Data sharing, international property practices and the GDPR: communicating with your consumers

PurposeThe purpose of this paper is to examine the requirements of the General Data Protection Regulation (“GDPR”) in order to: identify its requirements for the Australian and New Zealand based members of multi-national property firms (“MNPF”); and understand how those firms are currently engaging with customers regarding the obligations the GDPR imposes.Design/methodology/approachThe research was undertaken by means of doctrinal legal research that engaged with statutory law, related policy documents, accessible private firm documents and website materials, and academic and other related writings. The authors considered these in the context of the GDPR's requirements, and how relevant obligations were communicated to the public on the MNPF Australian and New Zealand members' websites.FindingsThe research confirms the available literature's observations of the GDPR's broad reach and the firms to which it applies. The difficulties experienced in locating relevant information highlights the need for a change to firm processes to ensure that any communication obligations are met. The cases engaged with also serve to highlight the need to ensure that the actual practice is consistent with required GDPR processes.Research limitations/implicationsThe research faced three limitations. First: there was a limited number of relevant Australian and New Zealand based property related firms available to consider: not all property related firms were members of a MNPF or had business partners or customers/clients in the European Union or European Economic Area. Second: one of the relevant firms had already identified it was withdrawing from the Australian market. Third: there was a lack of public access to all materials as, while privacy policies as required by domestic laws were readily accessible, access was not readily available to GDPR related or required information or documents.Originality/valueThe research adds to the academic literature in this emerging area of international legal obligation.

Download Full-text

In/acceptable marketing and consumers' privacy expectations: four tests from EU data protection law

Journal of Consumer Marketing ◽

10.1108/jcm-03-2021-4571 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Gianclaudio Malgieri

Keyword(s):

Data Protection ◽

Legal Framework ◽

Online Marketing ◽

Step Test ◽

The European Union ◽

Content Type ◽

General Data Protection Regulation ◽

Managerial Implications ◽

Data Protection Law ◽

Legal Frameworks

Purpose This study aims to discover the legal borderline between licit online marketing and illicit privacy-intrusive and manipulative marketing, considering in particular consumers’ expectations of privacy. Design/methodology/approach A doctrinal legal research methodology is applied throughout with reference to the relevant legislative frameworks. In particular, this study analyzes the European Union (EU) data protection law [General Data Protection Regulation (GDPR)] framework (as it is one of the most advanced privacy laws in the world, with strong extra-territorial impact in other countries and consequent risks of high fines), as compared to privacy scholarship on the field and extract a compliance framework for marketers. Findings The GDPR is a solid compliance framework that can help to distinguish licit marketing from illicit one. It brings clarity through four legal tests: fairness test, lawfulness test, significant effect test and the high-risk test. The performance of these tests can be beneficial to consumers and marketers in particular considering that meeting consumers’ expectation of privacy can enhance their trust. A solution for marketers to respect and leverage consumers’ privacy expectations is twofold: enhancing critical transparency and avoiding the exploitation of individual vulnerabilities. Research limitations/implications This study is limited to the European legal framework scenario and to theoretical analysis. Further research is necessary to investigate other legal frameworks and to prove this model in practice, measuring not only the consumers’ expectation of privacy in different contexts but also the practical managerial implications of the four GDPR tests for marketers. Originality/value This study originally contextualizes the most recent privacy scholarship on online manipulation within the EU legal framework, proposing an easy and accessible four-step test and twofold solution for marketers. Such a test might be beneficial both for marketers and for consumers’ expectations of privacy.

Download Full-text

Data Sharing Under the General Data Protection Regulation

Hypertension ◽

10.1161/hypertensionaha.120.16340 ◽

2021 ◽

Vol 77 (4) ◽

pp. 1029-1035

Author(s):

Antonia Vlahou ◽

Dara Hallinan ◽

Rolf Apweiler ◽

Angel Argiles ◽

Joachim Beige ◽

...

Keyword(s):

European Union ◽

Data Protection ◽

Personal Data ◽

Research Approach ◽

The European Union ◽

General Data Protection Regulation ◽

Personal Data Protection ◽

Protection Legislation ◽

General Data ◽

Almost All

The General Data Protection Regulation (GDPR) became binding law in the European Union Member States in 2018, as a step toward harmonizing personal data protection legislation in the European Union. The Regulation governs almost all types of personal data processing, hence, also, those pertaining to biomedical research. The purpose of this article is to highlight the main practical issues related to data and biological sample sharing that biomedical researchers face regularly, and to specify how these are addressed in the context of GDPR, after consulting with ethics/legal experts. We identify areas in which clarifications of the GDPR are needed, particularly those related to consent requirements by study participants. Amendments should target the following: (1) restricting exceptions based on national laws and increasing harmonization, (2) confirming the concept of broad consent, and (3) defining a roadmap for secondary use of data. These changes will be achieved by acknowledged learned societies in the field taking the lead in preparing a document giving guidance for the optimal interpretation of the GDPR, which will be finalized following a period of commenting by a broad multistakeholder audience. In parallel, promoting engagement and education of the public in the relevant issues (such as different consent types or residual risk for re-identification), on both local/national and international levels, is considered critical for advancement. We hope that this article will open this broad discussion involving all major stakeholders, toward optimizing the GDPR and allowing a harmonized transnational research approach.

Download Full-text

Location Privacy in the Wake of the GDPR

10.20944/preprints201902.0227.v1 ◽

2019 ◽

Author(s):

Yola Georgiadou ◽

Rolf de By ◽

Ourania Kounadi

Keyword(s):

Data Protection ◽

Location Privacy ◽

Cultural Theory ◽

Personal Data ◽

The European Union ◽

General Data Protection Regulation ◽

Digital Ecosystem ◽

Protection Legislation ◽

General Data ◽

Conducting Research

The General Data Protection Regulation (GDPR) protects the personal data of natural persons and at the same time allows the free movement of such data within the European Union (EU). Hailed as majestic by admirers and dismissed as protectionist by critics, the Regulation is expected to have a profound impact around the world, including in the African Union (AU). For European–African consortia conducting research that may affect the privacy of African citizens, the question is ‘how to protect personal data of data subjects while at the same time ensuring a just distribution of the benefits of a global digital ecosystem?’ We use location privacy as a point of departure, because information about an individual’s location is different from other kinds of personally identifiable information. We analyse privacy at two levels, individual and cultural. Our perspective is interdisciplinary: we draw from computer science to describe three scenarios of transformation of volunteered/observed information to inferred information about a natural person and from cultural theory to distinguish four privacy cultures emerging within the EU in the wake of GDPR. We highlight recent data protection legislation in the AU and discuss factors that may accelerate or inhibit the alignment of data protection legislation in the AU with the GDPR.

Download Full-text

Public engagement and dialogic accounting through social media during COVID-19 crisis: a missed opportunity?

Accounting Auditing & Accountability Journal ◽

10.1108/aaaj-08-2020-4884 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Stefano Landi ◽

Antonio Costantini ◽

Marco Fasan ◽

Michele Bonazzi

Keyword(s):

Public Health ◽

Social Media ◽

New Zealand ◽

Public Engagement ◽

Fake News ◽

Public Agencies ◽

Content Type ◽

Public Health Agencies ◽

The Public ◽

Health Agencies

PurposeThe purpose of this exploratory study is to investigate why and how public health agencies employed social media during coronavirus disease 2019 (COVID-19) outbreak to foster public engagement and dialogic accounting.Design/methodology/approachThe authors analysed the official Facebook pages of the leading public agencies for health crisis in Italy, United Kingdom and New Zealand and they collected data on the number of posts, popularity, commitment and followers before and during the outbreak. The authors also performed a content analysis to identify the topics covered by the posts.FindingsEmpirical results suggest that social media has been extensively used as a public engagement tool in all three countries under analysis but – because of legitimacy threats and resource scarcity – it has also been used as a dialogic accounting tool only in New Zealand. Findings suggest that fake news developed more extensively in contexts where the public body did not foster dialogic accounting.Practical implicationsPublic agencies may be interested in knowing the pros and cons of using social media as a public engagement and dialogic accounting tool. They may also leverage on dialogic accounting to limit fake news.Originality/valueThis study is one of the first to look at the nature and role of social media as an accountability tool during public health crises. In many contexts, COVID-19 forced for the first time public health agencies to heavily engage with the public and to develop new skills, so this study paves the way for numerous future research ideas.

Download Full-text

Analysis of the US Privacy Model

Research Anthology on Privatizing and Securing Data ◽

10.4018/978-1-7998-8954-0.ch087 ◽

2021 ◽

pp. 1818-1825

Author(s):

Francisco García Martínez

Keyword(s):

Data Privacy ◽

Personal Information ◽

National Level ◽

The United States ◽

The European Union ◽

General Data Protection Regulation ◽

Privacy Laws ◽

The Us ◽

General Data ◽

State Of Art

The creation of the General Data Protection Regulation (GDPR) constituted an enormous advance in data privacy, empowering the online consumers, who were doomed to the complete loss of control of their personal information. Although it may first seem that it only affects companies within the European Union, the regulation clearly states that every company who has businesses in the EU must be compliant with the GDPR. Other non-EU countries, like the United States, have seen the benefits of the GDPR and are already developing their own privacy laws. In this article, the most important updates introduced by the GDPR concerning US corporations will be discussed, as well as how American companies can become compliant with the regulation. Besides, a comparison between the GDPR and the state of art of privacy in the US will be presented, highlighting similarities and disparities at the national level and in states of particular interest.

Download Full-text

The Second Internet: The Brussels Bourgeois Internet

Four Internets ◽

10.1093/oso/9780197523681.003.0007 ◽

2021 ◽

pp. 77-91

Author(s):

Kieron O’Hara

Keyword(s):

European Union ◽

Public Space ◽

Data Protection ◽

The European Union ◽

Privacy Rights ◽

General Data Protection Regulation ◽

Internet Privacy ◽

Data Protection Directive ◽

General Data ◽

Data Protection Law

This chapter describes the Brussels Bourgeois Internet. The ideal consists of positive, managed liberty where rights of others are respected, as in the bourgeois public space, where liberty follows only when rights are secured. The exemplar of this approach is the European Union, which uses administrative means, soft law, and regulation to project its vision across the Internet. Privacy and data protection have become the most emblematic struggles. Under the Data Protection Directive of 1995, the European Union developed data-protection law and numerous privacy rights, including a right to be forgotten, won in a case against Google Spain in 2014, the arguments about which are dissected. The General Data Protection Regulation (GDPR) followed in 2018, amplifying this approach. GDPR is having the effect of enforcing European data-protection law on international players (the ‘Brussels effect’), while the European Union over the years has developed unmatched expertise in data-protection law.

Download Full-text

The cyber-insurance market in Norway

Information and Computer Security ◽

10.1108/ics-01-2019-0012 ◽

2019 ◽

Vol 28 (1) ◽

pp. 54-67 ◽

Cited By ~ 1

Author(s):

Hayretdin Bahşi ◽

Ulrik Franke ◽

Even Langfeldt Friberg

Keyword(s):

Insurance Market ◽

Insurance Companies ◽

Supply Side ◽

Insurance Company ◽

Marine Insurance ◽

Structured Interviews ◽

Content Type ◽

General Data Protection Regulation ◽

Cyber Insurance ◽

General Data

Purpose This paper aims to describe the cyber-insurance market in Norway but offers conclusions that are interesting to a wider audience. Design/methodology/approach The study is based on semi-structured interviews with supply-side actors: six general insurance companies, one marine insurance company and two insurance intermediaries. Findings The Norwegian cyber-insurance market supply-side has grown significantly in the past two years. The General Data Protection Regulation (GDPR) is found to have had a modest effect on the market so far but has been used by the supply-side as an icebreaker to discuss cyber-insurance with customers. The NIS Directive has had little or no impact on the Norwegian cyber-insurance market until now. Informants also indicate that Norway is still the least mature of the four Nordic markets. Practical implications Some policy lessons for different stakeholders are identified. Originality/value Empirical investigation of cyber-insurance is still rare, and the paper offers original insights on market composition and actor motivations, ambiguity of coverage, the NIS Directive and GDPR.

Download Full-text

Information security frameworks for assisting GDPR compliance in banking industry

Digital Policy Regulation and Governance ◽

10.1108/dprg-02-2020-0019 ◽

2020 ◽

Vol 22 (3) ◽

pp. 227-244

Author(s):

João Serrado ◽

Ruben Filipe Pereira ◽

Miguel Mira da Silva ◽

Isaías Scalabrin Bianchi

Keyword(s):

European Union ◽

Information Security ◽

Design Science ◽

Science Research ◽

Research Process ◽

The Body ◽

The European Union ◽

Structured Interviews ◽

Content Type ◽

General Data Protection Regulation

Purpose Data can nowadays be seen as the main asset of organizations and data leaks have a considerable impact on the organization’s image, revenues and possible consequences to the affected clients. One of the most critical industries is the bank. Information security frameworks (ISF) have been created to assist organizations and other frameworks evolved to update these domain practices. Recently, the European Union decided to create the general data protection regulation (GDPR), applicable to all organizations dealing with personal data of citizens residing in the European Union. Although considered a general regulation, GDPR implementation needs to align with some industries’ laws and policies. Especially in the Bank industry. How these ISF can assist the implementation of GDPR is not clear. Design/methodology/approach The design science research process was followed and semi-structured interviews performed. Findings A list of practices to assist the bank industry in GDPR implementation is provided. How each practice map with assessed ISF and GDPR requirements is also presented. Research limitations/implications As GDPR is a relatively recent subject, it is hard to find experts in the area. It is more difficult if the authors intend to find experienced people in the GDPR and bank industry. That is one of the main reasons this study does not include more interviews. Originality/value This research provides a novel artefact to the body of knowledge. The proposed artefact lists which ISF practices banks should implement to comply with GDPR. By doing it the artefact provides a centralized view about which ISF frameworks (or part of them) could be implemented to help banks comply with GDPR.

Download Full-text

The ethics of “smart” advertising and regulatory initiatives in the consumer intelligence industry

Info ◽

10.1108/info-12-2013-0059 ◽

2014 ◽

Vol 16 (3) ◽

pp. 22-39 ◽

Cited By ~ 4

Author(s):

Rachel L. Finn ◽

Kush Wadhwa

Keyword(s):

Data Protection ◽

Ethical Issues ◽

Mobile Media ◽

Media Environment ◽

Content Type ◽

General Data Protection Regulation ◽

Smart Surveillance ◽

The Us ◽

General Data ◽

Consumer Intelligence

Purpose – This paper aims to study the ethics of “smart” advertising and regulatory initiatives in the consumer intelligence industry. Increasingly, online behavioural advertising strategies, especially in the mobile media environment, are being integrated with other existing and emerging technologies to create new techniques based on “smart” surveillance practices. These “smart” surveillance practices have ethical impacts including identifiability, inequality, a chilling effect, the objectification, exploitation and manipulation of consumers as well as information asymmetries. This article examines three regulatory initiatives – privacy-by-design considerations, the proposed General Data Protection Regulation of the EU and the US Do-Not-Track Online Act of 2013 – that have sought to address the privacy and data protection issues associated with these practices. Design/methodology/approach – The authors performed a critical literature review of academic, grey and journalistic publications surrounding behavioural advertising to identify the capabilities of existing and emerging advertising practices and their potential ethical impacts. This information was used to explore how well-proposed regulatory mechanisms might address current and emerging ethical and privacy issues in the emerging mobile media environment. Findings – The article concludes that all three regulatory initiatives fall short of providing adequate consumer and citizen protection in relation to online behavioural advertising as well as “smart” advertising. Originality/value – The article demonstrates that existing and proposed regulatory initiatives need to be amended to provide adequate citizen protection and describes how a focus on privacy and data protection does not address all of the ethical issues raised.

Download Full-text