Consumer Consent and Firm Targeting After GDPR: The Case of a Large Telecom Provider

2021 ◽  
Author(s):  
Miguel Godinho de Matos ◽  
Idris Adjerid
Keyword(s):  
Firm Behavior ◽  
Personal Information ◽  
Data Types ◽  
Privacy Regulation ◽  
General Data Protection Regulation ◽  
Consumer Privacy ◽  
General Data ◽  
Targeted Marketing ◽  
Dramatic Shift ◽  
Lock In

The general data protection regulation (GDPR) represents a dramatic shift in global privacy regulation. We focus on GDPR’s enhanced consumer consent requirements that aim to provide transparent and active elicitation of data allowances. We evaluate the effect of enhanced consent on consumer opt-in behavior and on firm behavior and outcomes after consent is solicited. Utilizing an experiment at a large telecommunications provider with operations in Europe, we find that opt-in for different data types and uses increased once GDPR-compliant consent was elicited. However, consumers did not uniformly increase data allowances and continued to generally restrict permissions for more sensitive or tangential uses of their personal information. We also find that sales, the efficacy of marketing communications, and contractual lock-in increased after consumers provided new data allowances. Additional analysis suggests that these gains to the firm emerged because new data allowances enabled them to increase their use of targeted marketing for households that were amenable to these marketing efforts. These results have significant implications for firms and policymakers and suggest that enhanced consent provided via GDPR may be effective for increasing consumer privacy protection while also allowing firms reliant on consumers’ personal information to improve outcomes. This paper was accepted by Chris Forman, information systems.

scholarly journals Apply or not to apply?

2020 ◽  
Vol 4 (2) ◽  
pp. 81-94
Author(s):  
Matúš Mesarčík
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
The European Union ◽  
Privacy Regulation ◽  
New Era ◽  
General Data Protection Regulation ◽  
Consumer Privacy ◽  
Privacy Act ◽  
General Data ◽  
The Eu

A new era of data protection laws arises after the adoption of the General Data Protection Regulation (GDPR) in the European Union. One of the newly adopted regulations of processing of personal data is Californian Consumer Privacy Act commonly referred to as CCPA. The article aims to fill the gap considering a deep analysis of the territorial scope of both acts and practical consequences of the application. The article starts with a brief overview of privacy regulation in the EU and USA. Introduction to GDPR and CCPA follows focusing on the territorial scope of respective legislation. Three scenarios of applicability are derived in the following part including practical examples.

scholarly journals The EU General Data Protection Regulation (GDPR)

2020 ◽  
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Privacy Regulation ◽  
General Data Protection Regulation ◽  
Data Protection Directive ◽  
Ongoing Work ◽  
Protection Legislation ◽  
Recent Reform ◽  
General Data ◽  
The Eu

This new book provides an article-by-article commentary on the new EU General Data Protection Regulation. Adopted in April 2016 and applicable from May 2018, the GDPR is the centrepiece of the recent reform of the EU regulatory framework for protection of personal data. It replaces the 1995 EU Data Protection Directive and has become the most significant piece of data protection legislation anywhere in the world. This book is edited by three leading authorities and written by a team of expert specialists in the field from around the EU and representing different sectors (including academia, the EU institutions, data protection authorities, and the private sector), thus providing a pan-European analysis of the GDPR. It examines each article of the GDPR in sequential order and explains how its provisions work, thus allowing the reader to easily and quickly elucidate the meaning of individual articles. An introductory chapter provides an overview of the background to the GDPR and its place in the greater structure of EU law and human rights law. Account is also taken of closely linked legal instruments, such as the Directive on Data Protection and Law Enforcement that was adopted concurrently with the GDPR, and of the ongoing work on the proposed new E-Privacy Regulation.

Analysis of the US Privacy Model

2021 ◽  
pp. 1818-1825
Author(s):  
Francisco García Martínez
Keyword(s):  
Data Privacy ◽  
Personal Information ◽  
National Level ◽  
The United States ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Privacy Laws ◽  
The Us ◽  
General Data ◽  
State Of Art

The creation of the General Data Protection Regulation (GDPR) constituted an enormous advance in data privacy, empowering the online consumers, who were doomed to the complete loss of control of their personal information. Although it may first seem that it only affects companies within the European Union, the regulation clearly states that every company who has businesses in the EU must be compliant with the GDPR. Other non-EU countries, like the United States, have seen the benefits of the GDPR and are already developing their own privacy laws. In this article, the most important updates introduced by the GDPR concerning US corporations will be discussed, as well as how American companies can become compliant with the regulation. Besides, a comparison between the GDPR and the state of art of privacy in the US will be presented, highlighting similarities and disparities at the national level and in states of particular interest.

An Overview of Recent Development in Privacy Regulations and Future Research Opportunities

2021 ◽  
pp. 1-14
Author(s):  
Tawei Wang ◽  
Yen-Yao Wang
Keyword(s):  
Economic Consequences ◽  
Future Research ◽  
Research Opportunities ◽  
General Data Protection Regulation ◽  
Consumer Privacy ◽  
Privacy Act ◽  
General Data ◽  
Security Compliance ◽  
New Research ◽  
Data Broker

This chapter provides an overview of several recently proposed or passed privacy-related regulations, including General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Illinois Video Interview Act, Data Broker Regulations in Vermont, and Privacy Bill of Rights Act, and related but very limited studies. Toward the end, several research opportunities are discussed. These research opportunities include (1) economic consequences of these new regulations and (2) the new research framework to capture novel features of these regulations to explain security compliance. The authors further discuss possible research designs to address the proposed research opportunities. This chapter provides both professionals and researchers additional insights on the regulation of privacy issues.

Analysis of the US Privacy Model

2019 ◽  
Vol 3 (1) ◽  
pp. 43-52
Author(s):  
Francisco García Martínez
Keyword(s):  
Data Privacy ◽  
Personal Information ◽  
National Level ◽  
The United States ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Privacy Laws ◽  
The Us ◽  
General Data ◽  
The Eu

The creation of the General Data Protection Regulation (GDPR) constituted an enormous advance in data privacy, empowering the online consumers, who were doomed to the complete loss of control of their personal information. Although it may first seem that it only affects companies within the European Union, the regulation clearly states that every company who has businesses in the EU must be compliant with the GDPR. Other non-EU countries, like the United States, have seen the benefits of the GDPR and are already developing their own privacy laws. In this article, the most important updates introduced by the GDPR concerning US corporations will be discussed, as well as how American companies can become compliant with the regulation. Besides, a comparison between the GDPR and the state of art of privacy in the US will be presented, highlighting similarities and disparities at the national level and in states of particular interest.

scholarly journals Medical Error in Psychiatry - Brazilian Analysis and Proposal For A Doctor's Protection Protocol

2020 ◽  
Vol 03 (11) ◽  
Author(s):  
Homaile Mascarin do Vale ◽  
Keyword(s):  
Data Protection ◽  
Medical Error ◽  
Medical Malpractice ◽  
Patient Privacy ◽  
General Data Protection Regulation ◽  
Consumer Privacy ◽  
Privacy Act ◽  
The Face ◽  
General Data ◽  
Real Practice

There is an increase in the number of medical malpractice cases all over the world and the detachment of the role of the judiciary and the real practice of medical activity is striking, converging to a weakness of the doctor in the face of a system that does not advocate the equalization of plaintiff and defendant in the process, bringing procedural difficulties to the doctor due to the legislation, especially the Brazilian. In a transdisciplinary way, permeating the law and medicine, the article mapped the operation of the Brazilian judiciary in the face of medical error and, specifically, measured how the state power understands cases about psychiatry, a specialty that is difficult to prove medical error. It was analyzed statistically how Brazilian courts behave, creating a procedural diagnosis of justice. This research offers a protection protocol to the psychiatrist inspired by the General Data Protection Law, which in turn comes from the European General Data Protection Regulation and the California Consumer Privacy Act of 2018 to address the procedural vulnerability of the doctor in medical error processes respecting patient privacy and intimacy, applicable and adaptable to countries and continents that have legislation for specific data protection. The article concludes by critically analyzing the format of processing and judgment of medical malpractice cases in Brazil, proposing a multidisciplinary configuration in search of real justice.

Oblivion Is Full of Memory

2021 ◽  
pp. 441-465
Author(s):  
Anabelen Casares Marcos
Keyword(s):  
Data Protection ◽  
Personal Information ◽  
Self Determination ◽  
Current Status ◽  
The Internet ◽  
General Data Protection Regulation ◽  
Legal Duty ◽  
General Data ◽  
The Right ◽  
The Eu

The right to informational self-determination has raised bitter debate over the last decade as to the opportunity and possible scope of the right to demand withdrawal from the internet of personal information which, while true, might represent a detriment that there is no legal duty to put up with. The leading case in this topic is that of Mario Costeja, Judgment of the EU Court of Justice, May 13, 2014. The interest of recent European jurisprudence lies not so much in the recognition of such a right but in the appreciation of certain limits to its implementation, assisting data protection authorities in balancing the rights at stake in each case. Reflection on the current status of the issue considers rights and duties imposed in the matter by Regulation (EU) 2016/679, of 27 April, known as the new General Data Protection Regulation.

scholarly journals IoT and Smart Home Data Breach Risks from the Perspective of Data Protection and Information Security Law

2020 ◽  
Vol 11 (3) ◽  
pp. 167-185
Author(s):  
Goran Vojković ◽  
Melita Milenković ◽  
Tihomir Katulić
Keyword(s):  
Information Security ◽  
Data Protection ◽  
Smart Home ◽  
Personal Information ◽  
Legal Framework ◽  
Smart Devices ◽  
General Data Protection Regulation ◽  
General Data ◽  
Data Controller ◽  
Security Incidents

AbstractBackgroundIoT and smart devices have become extremely popular in the last few years. With their capabilities to collect data, it is reasonable to have concerns about the protection of users’ personal information and privacy in general.ObjectivesComparing existing regulations on data protection and information security rules with the new capabilities provided by IoT and smart devices.Methods/approachThis paper will analyse information on data collected by IoT and smart devices and the corresponding legal framework to explore whether the legal framework also covers these new devices and their functionalities.ResultsVarious IoT and smart devices pose a high risk to an individual's privacy. The General Data Protection Regulation, although a relatively recent law, may not adequately regulate all instances and uses of this technology. Also, due to inadequate technological protection, abuse of such devices by unauthorized persons is possible and even likely.ConclusionsThe number of IoT and smart devices is rapidly increasing. The number of IoT and smart home device security incidents is on the rise. The regulatory framework to ensure data controller and processor compliance needs to be improved in order to create a safer environment for new innovative IoT services and products without jeopardizing the rights and freedoms of data subjects. Also, it is important to increase awareness of homeowners about potential security threats when using IoT and smart devices and services.

scholarly journals A System to Access Online Services with Minimal Personal Information Disclosure

2021 ◽  
Author(s):  
Antonia Russo ◽  
Gianluca Lax ◽  
Baptiste Dromard ◽  
Menad Mezred
Keyword(s):  
Data Protection ◽  
Information Disclosure ◽  
Personal Information ◽  
Personal Data ◽  
Cryptographic Primitives ◽  
Online Services ◽  
General Data Protection Regulation ◽  
General Data

AbstractThe General Data Protection Regulation highlights the principle of data minimization, which means that only data required to successfully accomplish a given task should be processed. In this paper, we propose a Blockchain-based scheme that allows users to have control over the personal data revealed when accessing a service. The proposed solution does not rely on sophisticated cryptographic primitives, provides mechanisms for revoking the authorization to access a service and for guessing the identity of a user only in cases of need, and is compliant with the recent eIDAS Regulation. We prove that the proposed scheme is secure and reaches the expected goal, and we present an Ethereum-based implementation to show the effectiveness of the proposed solution.

Sign in / Sign up

Export Citation Format

Share Document