Mapping the Empirical Evidence of the GDPR (In-)Effectiveness: A Systematic Review
0
📶
Sign in to get full access
Overview
- The paper examines the disconnect between traditional legal and theoretical approaches to data protection and the growing body of empirical evidence in this field.
- It conducts a comprehensive review and synthesis of empirical research on data protection spanning nearly three decades, from 1995 to March 2022.
- The goal is to advocate for a more robust integration of empirical evidence into the evaluation and review of the General Data Protection Regulation (GDPR), and to lay a methodological foundation for future empirical research.
Plain English Explanation
The paper explores the gap between how data protection is traditionally studied and the real-world evidence that has been collected. Much of the academic and regulatory discussions around data protection focus on abstract legal principles or theoretical frameworks, without closely examining the actual impact and perceptions of these policies.
Plain English Explanation of Key Concepts
Over the past few decades, a modest amount of empirical research has been conducted on data protection, but this evidence has remained scattered and underutilized. The paper argues that this empirical data offers vital insights into how data protection measures are perceived, how effective they are, and what their actual effects are. However, these insights have not been adequately integrated into the broader discussions and evaluations of data protection regulations like the GDPR.
To address this gap, the paper conducts a comprehensive review of the empirical research on data protection from the past 27 years. The goal is to synthesize this evidence and use it to inform a more grounded and effective approach to data protection policy and regulation.
Technical Explanation
The paper presents a systematic review and synthesis of empirical research on data protection spanning nearly three decades, from 1995 to March 2022. This extensive analysis aims to bridge the disconnect between traditional legal and theoretical approaches to data protection and the growing body of real-world evidence in this field.
Technical Explanation of Empirical Research Methodology
The review covers a wide range of empirical studies, including surveys, experiments, and observational research, that have explored various aspects of data protection, such as the perception, impact, clarity, and effects of data protection measures. By synthesizing this diverse body of evidence, the paper advocates for a more robust integration of empirical findings into the evaluation and review of data protection regulations, such as the GDPR.
Technical Explanation of GDPR Evaluation and Review
The authors argue that this approach will lead to a more grounded and effective approach to data protection policy and regulation, moving away from the often-abstract legal and theoretical frameworks that have dominated the field.
Critical Analysis
The paper acknowledges several limitations and areas for further research. For example, it notes that the empirical evidence reviewed remains "widely scattered and unexamined," suggesting that more systematic and coordinated efforts are needed to fully understand the real-world impact of data protection measures.
Critical Analysis of Limitations and Future Research
Additionally, the paper does not delve into the potential biases or methodological issues that may be present in the empirical studies it reviews. A more critical examination of the research methods and data sources used in these studies could help strengthen the paper's conclusions and recommendations.
Critical Analysis of Research Methodology and Data Sources
Overall, the paper makes a compelling case for the need to better integrate empirical evidence into the ongoing evaluation and development of data protection regulations. However, a more thorough exploration of the limitations and potential pitfalls of this approach could further strengthen the paper's impact and usefulness for policymakers and researchers in the field.
Conclusion
This paper highlights the significant disconnect between the traditional legal and theoretical approaches to data protection and the growing body of empirical evidence in this field. By conducting a comprehensive review and synthesis of nearly three decades of empirical research, the authors advocate for a more robust integration of real-world data and insights into the evaluation and development of data protection regulations, such as the GDPR.
Conclusion on Implications and Future Directions
Bridging this gap between theory and practice could lead to more effective and evidence-based data protection policies that better serve the needs and concerns of individuals, organizations, and society as a whole. The methodological foundation laid by this paper can also inform and inspire future empirical research in this crucial domain.
This summary was produced with help from an AI and may contain inaccuracies - check out the links to read the original source documents!
Related Papers
📶
0
Mapping the Empirical Evidence of the GDPR (In-)Effectiveness: A Systematic Review
Wenlong Li, Zihao Li, Wenkai Li, Yueming Zhang, Aolan Li
In the realm of data protection, a striking disconnect prevails between traditional domains of doctrinal, legal, theoretical, and policy-based inquiries and a burgeoning body of empirical evidence. Much of the scholarly and regulatory discourse remains entrenched in abstract legal principles or normative frameworks, leaving the empirical landscape uncharted or minimally engaged. Since the birth of EU data protection law, a modest body of empirical evidence has been generated but remains widely scattered and unexamined. Such evidence offers vital insights into the perception, impact, clarity, and effects of data protection measures but languishes on the periphery, inadequately integrated into the broader conversation. To make a meaningful connection, we conduct a comprehensive review and synthesis of empirical research spanning nearly three decades (1995- March 2022), advocating for a more robust integration of empirical evidence into the evaluation and review of the GDPR, while laying a methodological foundation for future empirical research.
Read more7/22/2024
0
Evaluating the Effects of Digital Privacy Regulations on User Trust
Mehmet Berk Cetin
In today's digital society, issues related to digital privacy have become increasingly important. Issues such as data breaches result in misuse of data, financial loss, and cyberbullying, which leads to less user trust in digital services. This research investigates the impact of digital privacy laws on user trust by comparing the regulations in the Netherlands, Ghana, and Malaysia. The study employs a comparative case study method, involving interviews with digital privacy law experts, IT educators, and consumers from each country. The main findings reveal that while the General Data Protection Regulation (GDPR) in the Netherlands is strict, its practical impact is limited by enforcement challenges. In Ghana, the Data Protection Act is underutilized due to low public awareness and insufficient enforcement, leading to reliance on personal protective measures. In Malaysia, trust in digital services is largely dependent on the security practices of individual platforms rather than the Personal Data Protection Act. The study highlights the importance of public awareness, effective enforcement, and cultural considerations in shaping the effectiveness of digital privacy laws. Based on these insights, a recommendation framework is proposed to enhance digital privacy practices, also aiming to provide valuable guidance for policymakers, businesses, and citizens in navigating the challenges of digitalization.
Read more9/5/2024
0
A BERT-based Empirical Study of Privacy Policies' Compliance with GDPR
Lu Zhang, Nabil Moukafih, Hamad Alamri, Gregory Epiphaniou, Carsten Maple
Since its implementation in May 2018, the General Data Protection Regulation (GDPR) has prompted businesses to revisit and revise their data handling practices to ensure compliance. The privacy policy, which serves as the primary means of informing users about their privacy rights and the data practices of companies, has been significantly updated by numerous businesses post-GDPR implementation. However, many privacy policies remain packed with technical jargon, lengthy explanations, and vague descriptions of data practices and user rights. This makes it a challenging task for users and regulatory authorities to manually verify the GDPR compliance of these privacy policies. In this study, we aim to address the challenge of compliance analysis between GDPR (Article 13) and privacy policies for 5G networks. We manually collected privacy policies from almost 70 different 5G MNOs, and we utilized an automated BERT-based model for classification. We show that an encouraging 51$%$ of companies demonstrate a strong adherence to GDPR. In addition, we present the first study that provides current empirical evidence on the readability of privacy policies for 5G network. we adopted readability analysis toolset that incorporates various established readability metrics. The findings empirically show that the readability of the majority of current privacy policies remains a significant challenge. Hence, 5G providers need to invest considerable effort into revising these documents to enhance both their utility and the overall user experience.
Read more7/10/2024
🚀
50
GDPR: Is it worth it? Perceptions of workers who have experienced its implementation
Gerard Buckley, Tristan Caulfield, Ingolf Becker
The General Data Protection Regulation (GDPR) remains the gold standard in privacy and security regulation. We investigate how the cost and effort required to implement GDPR is viewed by workers who have also experienced the regulations' benefits as citizens: is it worth it? In a multi-stage study, we survey N = 273 & 102 individuals who remained working in the same companies before, during, and after the implementation of GDPR. The survey finds that participants recognise their rights when prompted but know little about their regulator. They have observed concrete changes to data practices in their workplaces and appreciate the trade-offs. They take comfort that their personal data is handled as carefully as their employers' client data. The very people who comply with and execute the GDPR consider it to be positive for their company, positive for privacy and not a pointless, bureaucratic regulation. This is rare as it contradicts the conventional negative narrative about regulation. Policymakers may wish to build upon this public support while it lasts and consider early feedback from a similar dual professional-consumer group as the GDPR evolves.
Read more5/17/2024