.

The originality of this review lies in its exclusive focus on analysing GDPR implementation challenges within the business context, coupled with a fresh categorisation of these challenges into technical, legal, organisational, and regulatory dimensions.

This paper aims to examine the nature and extent of disclosure on the use of big data by online platform companies and how these disclosures address and discharge stakeholder accountability.

Content analysis of annual reports and data policy documents of 100 online platform companies were used for this study. More specifically, the study develops a comprehensive big data disclosure framework to assess the nature and extent of disclosures provided in corporate reports. This framework also assists in evaluating the effect of the size of the company, industry and country in which they operate on disclosures.

The analysis reveals that most companies made limited disclosure on how they manage big data. Only two of the 100 online platform companies have provided moderate disclosures on big data related issues. The focus of disclosure by the online platform companies is more on data regulation compliance and privacy protection, but significantly less on the accountability and ethical issues of big data use. More specifically, critical issues, such as stakeholder engagement, breaches of customer information and data reporting and controlling mechanisms are largely overlooked in current disclosures. The analysis confirms that current attention has been predominantly given to powerful stakeholders such as regulators as a result of compliance pressure while the accountability pressure has yet to keep up the pace.

The study findings may be limited by the use of a new accountability disclosure index and the specific focus on online platform companies.

Although big data permeates, the number of users and uses grow and big data use has become more ingrained into society, this study provides evidence that ethical and accountability issues persist, even among the largest online companies. The findings of this study improve the understanding of the current state of online companies’ reporting practices on big data use, particularly the issues and gaps in the reporting process, which will help policymakers and standard setters develop future data disclosure policies.

From these findings, the study improves the understanding of the current state of online companies’ reporting practices on big data use, particularly the issues and gaps in the reporting process – which are helpful for policymakers and standard setters to develop data disclosure policies.

This study provides an analysis of ethical and social issues surrounding big data accountability, an emerging but increasingly important area that needs urgent attention and more research. It also adds a new disclosure dimension to the existing accountability literature and provides practical suggestions to balance the interaction between online platform companies and their stakeholders to promote the responsible use of big data.

Employees may feel overwhelmed with information privacy choices and have difficulties understanding what they are committing to in the digital workplace. This paper aims to analyze the role of different thinking styles for effort reduction, such as the use of intuition, when employees make decisions about the credibility and trustworthiness of workplace information privacy issues in Slovakia. While the General Data Protection Regulation sets precise requirements for valid consent, organizations are classified as data controllers and are subject to credibility judgments by their employees.

Data was collected from 230 employees in Slovakia using a survey questionnaire. Quantitative analysis using SPSS was conducted to describe employees thinking preferences when judging the credibility of information privacy in their organizations.

The survey participants revealed their perceived credibility and trust in personal data protection and thinking preferences. Unconscious thinking is the type of effort reduction often reported by participants, who perceive high credibility and trust in personal data protection. This study can help managers and data controllers in small- and medium-sized enterprises in reflecting about the way in which people use different thinking processes for decision-making about information privacy in their organizations.

This study set out to explore how decision-making processes at the workplace relate to credibility of data practices. Focusing on the use of different types of intuition, the authors explored whether the preference for a specific decision-making style can explain the perceived credibility of data practices. The part of the workforce in the sample did not have a strict predisposition to use either intuitive or rational thinking.

The contribution provides scholars with an overview of the field of intuition, a field that is likely to grow given the challenges of digitalization for organizations, such as shitstorms, cyberattacks and whistleblowing.

The most well-known concepts from intuition research, e.g. the dual process theory, and practice are tested simultaneously, therewith contributing to the applied literature on domain-specific preferences for intuition and deliberation in decision-making.

The research aims to establish the predictors of the acceptance of technical and organizational measures for the protection of personal data to ensure information privacy in Croatian libraries, starting from the constructs of the APCO Macro Model.

Two data collection methods were used: the online survey questionnaire method and the analysis of the websites of independent libraries in the Republic of Croatia.

The results show that the acceptance of measures for personal data protection by a library manager is mostly influenced by perceived knowledge, while culture and trust have a positive correlation of moderate strength. Awareness has a low positive correlation, and privacy experience is not statistically related to the acceptance of measures. There is no statistically significant difference in the acceptance of measures for the protection of personal data concerning age and work experience in the profession. There is a statistically significant correlation between compliance with the principle of transparency and the size of the library.

The study is valuable as it examined the characteristics of the culture of information privacy in libraries and determined the existence and impact of factors that influence ensuring the information privacy of users in Croatian libraries.