Ali Alibeigi,Abu Bakar Munir,Adeleh Asemi

DOI: https://doi.org/10.1080/13600869.2021.1970936

2021-08-23

International Review of Law, Computers and Technology

Abstract:The sensitivity and value of personal information, especially financial data concerning the increasing threats, particularly in the online domain, make it urgent to assess how far financial companies are serious about respecting and protecting individuals' information privacy. The recent incidents and cases in Malaysia indicate this necessity. To date, there is not any official report or study concerning this issue in Malaysia. The purpose of the research was to assess the out-put of the Malaysian Personal Data Protection Act 2010 through evaluating the privacy policies of the Banks and Financial Institutions. In this qualitative research, the compliance assessment is delimited to compliance with specific requirements, especially the Notice and Choice Principle and individuals' rights through document study. We proposed an evaluation model based on the standards of the PDPA. The qualitative analysis of the results showed a non-compliance with the requirements of the Act by the financial sector. Hence, suggestions and solutions are provided in line with a standard privacy policy for these types of companies.

Hui Na Chua,Anthony Herbland,Siew Fan Wong,Younghoon Chang

DOI: https://doi.org/10.1016/j.tele.2017.01.008

IF: 9.14

2017-07-01

Telematics and Informatics

Abstract:This study examines how organizations in Malaysia frame their privacy policy notice to comply with the Personal Data Protection Act (PDPA, 2010) and if these organizations differ in their level of compliance and the readability of their privacy notices. We collected the online privacy polices of 306 organizations from 12 sectors to assess their readability and compliance with PDPA requirements. The results show that private-owned organizations have higher compliance level compared to public-owned organizations. Sectors that hold more personal sensitive data obtain higher compliance scores. Non-governmental organizations demonstrate higher compliance level compared to government-owned organizations. Despite differences in the compliance scores, most organizations fail to meet the requirements of the PDPA. Our study also reveals that readability has a negative correlation with the compliance score because simple and shorter version of the privacy policies often lack detailed information. Our findings provide valuable insights into organizations’ privacy policy compliance across different sectors in Malaysia. Specifically, the Malaysian authority should implement more effective mechanisms to enforce the compliance of the PDPA. Organizations should also take corrective actions to improve the compliance scores of their online privacy policies.

information science & library science

Valentina Ancillia Simbolon,Vishnu Juwono

DOI: https://doi.org/10.31314/pjia.11.2.178-190.2022

2022-12-30

Publik (Jurnal Ilmu Administrasi)

Abstract:Data leakage is one of the high potentials for criminal acts in cyberspace. The Indonesian government passed the Personal Data Protection Act (UU PDP) to ensure the security of every citizen's personal data. This study aims to compare the policies of the Personal Data Protection Act with the European Union General Data Protection Regulations (EU-GDPR). This study uses a qualitative descriptive analysis method with data from previous studies and official releases from the Indonesian government and the European Union. The results of this study illustrate that the PDP Law and the EU-GDPR have the same arrangements regarding the rights of personal data subjects. In the data processing aspect, the principle of processing personal data in the PDP Law is not mandatory. In contrast, in the EU-GDPR, the principle of processing personal data is mandatory. In the aspect of controlling and processing personal data, both rights and responsibilities are almost the same, both for the PDP Law and the EU-GDPR. In the aspect of imposing sanctions, EU-GDPR is more apparent in the mechanism of imposing sanctions in the form of fines. While in the PDP Law, sanctions consist of administrative sanctions, criminal sanctions, and criminal fines, the mechanism of imposing sanctions is not yet clear.

English Else

Dian Purwaningrum Soemitro,Muhammad Arvin Wicaksono,Nur Aini Putri

DOI: https://doi.org/10.37276/sjh.v5i1.272

2023-07-31

SIGn Jurnal Hukum

Abstract:This study aims to compare the penal provisions between the PDPA and Law Number 27 of 2022. This study uses normative legal research with the statute and comparative approaches. The collected legal material is then qualitatively analyzed to describe the problem and answer study purposes. The results show a striking difference between the PDPA and Law Number 27 of 2022 concerning penal provisions related to offenses of personal data protection. The PDPA portrays a more moderate approach by establishing relatively lighter imprisonment and fines. In contrast, Law Number 27 of 2022 illustrates a stricter approach with more severe imprisonment, fines, and additional punishments. Singapore leans towards prevention and education, while Indonesia places a high priority on law enforcement. Nonetheless, both approaches ultimately aim to protect their citizens’ personal data. Therefore, it recommended that the relevant authorities in both Singapore and Indonesia continually evaluate and adapt their legal frameworks to safeguard personal data effectively. Singapore could consider stricter penalties to discourage offenses while maintaining its focus on education and prevention. On the other hand, while Indonesia’s commitment to law enforcement is commendable, it could also benefit from incorporating preventive measures and public education to promote understanding and voluntary compliance. Collaborative efforts between the two countries can facilitate continual enhancements in personal data protection within their respective jurisdictions.

Ida Madieha Azmi

DOI: https://doi.org/10.1080/136008602760586769

2002-11-01

International Review of Law, Computers and Technology

Abstract:One of the concerns of e-commerce is the need to maintain users' privacy online. The usage of technical means to track down user's surfing and purchasing tendencies by the use of cookies, and sniffers to capture data while in the course of transmissions, has raised significant privacy issues. These anonymous data minings, although they may not necessarily bring harm to customers, nevertheless are a form of intrusion into one's privacy in cyberspace. In the US, the Federal Trade Commission has submitted a self-regulatory plan to require Web advertising companies to notify consumers of their Internet profiling activities and to give the customers the chance to choose whether information about Web activities and interests can be gathered anonymously. It is for this purpose that the Malaysian legislators devised the Personal Data Protection Bill. The importance of this is made clear in the explanatory statement of the personal data protection bill in Malaysia. The draft bill makes the law in Malaysia closer to the EU regime, which chooses legislation over self-regulation in this area. The purpose of this paper is to examine the nature, manner and scope of personal data protection under the Malaysian Bill.

Abraham Ethan Martupa Sahat Marune,Brandon Hartanto

DOI: https://doi.org/10.46336/ijbesd.v2i4.170

2021-11-07

Abstract:The development of technology, communication, and the internet has positive and negative influences on all sectors of life in society. One of the negative impacts and problems is the alleged criminal act of buying and selling data and the absence of a special law (lex specialist) regarding the regulation of Indonesian personal data. The purpose of this research is to analyze in-depth the efforts to strengthen the protection of personal data, cyber security, and increase public awareness of the perspective of Progressive Law in Indonesia. This study uses a normative juridical method using secondary data, a statutory approach, a conceptual approach, and a case approach. This scientific paper concludes that the Synergy of Ministries and related institutions (Legislative, Executive, and Judiciary) is the key to protecting personal data and cyber resilience. Then, strengthening efforts should be made, namely immediately passing the Draft Law on Personal Data Protection (RUU PDP), forming an independent institution. However, if at this time a dispute occurs, it can be resolved by Article 30 of the ITE Law and the PMH Lawsuit (Tort), supported by a progressive legal approach and futuristic interpretation by the judge examining the quo case. The synergy of government agencies, the private sector, and other stakeholders is needed to increase public awareness by increasing education/dissemination of efforts to prevent misuse of personal data.

Ninne Zahara Silviani,Rina Shahriyani Shahrullah,Vanessa Riarta Atmaja,Park Ji Hyun

DOI: https://doi.org/10.25216/jhp.12.3.2023.517-546

2023-11-30

JURNAL HUKUM DAN PERADILAN

Abstract:This paper explores the various practices surrounding the legal framework for protecting personal data in the context of private electronic systems used by commercial companies. The research's main focus is the ambiguity of the goals of Indonesia's Electronic System providers and how they may adopt better practices to enhance data protection within Electronic System Providers, so this extensive examination also includes a thorough comparison of the personal data protection laws in South Korea and Indonesia. This investigation aims to carefully define, evaluate, and harmonize the two countries' unique legal systems. This study uses a normative legal research framework with a Teleological and Legal Protection approach as its research technique. Additionally, it uses the comparative law method to clarify, outline, and examine the specifics of the personal data protection laws that are now in force in Indonesia and South Korea. The results of this research go beyond identifying problems; they are expected to produce a thorough understanding of the complexities surrounding personal data security in the context of electronic commerce. These discoveries are well-positioned to be the foundation for upcoming regulatory improvements, eventually encouraging more potent and reliable data protection procedures in both nations.

Dewa Gede Sudika Mangku,Ni Putu Rai Yuliartini,I. Nengah Suastika,I. Gusti Made Arya Suta Wirawan

DOI: https://doi.org/10.35741/issn.0258-2724.56.1.23

2021-01-01

Journal of Southwest Jiaotong University

Abstract:The emergence and rapid development of information and communication technology has brought about various opportunities and challenges. One of them is the active interaction between individuals and the digital-based information service providers. In modern economic development, related information including personal data or also known as digital dossier—the collection of large amounts of an individual’s information using digital technology—are valuable assets due to their high economic value since they are widely utilized by businesses. In this regard and due to the increasing number of cellphone and internet users, there is a need to study the issues on the importance of protecting one’s personal data. In Indonesia, there is no specific regulation regarding the protection of personal data. Therefore, it is essential to come up with specific and comprehensive legislation related to personal data protection as legal basis for better implementation of personal data protection in Indonesia in the future. The purpose of this research is to find out and analyze the current policies on protection of personal data of internet users in Indonesia. This study uses a normative juridical method with a statutory approach and utilizes literature study. The result shows that the concept of personal data protection implies that individuals have the right to determine whether one will join an online community, share or exchange personal data with another, and the conditions that must be met in order to do so. The study likewise found that the threat of personal data leakage is increasingly occurring because of the development of the e-commerce sector in Indonesia.

English Else

Hanita Mayasari

DOI: https://doi.org/10.62264/jlej.v1i1.4

2023-11-27

Abstract:The objective of this study is to elucidate the challenges presented by technological advancements, namely digital metaverse technology, with regard to safeguarding personal data in Indonesia. This study also investigates these issues via the lens of human rights. The research methodology employed in this study encompasses a mixed approach, combining socio-legal and normative research methods. The research findings indicate that there is a pressing need for the safeguarding of personal data in Indonesia, particularly in light of the escalating number of incidents and the advancement of the information technology sector. The significance of metaverse technology should not be underestimated, thereby necessitating a thorough legislative reform to address the associated difficulties. The enactment of the PDP Law represents the initial measure taken by the government to establish a framework for the administration of personal data protection. The active participation of all stakeholders, particularly those in the digital economy industry, is vital in the formulation and implementation of rules. Additionally, it is crucial to adhere to the principles of Data Protection By Design and By Default. The PDP Law encompasses various significant provisions that can be utilised by the Indonesian government to enforce personal data protection measures and impose penal consequences upon those who breach the regulations stipulated within this legislation. The PDP Law serves as a legal framework that holds applicability not only inside national boundaries but also extends to international jurisdictions, particularly in the context of the contemporary metaverse.

Amelia Rossame,Sinta Dewi Rosadi,Rika Ratna Permata

DOI: https://doi.org/10.59141/jrssem.v3i3.552

2023-10-25

Abstract:The fast advancement of information and communication technology has had a positive influence on society. The free and open transmission of knowledge is the ideal condition for its application. Meanwhile, information technology itself serves as a channel for information dissemination. Customer data received by telecommunications service providers is a trade secret of the corporation since it has economic worth, is confidential, and is kept confidential. Customer personal data, on the other hand, is sensitive and deemed harmful since telecommunications service providers indirectly gain from someone's privacy. This paper will compare the legal framework if there is a legal conflict between personal data and trade secrets based on positive law in Indonesia that applies the GDPR principles to the personal data protection system adopted by other nations, take, for example, the United States, Europe, also Australia. In accordance with the attached case, namely a data breach by Optus, an Australian telecommunications company, the author wishes to examine it within the scope of positive law in Indonesia by comparing legal settlements that have been implemented in Australia, so that if a data breach occurs in Indonesian territory as a result of telecommunications industry mergers and acquisitions, the author will be able to analyze it within the scope of positive law in Indonesia and can be a basis for answering questions regarding legal protection and accountability.

English Else

Hamoud Alhazmi,Ahmed Imran,Mohammad Abu Alsheikh

2024-11-19

Abstract:Perception of privacy is a contested concept, which is also evolving along with the rapid proliferation and expansion of technological advancements. Information systems (IS) applications incorporate various sensing infrastructures, high-speed networks, and computing components that enable pervasive data collection about people. Any digital privacy breach within such systems can result in harmful and far-reaching impacts on individuals and societies. Accordingly, IS organisations have a legal and ethical responsibility to respect and protect individuals digital privacy rights. This study investigates people perception of digital privacy protection of government data using the General Data Protection Regulation (GDPR) framework. Findings suggest a dichotomy of perception in protecting people privacy rights. For example, people perceive the right to be informed as the most respected and protected in Information Technology (IT) systems. On the contrary, the right to object by granting and with-drawing consent is perceived as the least protected. Second, the study shows evidence of a social dilemma in people perception of digital privacy based on their context and culture.

Cryptography and Security

Atheer Aljeraisy,Masoud Barati,Omer Rana,Charith Perera

DOI: https://doi.org/10.48550/arXiv.2210.03520

2022-10-06

Cryptography and Security

Abstract:Internet of Things (IoT) applications have the potential to derive sensitive information about individuals. Therefore, developers must exercise due diligence to make sure that data are managed according to the privacy regulations and data protection laws. However, doing so can be a difficult and challenging task. Recent research has revealed that developers typically face difficulties when complying with regulations. One key reason is that, at times, regulations are vague, and could be challenging to extract and enact such legal requirements. In our research paper, we have conducted a systematic analysis of the data protection laws that are used across different continents, namely: (i) General Data Protection Regulations (GDPR), (ii) the Personal Information Protection and Electronic Documents Act (PIPEDA), (iii) the California Consumer Privacy Act (CCPA), (iv) Australian Privacy Principles (APPs), and (v) New Zealand's Privacy Act 1993. In this technical report, we presented the detailed results of the conducted framework analysis method to attain a comprehensive view of different data protection laws and highlighted the disparities, in order to assist developers in adhering to the regulations across different regions, along with creating a Combined Privacy Law Framework (CPLF). After that, we gave an overview of various Privacy by Design (PbD) schemes developed previously by different researchers. Then, the key principles and individuals' rights of the CPLF were mapped with the privacy principles, strategies, guidelines, and patterns of the Privacy by Design (PbD) schemes in order to investigate the gaps in existing schemes.

Rina Shahriyani Shahrullah,Jihyun Park,Irwansyah Irwansyah

DOI: https://doi.org/10.20956/halrev.v10i1.5016

2024-01-03

Hasanuddin Law Review

Abstract:Personal data leakages have been experienced by both Indonesia and South Korea. To ensure the protection of privacy rights relating to personal data, both countries have promulgated special laws, namely the Indonesian Personal Data Protection Law (PDP Law) and the South Korean Personal Information Protection Act (PIPA). This study aims to compare the two laws to ascertain their similarities and differences by adopting a comparative law approach. The study found that similarities exist in the two laws. They are to protect personal data and confer rights on data subjects. In the absence of explicit consent given by data subjects, data controllers and processors are prohibited from collecting and processing the data with some exceptions. They also mandate a special institution that is tasked to investigate and sanction data controllers and processors when they conduct data infringement. There are inherent differences in the two laws. PIPA is designed to be the framework legislation and PDP is designed to be a special statute. Additionally, PIPA mandates the institution dealing with personal data protection without referring to any other law but the Act itself. PDP Law clearly states that further provisions relating to this institution will be governed by Presidential Regulation.

Priscilla Regan

DOI: https://doi.org/10.1111/1468-5973.1101003

2003-03-01

Journal of Contingencies and Crisis Management

Abstract:In the online and offline worlds, the value of personal information – especially information about commercial purchases and preferences – has long been recognised. Exchanges and uses of personal information have also long sparked concerns about privacy. Public opinion surveys consistently indicate that overwhelming majorities of the American public are concerned that they have lost all control over information about themselves and do not trust organisations to protect the privacy of their information. Somewhat smaller majorities favour federal legislation to protect privacy. Despite public support for stronger privacy protection, the prevailing policy stance for over thirty years has been one of reluctance to legislate and a preference for self‐regulation by business to protect privacy. Although some privacy legislation has been adopted, policy debates about the commercial uses of personal information have been dominated largely by business concerns about intrusive government regulation, free speech and the flow of commercial information, costs, and effectiveness. Public concerns about privacy, reflected in public opinion surveys and voiced by a number of public interest groups, are often discredited because individuals seem to behave as though privacy is not important. Although people express concern about privacy, they routinely disclose personal information because of convenience, discounts and other incentives, or a lack of understanding of the consequences. This disconnect between public opinion and public behaviour has been interpreted to support a self‐regulatory approach to privacy protections with emphasis on giving individuals notice and choice about information practices. In theory the self‐regulatory approach also entails some enforcement mechanism to ensure that organisations are doing what they claim, and a redress mechanism by which individuals can seek compensation if they are wronged. This article analyses the course of policy formulation over the last twenty years with particular attention on how policymakers and stakeholders have used public opinion about the commercial use of personal information in formulating policy to protect privacy. The article considers policy activities in both Congress and the Federal Trade Commission that have resulted in an emphasis on “notice and consent.” The article concludes that both individual behaviour and organisational behaviour are skewed in a privacy invasive direction. People are less likely to make choices to protect their privacy unless these choices are relatively easy, obvious, and low cost. If a privacy protection choice entails additional steps, most rational people will not take those steps. This appears logically to be true and to be supported by behaviour in the physical world. Organisations are unlikely to act unilaterally to make their practices less privacy invasive because such actions will impose costs on them that are not imposed on their competitors. Overall then, the privacy level available is less than what the norms of society and the stated preferences of people require. A consent scheme that is most protective of privacy imposes the largest burden on the individual, as well as costs to the individual, while a consent scheme that is least protective of privacy imposes the least burden on the individual, as well as fewer costs to the individual. Recent experience with privacy notices that resulted from the financial privacy provisions in Gramm‐Leach‐Bliley supports this conclusion. Finally, the article will consider whether the terrorist attacks of 11 September have changed public opinion about privacy and what the policy implications of any changes in public opinion are likely to be.

management

Ani Munirah Mohammad,Nadia Nabila Mohd Saufi,Z. Hamin,Wan Rosalili Wan Rosli,Saslina Kamaruddin,M. B. Othman

DOI: https://doi.org/10.1109/ICDT57929.2023.10150615

2023-05-11

Abstract:AI is becoming increasingly important in cybersecurity. AI-based products detect risks and secure systems and data. Cybercriminals can use technology to launch more sophisticated attacks. AI-based security is in demand due to cyberattacks. With the adoption of AI technology, GDPR requires most countries to have legal measures to protect their citizens' data and privacy. Data protection and privacy issues arise when using AI technology. AI use must comply with GDPR, including obtaining consent for data processing, ensuring data accuracy, and giving individuals the right to access, correct, or delete their data. Organisations must also be transparent about how their AI makes decisions and not discriminate against individuals or groups. This study examines Malaysia's GDPR compliance on AI usage, data protection, and privacy in light of current concerns. This study analyses primary and secondary sources using doctrinal research. In 2022, Malaysia's banking, healthcare, and telecommunications sectors were hit by data breaches, indicating that AI is increasing data breaches. Thus, the government must examine citizen data protection and privacy concerns and re-examine its governance, including legal and regulatory mechanisms, to see if it conforms to international norms and consider reforms.

Computer Science,Law

Titis Pandan Wangi Reformasi,Hasrul Buamona

DOI: https://doi.org/10.55927/jlca.v3i3.10376

2024-08-06

Abstract:In the ever-evolving digital era, an in-depth exploration of the cybersecurity legal framework is a must. This article examines the background and discussion of personal data protection in 2023. It provides a comprehensive overview of the current cybersecurity landscape, identifying key trends and threats faced by individuals, businesses, and governments. The focus then shifts to regulatory and compliance analysis, exploring potential changes and evaluating the adequacy of current regulations. Next, we outline the latest technologies used in data protection, detailing the role of artificial intelligence (AI) to blockchain in strengthening cybersecurity. Ethical aspects are also highlighted, exploring how efforts to improve security can be balanced with individuals’ right to privacy and preventing abuse of power by authorities. Through analysis of key cases in 2023, this article highlights real-world experiences related to personal data breaches. From here, readers can gain a deeper understanding of how cybersecurity law is evolving and addressing the ever-growing threats in this digital era. This article aims to provide a holistic view, educating readers about the current challenges and innovations in personal data protection and contributing to a deeper understanding of the field.

Dr. Jawed Aziz Masudi, Nasir Mustafa

DOI: https://doi.org/10.52337/pjia.v6i3.906

2023-09-20

Pakistan Journal of International Affairs

Abstract:The importance of cybersecurity and data privacy cannot be overstated in today's digital age. As Pakistan continues to advance its digital infrastructure and reliance on technology, the need for robust cyber security and data privacy measures has become increasingly urgent. The country has seen a surge in cyber attacks and data breaches in recent years, highlighting the need for a comprehensive legal framework to protect peoples' and organizations' sensitive information. This research paper endeavors to furnish a thorough and up-to-date examination of the existing state of cybersecurity measures and data privacy concerns in Pakistan, with a focus on the challenges and limitations that need to be addressed in order to enhance the country's cyber resilience and protect its citizens' personal information. It will examine the existing legal framework, including the Pakistan Computer Emergency Response Team (Pak-CERT) Act, 2017, the PECA Act, 2016, the Data Protection Act, 2018, and the Cybercrime Act, 2019. The paper will also analyze the various regulations and guidelines related to cybersecurity and data privacy, such as the National Cybersecurity Policy, 2018, and the Data Protection Regulations, 2018. CERT rules 2023 gives a legislative framework to deal with cyber-attacks and vulnerabilities that come up from time to time at the national, industry, and organizational levels. It sets up a working structure for technical support, operational equipment, and capacity building services. The paper will also identify and discuss the challenges and limitations of the current legal framework, including inadequate legal provisions, lack of awareness and enforcement, limited found capacity of law enforcement agencies, and insufficient coordination between government agencies. Furthermore, the paper will provide recommendations for improving the legal framework, such as strengthening legal provisions, increasing awareness and enforcement, building strength for law enforcement agencies, and enhancing coordination between government agencies. The study will employ a qualitative research approach, using a combination of literature review, legal analysis, and expert opinions. The data collection methods will include a review of relevant laws, regulations, and guidelines, as well as interviews with experts in the field of cybersecurity and data privacy. The research paper's conclusions will further the current discussion on cyber security and data privacy in Pakistan., and provide valuable insights for policymakers, regulators, and stakeholders. The paper will also serve as a resource for individuals, businesses, and organizations seeking to understand the lawful framework for cyber security and data privacy in Pakistan. Ultimately, the paper aims to provide a comprehensive knowledge of the present state of cybersecurity and data privacy law in Pakistan and to offer recommendations for improvement, with the goal of enhancing the country's cyber security and data privacy posture.

Shara Monteleone

Abstract:Information notice and data subject's consent are the current main legal safeguards of data protection and privacy rights: they reflect individuals' instances, such as self-determination and control over one's own private sphere, that have been acknowledged in many jurisdictions. However, the theoretic strength of these safeguards appears frustrated by current online practices that seem suggesting to give-up with their most common form of implementation: privacy notices and request for consent. These measures are proving to be unsuccessful in increasing users' awareness and in fostering a privacy protective-behaviour. As recent studies have shown, although people declare privacy concerns, their actual behaviour diverges from their statements (the "privacy paradox"), as they seem to increasingly disclose personal data and to not even read privacy notices available online; eventually, the current privacy notices are not effective in regulating user's data disclosure. Behaviourally informed approaches to regulatory problems, already applied to different areas of information provision and public policy, helped to clarify the reasons of similar peoples' behaviour that cannot be reduced to a simplistic "users do not care about privacy." Highlighting the regulatory weakness of traditional information notices, applied behavioural science has also demonstrated to be particularly effective in improving users' decision-making and attaining concrete policy objectives if accompanied by ad hoc design interventions to display the relevant, salient information. As users do not read privacy policies or act in contradiction with them, other strategies might be more successful in promoting, "nudging," privacy-protective behaviour. The use of innovative information notices, like salient alerts and nudges, seems to be a promising means of behavioural change also in the area of digital privacy, a possible new area of application of behavioural insights. Building on recent studies in the field ( conducted mainly in the U.S.), this paper considers new forms of privacy notices (like "visceral" 2 Syracuse Journal of International Law and Commerce, Vol. 43, No. 1 [2015], Art. 4 https://surface.syr.edu/jilc/vol43/iss1/4 2015] Addressing the 'Failure' of Informed Consent 71 notices), as alternative or complement to current legal (technical) measures for data protection. For the informed consent approach (or "notice and choice" approach) to work, it needs to be improved with welldesigned, transparent and regulated nudging system, capable to help citizens in their decision-making as regards their privacy. Without disregarding the challenges and limitations of nudging strategies in public policy in general and in the privacy area in particular, and examining their legal grounds, the paper aims also to integrate that branch of legal-policy research that see "nudging" methods as an effective way to gently encourage safer behaviours in the citizens.

Computer Science,Economics,Law

Ayesha Qamar,Tehreem Javed,Mirza Omer Beg

DOI: https://doi.org/10.48550/arXiv.2102.12362

2021-02-21

Abstract:Privacy Policies are the legal documents that describe the practices that an organization or company has adopted in the handling of the personal data of its users. But as policies are a legal document, they are often written in extensive legal jargon that is difficult to understand. Though work has been done on privacy policies but none that caters to the problem of verifying if a given privacy policy adheres to the data protection laws of a given country or state. We aim to bridge that gap by providing a framework that analyzes privacy policies in light of various data protection laws, such as the General Data Protection Regulation (GDPR). To achieve that, firstly we labeled both the privacy policies and laws. Then a correlation scheme is developed to map the contents of a privacy policy to the appropriate segments of law that a policy must conform to. Then we check the compliance of privacy policy's text with the corresponding text of the law using NLP techniques. By using such a tool, users would be better equipped to understand how their personal data is managed. For now, we have provided a mapping for the GDPR and PDPA, but other laws can easily be incorporated in the already built pipeline.

Cryptography and Security,Computation and Language

Gong Nan,,

DOI: https://doi.org/10.21638/spbu14.2023.110

2023-01-01

Abstract:In the development of China’s Internet industry and digital economy, great importance is attached to the protection of personal data and seriously protects the legitimate rights and interests of citizens’ personal data. Generally speaking, with the development of technology and industry, China’s personal data protection has gone from “indirect protection” to “direct protection” and then to “comprehensive protection”. In the early years of China’s Internet industry, the indirect protection of personal data was mainly achieved through the protection of the “rights to privacy” of citizens. Since the Internet industry of the People’s Republic of China has entered a stage of rapid development, the state began to directly protect personal data in accordance with the provisions of the Chapter “Network Information Security” established in the “Cyber Security Law” of 2016, establishes several principles for the collection and use of personal data, protection requirements information security. Until November 1, 2021, the “Personal Data Protection Law of the People’s Republic of China” (PPD) was adopted to comprehensively protect personal data, reflecting the ideology of development focused on bringing the people to the center, meeting the new needs and aspirations of the people in the new era, and also proposing the creation international digital legal order “Chinese version”. The PPD further expands the scope of the object of personal data protection, comprehensively establishes the rights of individuals to process data, strengthens the obligations to protect personal data processors, creates strict rules for the protection of sensitive personal data and regulates the processing of personal data by public authorities, as well as improving the means of legal protection of personal data, all of which are important points in the legislation. The law incorporates advanced foreign experience, while emphasizing Chinese wisdom, the spirit of the times, and practicality in accordance with the reality of China.