The effects of voluntary GDPR adoption and the readability of privacy statements on customers’ information disclosure intention and trust

2019 ◽  
Vol 21 (2) ◽  
pp. 145-163 ◽  
Author(s):  
Yibo Zhang ◽  
Tawei Wang ◽  
Carol Hsu
Keyword(s):  
Information Disclosure ◽  
Policy Implications ◽  
Privacy Regulation ◽  
Content Type ◽  
General Data Protection Regulation ◽  
Positive Effects ◽  
Recent Debate ◽  
General Data ◽  
Voluntary Adoption ◽  
Privacy Statements

Purpose The purpose of this paper is to examine the impacts of companies’ voluntary adoption of the General Data Protection Regulation (GDPR) as well as the readability of privacy statements on US customers’ intention to disclose information and their trust in a company. Design/methodology/approach Building on the construal level theory and psychological distance, the authors conduct a 2 × 2 + 2 between-participants experiment with 255 participants. Findings The findings show that a company’s voluntary adoption of the GDPR has positive effects on customers’ intention to disclose information to and their trust in that company. In addition, the effects of GDPR adoption are stronger when the adopting company’s privacy statements possess a higher level of readability. Originality/value The authors believe this study poses policy implications for the outcomes of GDPR adoption and the recent debate on both a stricter data breach and privacy regulation.

Consumer Consent and Firm Targeting After GDPR: The Case of a Large Telecom Provider

2021 ◽  
Author(s):  
Miguel Godinho de Matos ◽  
Idris Adjerid
Keyword(s):  
Firm Behavior ◽  
Personal Information ◽  
Data Types ◽  
Privacy Regulation ◽  
General Data Protection Regulation ◽  
Consumer Privacy ◽  
General Data ◽  
Targeted Marketing ◽  
Dramatic Shift ◽  
Lock In

The general data protection regulation (GDPR) represents a dramatic shift in global privacy regulation. We focus on GDPR’s enhanced consumer consent requirements that aim to provide transparent and active elicitation of data allowances. We evaluate the effect of enhanced consent on consumer opt-in behavior and on firm behavior and outcomes after consent is solicited. Utilizing an experiment at a large telecommunications provider with operations in Europe, we find that opt-in for different data types and uses increased once GDPR-compliant consent was elicited. However, consumers did not uniformly increase data allowances and continued to generally restrict permissions for more sensitive or tangential uses of their personal information. We also find that sales, the efficacy of marketing communications, and contractual lock-in increased after consumers provided new data allowances. Additional analysis suggests that these gains to the firm emerged because new data allowances enabled them to increase their use of targeted marketing for households that were amenable to these marketing efforts. These results have significant implications for firms and policymakers and suggest that enhanced consent provided via GDPR may be effective for increasing consumer privacy protection while also allowing firms reliant on consumers’ personal information to improve outcomes. This paper was accepted by Chris Forman, information systems.

scholarly journals The EU General Data Protection Regulation (GDPR)

2020 ◽  
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Privacy Regulation ◽  
General Data Protection Regulation ◽  
Data Protection Directive ◽  
Ongoing Work ◽  
Protection Legislation ◽  
Recent Reform ◽  
General Data ◽  
The Eu

This new book provides an article-by-article commentary on the new EU General Data Protection Regulation. Adopted in April 2016 and applicable from May 2018, the GDPR is the centrepiece of the recent reform of the EU regulatory framework for protection of personal data. It replaces the 1995 EU Data Protection Directive and has become the most significant piece of data protection legislation anywhere in the world. This book is edited by three leading authorities and written by a team of expert specialists in the field from around the EU and representing different sectors (including academia, the EU institutions, data protection authorities, and the private sector), thus providing a pan-European analysis of the GDPR. It examines each article of the GDPR in sequential order and explains how its provisions work, thus allowing the reader to easily and quickly elucidate the meaning of individual articles. An introductory chapter provides an overview of the background to the GDPR and its place in the greater structure of EU law and human rights law. Account is also taken of closely linked legal instruments, such as the Directive on Data Protection and Law Enforcement that was adopted concurrently with the GDPR, and of the ongoing work on the proposed new E-Privacy Regulation.

The cyber-insurance market in Norway

2019 ◽  
Vol 28 (1) ◽  
pp. 54-67 ◽  
Author(s):  
Hayretdin Bahşi ◽  
Ulrik Franke ◽  
Even Langfeldt Friberg
Keyword(s):  
Insurance Market ◽  
Insurance Companies ◽  
Supply Side ◽  
Insurance Company ◽  
Marine Insurance ◽  
Structured Interviews ◽  
Content Type ◽  
General Data Protection Regulation ◽  
Cyber Insurance ◽  
General Data

Purpose This paper aims to describe the cyber-insurance market in Norway but offers conclusions that are interesting to a wider audience. Design/methodology/approach The study is based on semi-structured interviews with supply-side actors: six general insurance companies, one marine insurance company and two insurance intermediaries. Findings The Norwegian cyber-insurance market supply-side has grown significantly in the past two years. The General Data Protection Regulation (GDPR) is found to have had a modest effect on the market so far but has been used by the supply-side as an icebreaker to discuss cyber-insurance with customers. The NIS Directive has had little or no impact on the Norwegian cyber-insurance market until now. Informants also indicate that Norway is still the least mature of the four Nordic markets. Practical implications Some policy lessons for different stakeholders are identified. Originality/value Empirical investigation of cyber-insurance is still rare, and the paper offers original insights on market composition and actor motivations, ambiguity of coverage, the NIS Directive and GDPR.

The ethics of “smart” advertising and regulatory initiatives in the consumer intelligence industry

Info ◽  
2014 ◽  
Vol 16 (3) ◽  
pp. 22-39 ◽  
Author(s):  
Rachel L. Finn ◽  
Kush Wadhwa
Keyword(s):  
Data Protection ◽  
Ethical Issues ◽  
Mobile Media ◽  
Media Environment ◽  
Content Type ◽  
General Data Protection Regulation ◽  
Smart Surveillance ◽  
The Us ◽  
General Data ◽  
Consumer Intelligence

Purpose – This paper aims to study the ethics of “smart” advertising and regulatory initiatives in the consumer intelligence industry. Increasingly, online behavioural advertising strategies, especially in the mobile media environment, are being integrated with other existing and emerging technologies to create new techniques based on “smart” surveillance practices. These “smart” surveillance practices have ethical impacts including identifiability, inequality, a chilling effect, the objectification, exploitation and manipulation of consumers as well as information asymmetries. This article examines three regulatory initiatives – privacy-by-design considerations, the proposed General Data Protection Regulation of the EU and the US Do-Not-Track Online Act of 2013 – that have sought to address the privacy and data protection issues associated with these practices. Design/methodology/approach – The authors performed a critical literature review of academic, grey and journalistic publications surrounding behavioural advertising to identify the capabilities of existing and emerging advertising practices and their potential ethical impacts. This information was used to explore how well-proposed regulatory mechanisms might address current and emerging ethical and privacy issues in the emerging mobile media environment. Findings – The article concludes that all three regulatory initiatives fall short of providing adequate consumer and citizen protection in relation to online behavioural advertising as well as “smart” advertising. Originality/value – The article demonstrates that existing and proposed regulatory initiatives need to be amended to provide adequate citizen protection and describes how a focus on privacy and data protection does not address all of the ethical issues raised.

Why people need privacy? The role of privacy fatigue in app users' intention to disclose privacy: based on personality traits

2020 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Jie Tang ◽  
Umair Akram ◽  
Wenjing Shi
Keyword(s):  
Personality Traits ◽  
Information Disclosure ◽  
Personal Information ◽  
Mobile Apps ◽  
Equation Modeling ◽  
Content Type ◽  
Privacy Concerns ◽  
Positive Effects ◽  
Novel Concept ◽  
The Impact

PurposeMobile Applications (App) privacy has become a prominent social problem. Compared with privacy concerns, this study examines a relatively novel concept of privacy fatigue and explores its effect on the users’ intention to disclose their personal information via mobile Apps. In addition, the personality traits are proposed as antecedents that will induce the personal perception of privacy fatigue and privacy concerns differently.Design/methodology/approachData were collected from 426 respondents. Structure equation modeling was used to test the hypotheses.FindingsThe findings describe that App users’ intention toward personal information disclosure is determined by privacy fatigue and privacy concerns, but the former has a greater impact. With minor exceptions, the two factors are also influenced by different personality traits. Specifically, neuroticism has positive effects on privacy fatigue, but agreeableness and extraversion have presented the opposite results on the two variables.Practical implicationsThis research is very scarce to examine the joint effects of privacy fatigue, privacy concerns and personality traits on App users’ disclosing intention. In doing so, these results will be of benefit to App providers and platform managers and can be the basis for a variety of follow-up studies.Originality/valueWhile previous research just focuses on privacy concerns, this study explores the critical roles of privacy fatigue and opens up a new avenue of emotion-attitude analysis that can further increase the specificity and richness of users’ privacy research. Additionally, implications for personality traits as antecedents in the impact of App users’ privacy emotions and attitudes are discussed.

Data sharing, international property practices and the GDPR: communicating with your consumers

2020 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Lucy Cradduck ◽  
Scarlett Stevens ◽  
Matthew Cowan
Keyword(s):  
New Zealand ◽  
Relevant Information ◽  
Public Access ◽  
European Economic Area ◽  
The European Union ◽  
Content Type ◽  
General Data Protection Regulation ◽  
The Public ◽  
Business Partners ◽  
General Data

PurposeThe purpose of this paper is to examine the requirements of the General Data Protection Regulation (“GDPR”) in order to: identify its requirements for the Australian and New Zealand based members of multi-national property firms (“MNPF”); and understand how those firms are currently engaging with customers regarding the obligations the GDPR imposes.Design/methodology/approachThe research was undertaken by means of doctrinal legal research that engaged with statutory law, related policy documents, accessible private firm documents and website materials, and academic and other related writings. The authors considered these in the context of the GDPR's requirements, and how relevant obligations were communicated to the public on the MNPF Australian and New Zealand members' websites.FindingsThe research confirms the available literature's observations of the GDPR's broad reach and the firms to which it applies. The difficulties experienced in locating relevant information highlights the need for a change to firm processes to ensure that any communication obligations are met. The cases engaged with also serve to highlight the need to ensure that the actual practice is consistent with required GDPR processes.Research limitations/implicationsThe research faced three limitations. First: there was a limited number of relevant Australian and New Zealand based property related firms available to consider: not all property related firms were members of a MNPF or had business partners or customers/clients in the European Union or European Economic Area. Second: one of the relevant firms had already identified it was withdrawing from the Australian market. Third: there was a lack of public access to all materials as, while privacy policies as required by domestic laws were readily accessible, access was not readily available to GDPR related or required information or documents.Originality/valueThe research adds to the academic literature in this emerging area of international legal obligation.

Online streaming will transform media consumption

2019 ◽  
Keyword(s):  
Economies Of Scale ◽  
Content Type ◽  
General Data Protection Regulation ◽  
Online Platforms ◽  
The Media ◽  
General Data ◽  
Streaming Services ◽  
The Uk ◽  
Media Firms ◽  
Online Streaming

Subject Online streaming. Significance US media firms CBS and Viacom announced their merger yesterday, having split in 2006; this will create a 30-billion-dollar entity and economies of scale that will help the firm compete in online streaming. The UK telecoms regulator Ofcom’s annual media review on August 7 shows that 40% of viewers now watch TV and film largely through online video. Indeed, streaming on online platforms such as Twitch is becoming more popular than conventional media forms, and UK subscriptions to streaming services overtook subscriptions to traditional TV services for the first time last year. Impacts Competition will intensify -- AT&T, Comcast, Disney and Apple are starting streaming services to compete with Amazon, CBS, Hulu and Netflix. Online streaming has vast potential beyond the media, for example in training in sectors such as medicine, and in workplaces more broadly. Insufficient regulation of appropriate online content and advertising risks creating obstacles that may curb the rise of streaming. Methods will improve to monitor and punish illegal streaming, but cybersecurity will still struggle to keep pace. The EU General Data Protection Regulation is causing reports of data breaches to rise, risking reduced user faith in online platforms.

scholarly journals Apply or not to apply?

2020 ◽  
Vol 4 (2) ◽  
pp. 81-94
Author(s):  
Matúš Mesarčík
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
The European Union ◽  
Privacy Regulation ◽  
New Era ◽  
General Data Protection Regulation ◽  
Consumer Privacy ◽  
Privacy Act ◽  
General Data ◽  
The Eu

A new era of data protection laws arises after the adoption of the General Data Protection Regulation (GDPR) in the European Union. One of the newly adopted regulations of processing of personal data is Californian Consumer Privacy Act commonly referred to as CCPA. The article aims to fill the gap considering a deep analysis of the territorial scope of both acts and practical consequences of the application. The article starts with a brief overview of privacy regulation in the EU and USA. Introduction to GDPR and CCPA follows focusing on the territorial scope of respective legislation. Three scenarios of applicability are derived in the following part including practical examples.

Bulgarian public sector data breach reveals EU trend

2019 ◽  
Keyword(s):  
Public Sector ◽  
Data Privacy ◽  
Public Attention ◽  
Data Breach ◽  
Privacy And Security ◽  
Content Type ◽  
General Data Protection Regulation ◽  
High Profile ◽  
General Data ◽  
Sector Data

Subject Public sector and GDPR. Significance Public attention before and since the EU’s General Data Protection Regulation (GDPR) came into effect in May 2018 has largely focused on high-profile corporate data breaches and fines, such as recently at British Airways and the hotel chain Marriott. However, the data breach at the Bulgarian National Revenue Agency last month put public sector agencies, and their obligations under GDPR, under the spotlight. Impacts The upsurge in data breach notifications will stabilise as GDPR implementation progresses. Local public sector agencies are beginning to take data privacy and security seriously. Outsourcing of public services to private contractors is complicating cybersecurity.

GDPR compliance: proposed technical and organizational measures for cloud provider

2020 ◽  
Vol 28 (5) ◽  
pp. 665-680
Author(s):  
Zafeiroula Georgiopoulou ◽  
Eleni-Laskarina Makri ◽  
Costas Lambrinoudakis
Keyword(s):  
Data Centers ◽  
Cloud Provider ◽  
Content Type ◽  
General Data Protection Regulation ◽  
Platform As A Service ◽  
Cloud Providers ◽  
Compliance Requirements ◽  
Data Processor ◽  
General Data ◽  
Data Controller

Purpose The purpose of this paper is to give a brief guidance on what a cloud provider should consider and what further actions to take to comply with General Data Protection Regulation (GDPR). Design/methodology/approach This paper presents in detail the requirements for GDPR compliance of cloud computing environments, presents the GDPR roles (data controller and data processor) in a cloud environment and discusses the applicability of GDPR compliance requirements for each cloud architecture (Infrastructure as a Service, Platform as a Service, Software as a Service), proposes countermeasures for satisfying the aforementioned requirements and demonstrates the applicability of the aforementioned requirements and countermeasures to a PaaS environment offering services for building, testing, deploying and managing applications through cloud managed data centers. The applicability of the method has been demonstrated on in a PaaS environment that offers services for building, testing, deploying and managing applications through cloud managed data centers. Findings The results of the proposed GDPR compliance measures for cloud providers highlight the effort and criticality required from cloud providers to achieve compliance. Originality/value

Sign in / Sign up

Export Citation Format

Share Document