Search results

The purpose of this paper is to examine the extent to which financial privacy is present and necessary in dealings between banks and clients in China.

This paper provides a comparative study drawing, in particular, on developments in the USA.

It is a trend in legislation in the western developed countries that the right to privacy is taken seriously and private information in the financial activities is protected by law. The legislation in the USA is typically systematic and complete. The fact that financial privacy protection is sparsely stipulated in finance or administrative laws but the protection of privacy has yet not been systematically written into law in China so far, which is inconsistent with the current situations of the financial industry. China should deal with the relationship between banks and clients, administrative power and personal rights, judicial interpretation and legislation from the aspect of financial practice, so as to set up the legal system to protect financial privacy by learning from the legislation in the USA based on the national conditions.

The paper provides a systematic view of the value of financial privacy in the modern world, with recommendations for reform in China.

A legal obligation to adopt reasonable information security procedures exists in a variety of laws around the world, such as the EU Data Directive (Directive 95/46), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and sectoral and state privacy laws in the U.S. The latter include security breach notification laws, and laws establishing a general duty of security. This paper compares and contrasts the privacy and information security landscape inside and outside the U.S. and offers suggestions for corporate “best practices” in data security designed to enhance consumer trust and minimize liability.

The major federal and state laws that govern the privacy aspects of the use of computer data banks fall into three types of relationships between individuals and institutions: 1) individuals dealing with private institutions such as colleges or universities, 2) individuals interacting with state and local governments; and 3) individuals interacting with the federal government. A separate section is devoted to each of these relationships, containing assessments of the effectiveness of the legal mechanisms that mediate them. The ability of privacy laws that are presently on the books to protect us from abusive information collection, dissemination, and management practices is specifically considered.

This study aims to discover the legal borderline between licit online marketing and illicit privacy-intrusive and manipulative marketing, considering in particular consumers’ expectations of privacy.

A doctrinal legal research methodology is applied throughout with reference to the relevant legislative frameworks. In particular, this study analyzes the European Union (EU) data protection law [General Data Protection Regulation (GDPR)] framework (as it is one of the most advanced privacy laws in the world, with strong extra-territorial impact in other countries and consequent risks of high fines), as compared to privacy scholarship on the field and extract a compliance framework for marketers.

The GDPR is a solid compliance framework that can help to distinguish licit marketing from illicit one. It brings clarity through four legal tests: fairness test, lawfulness test, significant effect test and the high-risk test. The performance of these tests can be beneficial to consumers and marketers in particular considering that meeting consumers’ expectation of privacy can enhance their trust. A solution for marketers to respect and leverage consumers’ privacy expectations is twofold: enhancing critical transparency and avoiding the exploitation of individual vulnerabilities.

This study is limited to the European legal framework scenario and to theoretical analysis. Further research is necessary to investigate other legal frameworks and to prove this model in practice, measuring not only the consumers’ expectation of privacy in different contexts but also the practical managerial implications of the four GDPR tests for marketers.

This study originally contextualizes the most recent privacy scholarship on online manipulation within the EU legal framework, proposing an easy and accessible four-step test and twofold solution for marketers. Such a test might be beneficial both for marketers and for consumers’ expectations of privacy.

Perpetrators of technology-facilitated gender-based violence are taking advantage of increasingly automated and sophisticated privacy-invasive tools to carry out their abuse. Whether this be monitoring movements through stalkerware, using drones to nonconsensually film or harass, or manipulating and distributing intimate images online such as deepfakes and creepshots, invasions of privacy have become a significant form of gender-based violence. Accordingly, our normative and legal concepts of privacy must evolve to counter the harms arising from this misuse of new technology. Canada's Supreme Court recently addressed technology-facilitated violations of privacy in the context of voyeurism in R v Jarvis (2019) . The discussion of privacy in this decision appears to be a good first step toward a more equitable conceptualization of privacy protection. Building on existing privacy theories, this chapter examines what the reasoning in Jarvis might mean for “reasonable expectations of privacy” in other areas of law, and how this concept might be interpreted in response to gender-based technology-facilitated violence. The authors argue the courts in Canada and elsewhere must take the analysis in Jarvis further to fully realize a notion of privacy that protects the autonomy, dignity, and liberty of all.

This is the second of three articles addressing the critical issue of abusive data collection and usage practices and their effect on personal privacy. The first article, which appeared in consecutive issue 17 of Library Hi Tech, discussed the individual under assault. This article discusses the evolution of data protection laws within countries and international organizations that have enacted such laws, and compares the scope, major provisions, and enforcement components of the laws.

General Data Protection Regulation (GDPR) of the European Union (EU) was passed to protect data privacy. Though the GDPR intended to address issues related to data privacy in the EU, it created an extra-territorial effect through Articles 3, 45 and 46. Extra-territorial effect refers to the application or the effect of local laws and regulations in another country. Lawmakers around the globe passed or intensified their efforts to pass laws to have personal data privacy covered so that they meet the adequacy requirement under Articles 45–46 of GDPR while providing comprehensive legislation locally. This study aims to analyze the Malaysian and Saudi Arabian legislation on health data privacy and their adequacy in meeting GDPR data privacy protection requirements.

The research used a systematic literature review, legal content analysis and comparative analysis to critically analyze the health data protection in Malaysia and Saudi Arabia in comparison with GDPR and to see the adequacy of health data protection that could meet the requirement of EU data transfer requirement.

The finding suggested that the private sector is better regulated in Malaysia than the public sector. Saudi Arabia has some general laws to cover health data privacy in both public and private sector organizations until the newly passed data protection law is implemented in 2024. The finding also suggested that the Personal Data Protection Act 2010 of Malaysia and the Personal Data Protection Law 2022 of Saudi Arabia could be considered “adequate” under GDPR.

The research would be able to identify the key principles that could identify the adequacy of the laws about health data in Malaysia and Saudi Arabia as there is a dearth of literature in this area. This will help to propose suggestions to improve the laws concerning health data protection so that various stakeholders can benefit from it.

Given the unique cultural-political context of China, this paper aims to investigate two research questions: What has been the development trajectory of policy-making on consumer privacy protection in China, and what factors have shaped its development over the years?

This paper adopts a historical approach and examines the development of Chinese consumer privacy policy during four periods: 1980s, 1990s, 2000s and 2010-present.

Chinese policy-making on consumer privacy protection has made steady advancement in the past few decades due to factors such as technological development, elite advocacy and emulation of other markets; however, the effects of these factors are conditioned by local forces.

To date, most studies of consumer privacy issues have focused on Western countries, especially the European Union and the USA. A better understanding of how consumer privacy policy has developed in China provides important lessons on the promotion of consumer privacy protection in other developing countries.

One of the key aims of the UK's Transformational Government strategy is to create a “joined‐up” government where communications within and between public organisations is improved by the use of information technology. Data sharing is a key enabler of “joined‐up” government but the implementation of the strategy presents a series of risks. The purpose of this paper is to articulate and assess the nature of those risks in relation to violations of existing laws using the National Pupil Database (NPD) in England as a case study.

The paper investigates examples of violations of EU law relating to rights to privacy of data sharing practices within the UK public sector using an interpretive approach to existing published information. The case of the NPD illustrates how certain identified data sharing practices contravene existing laws and exposes this aspect of the Transformational Government strategy to heightened risk of a legal challenge.

Four examples of violations of existing EU laws on privacy are identified from an investigation into the NPD for schools in England. The analysis exposes the imbalance between the data sharing practices underpinning the Transformational Government strategy in the UK and the requirements for fulfilling privacy protection rights to citizens enshrined in EU law. The findings reveal that data sharing practices as a key enabler of the Transformational Government strategy risks violating existing laws designed to protect privacy. The UK government risks a legal challenge, the outcome of which may seriously undermine the prospects for achieving the stated aim of improving efficiency and effectiveness across the public sector.

The paper is largely restricted to the NPD for schools in England. The findings would be strengthened by expanding the research into other areas of the public sector where data sharing practices have been implemented.

The findings are a significant and timely contribution to understanding the data sharing/privacy tension that ministers and legislators need to address. The work provides an insight into where weaknesses exist within current arrangements that is of value to policymakers, legislators, human rights advocates and government authorities at both central and local levels.