Search results

General Data Protection Regulation (GDPR) of the European Union (EU) was passed to protect data privacy. Though the GDPR intended to address issues related to data privacy in the EU, it created an extra-territorial effect through Articles 3, 45 and 46. Extra-territorial effect refers to the application or the effect of local laws and regulations in another country. Lawmakers around the globe passed or intensified their efforts to pass laws to have personal data privacy covered so that they meet the adequacy requirement under Articles 45–46 of GDPR while providing comprehensive legislation locally. This study aims to analyze the Malaysian and Saudi Arabian legislation on health data privacy and their adequacy in meeting GDPR data privacy protection requirements.

The research used a systematic literature review, legal content analysis and comparative analysis to critically analyze the health data protection in Malaysia and Saudi Arabia in comparison with GDPR and to see the adequacy of health data protection that could meet the requirement of EU data transfer requirement.

The finding suggested that the private sector is better regulated in Malaysia than the public sector. Saudi Arabia has some general laws to cover health data privacy in both public and private sector organizations until the newly passed data protection law is implemented in 2024. The finding also suggested that the Personal Data Protection Act 2010 of Malaysia and the Personal Data Protection Law 2022 of Saudi Arabia could be considered “adequate” under GDPR.

The research would be able to identify the key principles that could identify the adequacy of the laws about health data in Malaysia and Saudi Arabia as there is a dearth of literature in this area. This will help to propose suggestions to improve the laws concerning health data protection so that various stakeholders can benefit from it.

This paper aims to examine the probable effect of the General Data Protection Regulation of the European Union on the transfer of financial intelligence to a third country without an adequacy decision.

This is an analytical study of the financial intelligence exchange mechanisms between the Bangladesh Financial Intelligence Unit (BFIU) and its foreign counterparts. The research analyses the key challenges this national agency faces in using the Egmont Group membership to import financial intelligence from jurisdictions with a superior data protection regime.

Membership in the Egmont Group of Financial Intelligence Units does not guarantee unrestricted international intelligence exchange. Existing data protection regulations in Bangladesh are inadequate. This may forbid the transfer of the financial intelligence linked to European Union (EU) data subjects to Bangladesh.

This paper does not cover a thorough discussion on any specific alternative tools for data transfer from the EU to a third country except for “appropriate safeguards” options.

The results of this study will help understand the existing legal and institutional limitations that may prevent intelligence exchange between the BFIU and its EU counterparts.

The study helps ascertain the legislative reform necessary in Bangladesh, a third country, to facilitate the transfer of financial intelligence from the EU.

Introduction: As Internet usage increases, so does widespread concern about surveillance and privacy. While most of the research primarily focuses on a particular digital setting, these problems cut beyond national boundaries and impact economies everywhere.

Purpose: This study critically analyses the Data Protection Bill 2019’s effectiveness within the context of surveillance and privacy in India’s digital economy. Investigating critical provisions of the bill, comparing it to international privacy laws and standards, and identifying potential gaps and weaknesses, this study provides insights into the bill’s ability to protect personal data and limit surveillance practices.

Methodology: The chapter is based on secondary sources of data, including academic articles, government reports, and news articles on the topics of surveillance, privacy, and the Data Protection Bill 2019 in India, involving content and critical discourse analyses.

Findings: The Data Protection Bill 2019 evaluation reveals a set of provisions with the overarching intent to safeguard citizens’ privacy worldwide and curtail undue surveillance practices exercised by both governmental bodies and private enterprises. Intricately delineates the entitlements of individuals concerning their data, encompassing vital aspects such as the right to access, rectify, and erase their data, the bill mandates stringent adherence to the principle of explicit consent when collecting and processing personal data.

Nevertheless, a comprehensive analysis also reveals several gaps and constraints inherent in the bill’s framework. One such area is the inclusion of exemptions for governmental entities, an aspect that raises international concerns regarding potential disparities in data protection practices.

Personal data is a powerful tool. The more someone know about us, the more power they got over us. But who will control the most of our personal data? Does the government and the big tech really care about our personal data? This paper aims to look at data practices, data-related policy making as well as its economic consequences in the context of emerging economies.

Using qualitative methods such as literature review and analysis of numerous government documents, this paper inquires into the dynamics in the use of data by the business sectors, explains how data governance can add value to the business sectors while ensuring customers’ data privacy protection based on the data governance mechanism framework and details what it takes.

Using the case of Indonesian recent development on data privacy regulation, this paper describes the problems and threats to personal data protection. The advent of latest computing and mobile technology is shifting power relations between the governments, the big tech, as well as the end users. To conclude, the strategy and policy recommendations for implementing data privacy protection are also presented.

This paper provides a timely synthesis of data practices in the context of developing countries, particularly in relation to policy making and economic consequences. This paper also identifies and shares several promising future research ideas.

The general data protection regulation (GDPR) was designed to address privacy challenges posed by globalisation and rapid technological advancements; however, its implementation has also introduced new hurdles for companies. This study aims to analyse and synthesise the existing literature that focuses on challenges of GDPR implementation in business enterprises, while also outlining the directions for future research.

The methodology of this review follows the preferred reporting items for systematic reviews and meta-analysis guidelines. It uses an extensive search strategy across Scopus and Web of Science databases, rigorously applying inclusion and exclusion criteria, yielding a detailed analysis of 16 selected studies that concentrate on GDPR implementation challenges in business organisations.

The findings indicate a predominant use of conceptual study methodologies in prior research, often limited to specific countries and technology-driven sectors. There is also an inclination towards exploring GDPR challenges within small and medium enterprises, while larger enterprises remain comparatively unexplored. Additionally, further investigation is needed to understand the implications of emerging technologies on GDPR compliance.

This study’s limitations include reliance of the search strategy on two databases, potential exclusion of relevant research, limited existing literature on GDPR implementation challenges in business context and possible influence of diverse methodologies and contexts of previous studies on generalisability of the findings.

The originality of this review lies in its exclusive focus on analysing GDPR implementation challenges within the business context, coupled with a fresh categorisation of these challenges into technical, legal, organisational, and regulatory dimensions.

The attempt to establish a common European framework for core platforms' duties and responsibilities toward other actors in the digital environment is at the core of the recent scholarly debate surrounding the Digital Markets Act (DMA) proposal. In particular, the everlasting juxtaposition between the “data power” – as emerging from recent cases (Section 2) – that dominant tech companies enjoy and the concept of consumer sovereignty (Section 3) lies at the core of the proposal's attempt to identify digital core platforms as market gatekeepers. Accordingly, this chapter critically investigates the divide between power imbalance and consumer sovereignty in light of the architecture designed by the DMA, with a specific focus on its effectiveness in identifying gatekeepers' power drivers (Section 4). After highlighting the main critical aspects of the pertinent rules, opportunities for fruitful developments are then identified through the reframing of some of the notions considered in the proposal, and namely the role of “lock-in” effects and “data accumulation” (Section 5). Lastly, this chapter suggests that the DMA advancements – while desirable – are bound to be fragmentary in the absence of a wider appraisal of the nature of data power imbalance dynamics in the modern digital markets (Section 6).

Research on online user privacy shows that empirical evidence on how privacy literacy relates to users' information privacy empowerment is missing. To fill this gap, this paper investigated the respective influence of two primary dimensions of online privacy literacy – namely declarative and procedural knowledge – on online users' information privacy empowerment.

An empirical analysis is conducted using a dataset collected in Europe. This survey was conducted in 2019 among 27,524 representative respondents of the European population.

The main results show that users' procedural knowledge is positively linked to users' privacy empowerment. The relationship between users' declarative knowledge and users' privacy empowerment is partially supported. While greater awareness about firms and organizations practices in terms of data collections and further uses conditions was found to be significantly associated with increased users' privacy empowerment, unpredictably, results revealed that the awareness about the GDPR and user’s privacy empowerment are negatively associated. The empirical findings reveal also that greater online privacy literacy is associated with heightened users' information privacy empowerment.

While few advanced studies made systematic efforts to measure changes occurred on websites since the GDPR enforcement, it remains unclear, however, how individuals perceive, understand and apply the GDPR rights/guarantees and their likelihood to strengthen users' information privacy control. Therefore, this paper contributes empirically to understanding how online users' privacy literacy shaped by both users' declarative and procedural knowledge is likely to affect users' information privacy empowerment. The study empirically investigates the effectiveness of the GDPR in raising users' information privacy empowerment from user-based perspective. Results stress the importance of greater transparency of data tracking and processing decisions made by online businesses and services to strengthen users' control over information privacy. Study findings also put emphasis on the crucial need for more educational efforts to raise users' awareness about the GDPR rights/guarantees related to data protection. Empirical findings also show that users who are more likely to adopt self-protective approaches to reinforce personal data privacy are more likely to perceive greater control over personal data. A broad implication of this finding for practitioners and E-businesses stresses the need for empowering users with adequate privacy protection tools to ensure more confidential transactions.

This study explores the link between ISO 9001 certification, personal data protection and firm performance using financial balance sheet and survey data. The security aspect of data protection is analyzed based on the major requirements of the General Data Protection Regulation and mapped to the relevant controls of the ISO/IEC 27001/27002 standards.

The research analysis is based on 96 ISO 9001–certified and non-certified publicly traded manufacturing and service firms that responded to a structured questionnaire. The authors develop and empirically test their theoretical model using the structural equation modeling technique and follow a difference-in-differences econometric modeling approach to estimate financial performance differences between certified and non-certified firms accounting for the level of data protection.

The estimates indicate three core dimensions in the areas of “policies, procedures and responsibilities,” “access control management” and “risk-reduction techniques” as desirable components in establishing the concept of data security. The estimates also suggest that the data protection level has significantly impacted the performance of certified firms relative to the non-certified. Controlling for the effect of industry-level factors reveals a positive relationship between data security and high-technological intensity.

The results imply that improving the level of compliance to data protection enhances the link between certification and firm performance.

This study fills a gap in the literature by empirically testing the influence of data protection on the relationship between quality certification and firm performance.

This study aims to analyze the development of digital market characteristics particularly focusing on how the strategic choices of platforms are not fully reflected in pricing. In addition, the implications for the development of theories of harm are investigated to explore the necessity of a relevant market definition in assessing infringement and evaluating the adequacy of Indonesian competition law.

This study is a legal analysis that uses statutory approaches, cases, comparative law and the development of theories of harm in digital mergers. The case approach is conducted by analyzing three cases decided by the Indonesia Business Competition Supervisory Commission. This approach provides insight into the response of Komisi Pengawas Persaingan Usaha concerning the merger and acquisition cases in the digital era as well as the provision of different analyses in conventional markets. However, competition can be potentially damaged in digital markets and a comparative law approach is taken by analyzing digital merger cases decided by authorities in other countries.

Results reveal that the digital market has created a “relevant market” that is challenging and blurred due to multi-sided network effects and consumer data usage characteristics. Platform-based enterprises’ prices fluctuate due to the digital market’s network effect and consumer data statistics. Smartphone prices depend on the number of apps and consumer data. Neoclassical theory focusing on product markets and location applied in Indonesia must be revised to establish a relevant digital economy market. To evaluate digital mergers, new harm theories are needed. The merger should also protect consumer data. Law Number 27 of 2022 on Personal Data Protection and Government Regulation on the Implementation of Electronic Systems and Transactions protects online consumers, a basic step in due diligence for digital mergers. The Indonesian Government should promptly strengthen the notion of “relevant markets” in the digital economy, which could lead to fair business competition violations like big data control. Notify partners or digital merger participants of the accessibility of sensitive data like transaction history and user location.

The development of digital market characteristics has implications for developing theories of harm in digital markets. Indonesian competition law needs to develop such theories of harm to analyze the potential for anticompetitive digital mergers in the digital economy era.

The threat of cybercrime is pervasive. Corporations cannot be convinced, out of sheer luck or naïve conviction, that they will remain unaffected. When targeted, the stark reality is that a company also incurs a liability risk. This paper aims to explore the boundaries of liability resulting from a data breach and privacy concerns according to the emerging regulations on cybersecurity.

The nature of cybercrime and its constant evolution is analysed as a threat of liability. Its distinctly modern developments require consideration. In response to the threat of hackers, the protection that a corporation can invoke is also considered as a mitigating factor in ascribing liability.

Preventative steps to protect a corporation from cyberthreats must remain a consistent priority in the running of a company. The influence of human behaviour has become a foreseeable element in cybersecurity and as such the management of unreliable user behaviour is a key determining factor in ascribing liability in hindsight.

Foresight is everything in the prevention of cyberattacks. Cyberattacks can no longer be dismissed as an unlikely eventuality. Legislation on data security and data privacy is demanding higher standards of preventative action, under the duty of care to stakeholders. There is a substantial literature deficit on data security and data liability regulations in light of the liability risk incurred by cyberattacks.