"It may be a pain in the backside but..." Insights into the impact of
GDPR on business after three years
- URL: http://arxiv.org/abs/2110.11905v1
- Date: Fri, 22 Oct 2021 16:44:21 GMT
- Title: "It may be a pain in the backside but..." Insights into the impact of
GDPR on business after three years
- Authors: Gerard Buckley, Tristan Caulfield and Ingolf Becker
- Abstract summary: General Data Protection Regulation ( Ireland) came into effect in May.
Aim of study is to investigate if is all pain and no gain for business.
We find threat threat fines has focused corporate mind and made business more privacy aware.
Many implementation challenges remain.
New business development and intra-company communication is more constrained.
- Score: 2.5567566997688043
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: The General Data Protection Regulation (GDPR) came into effect in May 2018
and is designed to safeguard EU citizens' data privacy. The benefits of the
regulation to consumers' rights and to regulators' powers are well known. The
benefits to regulated businesses are less obvious and under-researched.
The aim of this study is to investigate if GDPR is all pain and no gain for
business. Using semi-structured interviews, we survey 14 C-level executives
responsible for business, finance, marketing, legal and technology drawn from
six small, medium and large companies in the UK and Ireland.
We find the threat of fines has focused the corporate mind and made business
more privacy aware. Organisationally, it has created new power bases within
companies to advocate GDPR. It has forced companies, in varying degrees, to
modernise their platforms and indirectly benefited them with better risk
management processes, information security infrastructure and up to date
customer databases. Compliance, for some, is used as a reputational signal of
trustworthiness.
We find many implementation challenges remain. New business development and
intra-company communication is more constrained. Regulation has increased costs
and internal bureaucracy. Grey areas remain due to a lack of case law.
Disgruntled customers and ex-employees weaponise Subject Access Requests (SAR)
as a tool of retaliation. Small businesses see GDPR as overkill and
overwhelming.
We conclude GDPR may be regarded as a pain by business but it has made it
more careful with data.
We recommend the EU consider tailoring a version of the regulation that is
better suited to SMEs and modifying the messaging to be more positive whilst
still exploiting news of fines to reinforce corporate data discipline.
Related papers
- A BERT-based Empirical Study of Privacy Policies' Compliance with GDPR [9.676166100354282]
This study aims to address challenge of compliance analysis between privacy policies for 5G networks.
We manually collected privacy policies from almost 70 different MNOs and we utilized an automated BERT-based model for classification.
In addition, we present first empirical evidence on the readability of privacy policies for 5G network. we adopted incorporates various established readability metrics.
arXiv Detail & Related papers (2024-07-09T11:47:52Z) - GDPR: Is it worth it? Perceptions of workers who have experienced its implementation [1.9662978733004604]
We investigate how cost and effort is viewed by workers and citizens.
Participants recognise their rights when prompted but know little about their regulator.
They have observed concrete changes to practices in their workplaces and appreciate trade-offs.
The very people who consider it to be positive for their company consider it to be positive for privacy and not pointless bureaucratic regulation.
arXiv Detail & Related papers (2024-05-16T16:18:35Z) - SoK: The Gap Between Data Rights Ideals and Reality [46.14715472341707]
Do rights-based privacy laws effectively empower individuals over their data?
This paper scrutinizes these approaches by reviewing empirical studies, news articles, and blog posts.
arXiv Detail & Related papers (2023-12-03T21:52:51Z) - The risks of risk-based AI regulation: taking liability seriously [46.90451304069951]
The development and regulation of AI seems to have reached a critical stage.
Some experts are calling for a moratorium on the training of AI systems more powerful than GPT-4.
This paper analyses the most advanced legal proposal, the European Union's AI Act.
arXiv Detail & Related papers (2023-11-03T12:51:37Z) - SILO Language Models: Isolating Legal Risk In a Nonparametric Datastore [125.06066299987106]
We present SILO, a new language model that manages this risk-performance tradeoff during inference.
SILO is built by (1) training a parametric LM on Open License Corpus (OLC), a new corpus we curate with 228B tokens of public domain and permissively licensed text.
Access to the datastore greatly improves out of domain performance, closing 90% of the performance gap with an LM trained on the Pile.
arXiv Detail & Related papers (2023-08-08T17:58:15Z) - Priorities for more effective tech regulation [3.8073142980733]
Report proposes a range of priorities for regulators, academia and the interested public in order to move beyond the status quo.
Current legal practice will not be enough to meaningfully tame egregious data practices.
arXiv Detail & Related papers (2023-02-27T16:53:05Z) - Privacy Dashboards for Citizens and corresponding GDPR Services for Small Data Holders: A Literature Review [0.0]
We present a literature review on solutions promising relief in the form of privacy dashboards for citizens and services for small data holders.
This is ought to be a step towards both enabling citizens to exercise their rights and supporting small data holders to comply with their duties.
arXiv Detail & Related papers (2023-02-01T09:08:54Z) - Having your Privacy Cake and Eating it Too: Platform-supported Auditing
of Social Media Algorithms for Public Interest [70.02478301291264]
Social media platforms curate access to information and opportunities, and so play a critical role in shaping public discourse.
Prior studies have used black-box methods to show that these algorithms can lead to biased or discriminatory outcomes.
We propose a new method for platform-supported auditing that can meet the goals of the proposed legislation.
arXiv Detail & Related papers (2022-07-18T17:32:35Z) - Automated Detection of GDPR Disclosure Requirements in Privacy Policies
using Deep Active Learning [3.659023646021795]
Most privacy policies are verbose, full of jargon, and vaguely describe companies' data practices and users' rights.
In this paper, we create a privacy policy dataset of 1,080 websites labeled with the 18 requirements.
We develop a Convolutional Network (CNN) based model which can classify the privacy policies with an accuracy of 89.2%.
arXiv Detail & Related papers (2021-11-08T01:28:27Z) - Second layer data governance for permissioned blockchains: the privacy
management challenge [58.720142291102135]
In pandemic situations, such as the COVID-19 and Ebola outbreak, the action related to sharing health data is crucial to avoid the massive infection and decrease the number of deaths.
In this sense, permissioned blockchain technology emerges to empower users to get their rights providing data ownership, transparency, and security through an immutable, unified, and distributed database ruled by smart contracts.
arXiv Detail & Related papers (2020-10-22T13:19:38Z) - A vision for global privacy bridges: Technical and legal measures for
international data markets [77.34726150561087]
Despite data protection laws and an acknowledged right to privacy, trading personal information has become a business equated with "trading oil"
An open conflict is arising between business demands for data and a desire for privacy.
We propose and test a vision of a personal information market with privacy.
arXiv Detail & Related papers (2020-05-13T13:55:50Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.