The ethics of “smart” advertising and regulatory initiatives in the consumer intelligence industry

Purpose – This paper aims to study the ethics of “smart” advertising and regulatory initiatives in the consumer intelligence industry. Increasingly, online behavioural advertising strategies, especially in the mobile media environment, are being integrated with other existing and emerging technologies to create new techniques based on “smart” surveillance practices. These “smart” surveillance practices have ethical impacts including identifiability, inequality, a chilling effect, the objectification, exploitation and manipulation of consumers as well as information asymmetries. This article examines three regulatory initiatives – privacy-by-design considerations, the proposed General Data Protection Regulation of the EU and the US Do-Not-Track Online Act of 2013 – that have sought to address the privacy and data protection issues associated with these practices. Design/methodology/approach – The authors performed a critical literature review of academic, grey and journalistic publications surrounding behavioural advertising to identify the capabilities of existing and emerging advertising practices and their potential ethical impacts. This information was used to explore how well-proposed regulatory mechanisms might address current and emerging ethical and privacy issues in the emerging mobile media environment. Findings – The article concludes that all three regulatory initiatives fall short of providing adequate consumer and citizen protection in relation to online behavioural advertising as well as “smart” advertising. Originality/value – The article demonstrates that existing and proposed regulatory initiatives need to be amended to provide adequate citizen protection and describes how a focus on privacy and data protection does not address all of the ethical issues raised.

Download Full-text

The benefits and challenges of general data protection regulation for the information technology sector

Digital Policy Regulation and Governance ◽

10.1108/dprg-05-2019-0039 ◽

2019 ◽

Vol 21 (5) ◽

pp. 510-524 ◽

Cited By ~ 3

Author(s):

Nazar Poritskiy ◽

Flávio Oliveira ◽

Fernando Almeida

Keyword(s):

Information Technology ◽

Data Protection ◽

The State ◽

Quantitative Methodology ◽

Content Type ◽

General Data Protection Regulation ◽

European Data ◽

General Data ◽

The Right ◽

The Impact

PurposeThe implementation of European data protection is a challenge for businesses and has imposed legal, technical and organizational changes for companies. This study aims to explore the benefits and challenges that companies operating in the information technology (IT) sector have experienced in applying the European data protection. Additionally, this study aims to explore whether the benefits and challenges faced by these companies were different considering their dimension and the state of implementation of the regulation.Design/methodology/approachThis study adopts a quantitative methodology, based on a survey conducted with Portuguese IT companies. The survey is composed of 30 questions divided into three sections, namely, control data; assessment; and benefits and challenges. The survey was created on Google Drive and distributed among Portuguese IT companies between March and April of 2019. The data were analyzed using the Stata software using descriptive and inferential analysis techniques using the ANOVA one-way test.FindingsA total of 286 responses were received. The main benefits identified by the application of European data protection include increased confidence and legal clarification. On the other hand, the main challenges include the execution of audits to systems and processes and the application of the right to erasure. The findings allow us to conclude that the state of implementation of the general data protection regulation (GDPR), and the type of company are discriminating factors in the perception of benefits and challenges.Research limitations/implicationsThis study has essentially practical implications. Based on the synthesis of the benefits and challenges posed by the adoption of European data protection, it is possible to assess the relative importance and impact of the benefits and challenges faced by companies in the IT sector. However, this study does not explore the type of challenges that are placed at each stage of the adoption of European data protection and does not take into account the specificities of the activities carried out by each of these companies.Originality/valueThe implementation of the GDPR is still in an initial phase. This study is pioneering in synthesizing the main benefits and challenges of its adoption considering the companies operating in the IT sector. Furthermore, this study explores the impact of the size of the company and the status of implementation of the GDPR on the perception of the established benefits and challenges.

Download Full-text

Blockchain can both enhance and undermine compliance but is not inherently at odds with EU privacy laws

Journal of Investment Compliance ◽

10.1108/joic-10-2020-0037 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Lokke Moerel ◽

Marijn Storm

Keyword(s):

Data Protection ◽

Design Methodology ◽

New Technology ◽

Extensive Experience ◽

Content Type ◽

General Data Protection Regulation ◽

Blockchain Technology ◽

Privacy Laws ◽

General Data ◽

The Eu

Purpose To explain the authors’ position that the use of blockchain technology is not incompatible with European Union privacy laws and in particular the EU General Data Protection Regulation (GDPR). Design/methodology/approach Explains the basics of blockchain technology and the GDPR, several reasons why some scholars consider BC not to be compatible with the GDPR, and why the authors believe that the GDPR will be able to regulate the use of blockchain technology. Findings The current perception is that blockchain is not compatible with EU privacy laws. The authors disagree that this is the case and explain why none of the issues identified by legal scholars and stakeholders are likely to pose issues for blockchain technology. Their conclusion is that EU privacy laws are well able to regulate also this new technology. This does however not mean that blockchain will thus be suitable for all use and deployment cases. Originality/value Practical guidance and explanation of complex issues by lawyers with extensive experience and expertise in dealing with data protection, cybersecurity, privacy, intellectual property and related issues.

Download Full-text

Brazil’s data protection failings may harm innovation

Emerald Expert Briefings ◽

10.1108/oxan-db243546 ◽

2019 ◽

Keyword(s):

Data Protection ◽

Digital Economy ◽

Content Type ◽

General Data Protection Regulation ◽

Data Protection Authority ◽

Protection Legislation ◽

General Data ◽

Data Protection Law ◽

Set Up ◽

Protection Authority

Subject Brazil's new data protection law. Significance Brazil’s General Data Protection Law (LGPD) will come into effect in August 2020. Largely mirroring the EU’s General Data Protection Regulation (GDPR), the new legislation seeks to strengthen citizen privacy while also giving legal certainty to businesses engaging in data transfers. However, unlike EU jurisdictions, Brazil will not set up an autonomous data authority to enforce its legislation. Rather, its new National Data Protection Authority (ANPD) will be directly linked to the presidency and have no budgetary independence. Impacts A reduced talent pool will limit the growth of Brazilian firms in the digital economy. Shortages of relevant talent will affect companies’ ability to innovate. The shortcomings of Brazil’s data protection legislation could add a serious hurdle to the development of its digital economy.

Download Full-text

Brexit will not defy EU data protection gold standard

Emerald Expert Briefings ◽

10.1108/oxan-db223827 ◽

2017 ◽

Keyword(s):

Data Protection ◽

Gold Standard ◽

Content Type ◽

General Data Protection Regulation ◽

General Data ◽

Uk Government ◽

The Uk ◽

The Eu

Subject Data protection and Brexit. Significance On August 7 the UK government announced plans to unveil by year-end a Data Protection Bill to transfer into UK law the EU General Data Protection Regulation (GDPR), which takes effect on May 25, 2018. Impacts Large UK-based businesses have been preparing for the GDPR, but smaller ones have not and are unlikely to be compliant by the deadline. To reduce the risk to business, the UK government may seek to include GDPR compliance in any Brexit transition agreement. Although perfect ‘cyber resilience’ is impossible, demand for such services will increase.

Download Full-text

Europe's national regulators hold key to GDPR success

Emerald Expert Briefings ◽

10.1108/oxan-db243916 ◽

2019 ◽

Keyword(s):

Data Protection ◽

Public Awareness ◽

Personal Data ◽

Content Type ◽

General Data Protection Regulation ◽

Right To Be Forgotten ◽

General Data ◽

The Right ◽

Robust Regulation

Subject GDPR appraisal and outlook. Significance May 25, 2019 is the first anniversary of the EU’s General Data Protection Regulation (GDPR). The GDPR enhanced the rights of citizens regarding their personal data, including by giving them the ‘right to be forgotten’, and tightened controls on how organisations and businesses collect, store and process such data. Impacts A key shortcoming is ensuring the compliance of business beyond ‘big tech’. Public awareness of the GDPR in smaller EU states will lag that in larger states. Criticism of the Irish regulator will rise if it fails to demonstrate a clearer commitment towards robust regulation.

Download Full-text

Web Data and the Relationship Between the General Data Protection Regulation in Europe and Brazil

Digital Transformation and Challenges to Data Security and Privacy - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-4201-9.ch013 ◽

2021 ◽

pp. 222-233

Author(s):

Moisés Rockembach ◽

Armando Malheiro da Silva

Keyword(s):

Business Model ◽

Data Protection ◽

Data Privacy ◽

Ethical Issues ◽

Personal Data ◽

Web Data ◽

General Data Protection Regulation ◽

Regulatory Instruments ◽

General Data ◽

The Relationship

From the consolidation of the application of European data protection regulations and the recent adoption of Brazilian data protection regulations, we are faced with a scenario that crosses borders. In a world marked by companies whose business model is the analysis and commercialization of personal data and of governments that use their citizens' data for control and surveillance, it is imperative to discuss the necessary characteristics to foster a society that respects ethical and legal values regarding data privacy and consented uses there; the authors address concepts and cases that they consider important for the establishment of reflections on the use of web data. They also take into account ethical issues and regulatory instruments in Europe and Brazil, analyzing the strongness and weaknesses in the implementation of data protection and privacy.

Download Full-text

Retention in “the right to be forgotten” scenario: a records management examination

Records Management Journal ◽

10.1108/rmj-11-2015-0038 ◽

2016 ◽

Vol 26 (3) ◽

pp. 279-292 ◽

Cited By ~ 2

Author(s):

Sherry Li Xie

Keyword(s):

Data Protection ◽

Analytical Framework ◽

Legal Framework ◽

Records Management ◽

Content Type ◽

General Data Protection Regulation ◽

Right To Be Forgotten ◽

European Court ◽

General Data ◽

The Right

Purpose This paper, through examining the judgment on Case C-131/12 and the European Union (EU)’s Proposal for a General Data Protection Regulation, aims to demonstrate to the records management (RM) profession, the importance of being proactively involved in records creation identification and the challenges of performing sound retention analyses for newly emerging activities. It also serves as a call to the RM profession that more active participation in law-making processes is needed. Design/methodology/approach The research selects the current right to be forgotten phenomenon as an illuminating case and examines it with fundamental RM concepts and principles, in particular those relating to records creation and retention. The research process consists of three major parts: one, the establishment of an analytical framework based on RM theories; two, description of the selected case that is relevant to the analysis; and three, the application of the analytical framework to the described case. Findings Records retentions are much needed for the activities of data controllers that are now established by the most recent Judgment of the European Court of Justice pertinent to the right to be forgotten and the proposed General Data Protection Regulation. The determination of retention periods for such activities requires an RM framework that synthesizes the identification of digital records and the various types of value associated with the different usages of records. It is also observed that the data protection legal framework does not address RM considerations, or at least, not in any explicit, easily recognizable manners. Research limitations/implications Records retentions are much needed for the activities of data controllers and/or processors that are now required by the Judgment of the European Court of Justice and the proposed EU General Data Protection Regulation, yet the legal framework does not offer any assistance in establishing retentions. It is also observed that the data protection legal framework fully acknowledges the importance of records but fails to address RM considerations – at least, not in any explicit, easily recognizable manners. Practical implications The findings are expected to be instructive to data controllers and/or processors, in particular with respect to records creation identification and records retention establishment in their organizations. It is also expected that the observations generated during the analysis process could shed light on the development of the RM profession. Social implications The right to be forgotten in the digital world has newly acquired complications, and it has the potential to affect not just the privacy right but also the rights considered conflicting to it, such as the rights of freedom of press and freedom of expression/speech. Efficient and effective RM programs should be able to assist their parent organizations in dealing with this complicated situation through creating and managing records that support the compliance of regulatory requirements on the one hand and the balancing of competing rights on the other hand. Originality/value The research appears to be the first of its kind according to the literature search conducted within the accessibility scope of the researcher.

Download Full-text

The impact of general data protection regulation on software engineering practices

Information and Computer Security ◽

10.1108/ics-03-2020-0043 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Luís Leite ◽

Daniel Rodrigues dos Santos ◽

Fernando Almeida

Keyword(s):

Software Engineering ◽

Software Development ◽

Case Studies ◽

Data Protection ◽

Qualitative Methodology ◽

Content Type ◽

General Data Protection Regulation ◽

General Data ◽

Engineering Practices ◽

The Impact

Purpose This paper aims to explore the changes imposed by the general data protection regulation (GDPR) on software engineering practices. The fundamental objective is to have a perception of the practices and phases that have experienced the greatest changes. Additionally, it aims to identify a set of good practices that can be adopted by software engineering companies. Design/methodology/approach This study uses a qualitative methodology through four case studies involving Portuguese software engineering companies. Two of these companies are small and medium enterprises (SMEs) while the other remaining two are micro-companies. The thematic analysis is adopted to identify patterns in the performed interviews. Findings The findings indicate that significant changes have occurred at all stages of software development. In particular, the initial stages of identifying requirements and modeling processes were the stages that experienced the greatest changes. On the opposite, the technical development phase has not noticeably changed but, nevertheless, it is necessary to look at the importance of training software developers for GDPR rules and practices. Research limitations/implications Two relevant limitations were identified as follows: only four case studies involving micro-companies and SMEs were considered, and only the traditional software development methodology was considered. The use of agile methodologies was not explored in this study and the findings can only be mainly applied to the waterfall model. Originality/value This study offers mainly practical contributions by identifying a set of challenges that are posed to software engineering companies by the implementation of GDPR. Through their knowledge, it is expected to help these companies to better prepare themselves and anticipate the challenges they will necessarily face.

Download Full-text