The benefits and challenges of general data protection regulation for the information technology sector

2019 ◽  
Vol 21 (5) ◽  
pp. 510-524 ◽  
Author(s):  
Nazar Poritskiy ◽  
Flávio Oliveira ◽  
Fernando Almeida
Keyword(s):  
Information Technology ◽  
Data Protection ◽  
The State ◽  
Quantitative Methodology ◽  
Content Type ◽  
General Data Protection Regulation ◽  
European Data ◽  
General Data ◽  
The Right ◽  
The Impact

PurposeThe implementation of European data protection is a challenge for businesses and has imposed legal, technical and organizational changes for companies. This study aims to explore the benefits and challenges that companies operating in the information technology (IT) sector have experienced in applying the European data protection. Additionally, this study aims to explore whether the benefits and challenges faced by these companies were different considering their dimension and the state of implementation of the regulation.Design/methodology/approachThis study adopts a quantitative methodology, based on a survey conducted with Portuguese IT companies. The survey is composed of 30 questions divided into three sections, namely, control data; assessment; and benefits and challenges. The survey was created on Google Drive and distributed among Portuguese IT companies between March and April of 2019. The data were analyzed using the Stata software using descriptive and inferential analysis techniques using the ANOVA one-way test.FindingsA total of 286 responses were received. The main benefits identified by the application of European data protection include increased confidence and legal clarification. On the other hand, the main challenges include the execution of audits to systems and processes and the application of the right to erasure. The findings allow us to conclude that the state of implementation of the general data protection regulation (GDPR), and the type of company are discriminating factors in the perception of benefits and challenges.Research limitations/implicationsThis study has essentially practical implications. Based on the synthesis of the benefits and challenges posed by the adoption of European data protection, it is possible to assess the relative importance and impact of the benefits and challenges faced by companies in the IT sector. However, this study does not explore the type of challenges that are placed at each stage of the adoption of European data protection and does not take into account the specificities of the activities carried out by each of these companies.Originality/valueThe implementation of the GDPR is still in an initial phase. This study is pioneering in synthesizing the main benefits and challenges of its adoption considering the companies operating in the IT sector. Furthermore, this study explores the impact of the size of the company and the status of implementation of the GDPR on the perception of the established benefits and challenges.

Europe's national regulators hold key to GDPR success

2019 ◽  
Keyword(s):  
Data Protection ◽  
Public Awareness ◽  
Personal Data ◽  
Content Type ◽  
General Data Protection Regulation ◽  
Right To Be Forgotten ◽  
General Data ◽  
The Right ◽  
Robust Regulation

Subject GDPR appraisal and outlook. Significance May 25, 2019 is the first anniversary of the EU’s General Data Protection Regulation (GDPR). The GDPR enhanced the rights of citizens regarding their personal data, including by giving them the ‘right to be forgotten’, and tightened controls on how organisations and businesses collect, store and process such data. Impacts A key shortcoming is ensuring the compliance of business beyond ‘big tech’. Public awareness of the GDPR in smaller EU states will lag that in larger states. Criticism of the Irish regulator will rise if it fails to demonstrate a clearer commitment towards robust regulation.

Retention in “the right to be forgotten” scenario: a records management examination

2016 ◽  
Vol 26 (3) ◽  
pp. 279-292 ◽  
Author(s):  
Sherry Li Xie
Keyword(s):  
Data Protection ◽  
Analytical Framework ◽  
Legal Framework ◽  
Records Management ◽  
Content Type ◽  
General Data Protection Regulation ◽  
Right To Be Forgotten ◽  
European Court ◽  
General Data ◽  
The Right

Purpose This paper, through examining the judgment on Case C-131/12 and the European Union (EU)’s Proposal for a General Data Protection Regulation, aims to demonstrate to the records management (RM) profession, the importance of being proactively involved in records creation identification and the challenges of performing sound retention analyses for newly emerging activities. It also serves as a call to the RM profession that more active participation in law-making processes is needed. Design/methodology/approach The research selects the current right to be forgotten phenomenon as an illuminating case and examines it with fundamental RM concepts and principles, in particular those relating to records creation and retention. The research process consists of three major parts: one, the establishment of an analytical framework based on RM theories; two, description of the selected case that is relevant to the analysis; and three, the application of the analytical framework to the described case. Findings Records retentions are much needed for the activities of data controllers that are now established by the most recent Judgment of the European Court of Justice pertinent to the right to be forgotten and the proposed General Data Protection Regulation. The determination of retention periods for such activities requires an RM framework that synthesizes the identification of digital records and the various types of value associated with the different usages of records. It is also observed that the data protection legal framework does not address RM considerations, or at least, not in any explicit, easily recognizable manners. Research limitations/implications Records retentions are much needed for the activities of data controllers and/or processors that are now required by the Judgment of the European Court of Justice and the proposed EU General Data Protection Regulation, yet the legal framework does not offer any assistance in establishing retentions. It is also observed that the data protection legal framework fully acknowledges the importance of records but fails to address RM considerations – at least, not in any explicit, easily recognizable manners. Practical implications The findings are expected to be instructive to data controllers and/or processors, in particular with respect to records creation identification and records retention establishment in their organizations. It is also expected that the observations generated during the analysis process could shed light on the development of the RM profession. Social implications The right to be forgotten in the digital world has newly acquired complications, and it has the potential to affect not just the privacy right but also the rights considered conflicting to it, such as the rights of freedom of press and freedom of expression/speech. Efficient and effective RM programs should be able to assist their parent organizations in dealing with this complicated situation through creating and managing records that support the compliance of regulatory requirements on the one hand and the balancing of competing rights on the other hand. Originality/value The research appears to be the first of its kind according to the literature search conducted within the accessibility scope of the researcher.

The impact of general data protection regulation on software engineering practices

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Luís Leite ◽  
Daniel Rodrigues dos Santos ◽  
Fernando Almeida
Keyword(s):  
Software Engineering ◽  
Software Development ◽  
Case Studies ◽  
Data Protection ◽  
Qualitative Methodology ◽  
Content Type ◽  
General Data Protection Regulation ◽  
General Data ◽  
Engineering Practices ◽  
The Impact

Purpose This paper aims to explore the changes imposed by the general data protection regulation (GDPR) on software engineering practices. The fundamental objective is to have a perception of the practices and phases that have experienced the greatest changes. Additionally, it aims to identify a set of good practices that can be adopted by software engineering companies. Design/methodology/approach This study uses a qualitative methodology through four case studies involving Portuguese software engineering companies. Two of these companies are small and medium enterprises (SMEs) while the other remaining two are micro-companies. The thematic analysis is adopted to identify patterns in the performed interviews. Findings The findings indicate that significant changes have occurred at all stages of software development. In particular, the initial stages of identifying requirements and modeling processes were the stages that experienced the greatest changes. On the opposite, the technical development phase has not noticeably changed but, nevertheless, it is necessary to look at the importance of training software developers for GDPR rules and practices. Research limitations/implications Two relevant limitations were identified as follows: only four case studies involving micro-companies and SMEs were considered, and only the traditional software development methodology was considered. The use of agile methodologies was not explored in this study and the findings can only be mainly applied to the waterfall model. Originality/value This study offers mainly practical contributions by identifying a set of challenges that are posed to software engineering companies by the implementation of GDPR. Through their knowledge, it is expected to help these companies to better prepare themselves and anticipate the challenges they will necessarily face.

scholarly journals How Has the General Data Protection Regulation Changed the Routine of a Public Authority in Romania?

2020 ◽  
Vol 3 (1) ◽  
pp. 17
Author(s):  
Kajcsa Andrea
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Public Authorities ◽  
General Data Protection Regulation ◽  
General Data ◽  
Data Portability ◽  
The Right ◽  
The Impact ◽  
The Eu ◽  
Public Bodies

The changes that have been brought about by the General Data Protection Regulation starting with May 2018 are complex and ambitious. The General Data Protection Regulation is one of the most wide ranging pieces of legislation passed by the EU in recent years, and it introduces many concepts that are yet to be fully discovered in practice, such as the right to be forgotten, data portability and data breach notification. This paper intends to analyze the main obligations that public bodies, particularly, have after the GDPR has entered into force, and to evaluate the impact this legislative act has on the routine activities carried out by public authorities in Romania. To reach our goal, we will make reference to the obligations that are specific to public administration authorities as well as to those that public bodies are exempted from. We will also analyze the national legislative measures adopted in Romania after GDPR started to be in force, and the degree to which these have particularized the way public bodies are allowed and obliged to process personal data in Romania.

European Data Protection Regulation, Journalism, and Traditional Publishers

2019 ◽  
Author(s):  
David Erdos
Keyword(s):  
New Media ◽  
Data Protection ◽  
Freedom Of Expression ◽  
Code Of Conduct ◽  
Academic Disciplines ◽  
General Data Protection Regulation ◽  
European Data ◽  
General Data ◽  
Professional Artists ◽  
Normative Perspective

This book explores the interface between European data protection and the freedom of expression activities of traditional journalism, professional artists, and both academic and non-academic writers from both an empirical and normative perspective. It draws on an exhaustive examination of both historical and contemporary public domain material and a comprehensive questionnaire of European Data Protection Authorities (DPAs). Empirically it is found that, notwithstanding an often confusing statutory landscape, DPAs have sought to develop an approach to regulating the journalistic media based on contextual rights balancing. However, they have struggled to secure a clear and specified criterion of strictness as regards standard-setting or a consistent and reliable approach to enforcement. DPAs have appeared even more confused as regards other traditional publishers, largely abstaining from regulating most professional artists and writers but attempting to subject all academic disciplines to onerous statutory restrictions established for medical, scientific, and related research. From these findings, it is argued that balancing contextual rights has value and should be both generalized across all traditional publishers and systematically and sensitively developed through structured and robust co-regulation. Such co-regulation should adopt the new code of conduct and monitoring provisions included in the General Data Protection Regulation (GDPR) as a broad guideline. DPAs should accord strong deference to any codes and monitoring bodies which verifiably meet the accredited criteria but must engage more proactively when these are absent. In any case, DPAs should also intervene directly as regards particularly serious or systematic issues and have an increasingly important role in ensuring a joined-up approach between traditional publishing and new media activity.

scholarly journals Transparency you can trust: Transparency requirements for artificial intelligence between legal norms and contextual concerns

2019 ◽  
Vol 6 (1) ◽  
pp. 205395171986054 ◽  
Author(s):  
Heike Felzmann ◽  
Eduard Fosch Villaronga ◽  
Christoph Lutz ◽  
Aurelia Tamò-Larrieux
Keyword(s):  
Artificial Intelligence ◽  
Data Protection ◽  
Contextual Factors ◽  
Information Provision ◽  
Human Robot Interaction ◽  
Future Research ◽  
General Data Protection Regulation ◽  
Wide Range ◽  
General Data ◽  
The Impact

Transparency is now a fundamental principle for data processing under the General Data Protection Regulation. We explore what this requirement entails for artificial intelligence and automated decision-making systems. We address the topic of transparency in artificial intelligence by integrating legal, social, and ethical aspects. We first investigate the ratio legis of the transparency requirement in the General Data Protection Regulation and its ethical underpinnings, showing its focus on the provision of information and explanation. We then discuss the pitfalls with respect to this requirement by focusing on the significance of contextual and performative factors in the implementation of transparency. We show that human–computer interaction and human-robot interaction literature do not provide clear results with respect to the benefits of transparency for users of artificial intelligence technologies due to the impact of a wide range of contextual factors, including performative aspects. We conclude by integrating the information- and explanation-based approach to transparency with the critical contextual approach, proposing that transparency as required by the General Data Protection Regulation in itself may be insufficient to achieve the positive goals associated with transparency. Instead, we propose to understand transparency relationally, where information provision is conceptualized as communication between technology providers and users, and where assessments of trustworthiness based on contextual factors mediate the value of transparency communications. This relational concept of transparency points to future research directions for the study of transparency in artificial intelligence systems and should be taken into account in policymaking.

The ethics of “smart” advertising and regulatory initiatives in the consumer intelligence industry

Info ◽  
2014 ◽  
Vol 16 (3) ◽  
pp. 22-39 ◽  
Author(s):  
Rachel L. Finn ◽  
Kush Wadhwa
Keyword(s):  
Data Protection ◽  
Ethical Issues ◽  
Mobile Media ◽  
Media Environment ◽  
Content Type ◽  
General Data Protection Regulation ◽  
Smart Surveillance ◽  
The Us ◽  
General Data ◽  
Consumer Intelligence

Purpose – This paper aims to study the ethics of “smart” advertising and regulatory initiatives in the consumer intelligence industry. Increasingly, online behavioural advertising strategies, especially in the mobile media environment, are being integrated with other existing and emerging technologies to create new techniques based on “smart” surveillance practices. These “smart” surveillance practices have ethical impacts including identifiability, inequality, a chilling effect, the objectification, exploitation and manipulation of consumers as well as information asymmetries. This article examines three regulatory initiatives – privacy-by-design considerations, the proposed General Data Protection Regulation of the EU and the US Do-Not-Track Online Act of 2013 – that have sought to address the privacy and data protection issues associated with these practices. Design/methodology/approach – The authors performed a critical literature review of academic, grey and journalistic publications surrounding behavioural advertising to identify the capabilities of existing and emerging advertising practices and their potential ethical impacts. This information was used to explore how well-proposed regulatory mechanisms might address current and emerging ethical and privacy issues in the emerging mobile media environment. Findings – The article concludes that all three regulatory initiatives fall short of providing adequate consumer and citizen protection in relation to online behavioural advertising as well as “smart” advertising. Originality/value – The article demonstrates that existing and proposed regulatory initiatives need to be amended to provide adequate citizen protection and describes how a focus on privacy and data protection does not address all of the ethical issues raised.

Sign in / Sign up

Export Citation Format

Share Document