GDPR: Is it worth it? Perceptions of workers who have experienced its implementation
- URL: http://arxiv.org/abs/2405.10225v1
- Date: Thu, 16 May 2024 16:18:35 GMT
- Title: GDPR: Is it worth it? Perceptions of workers who have experienced its implementation
- Authors: Gerard Buckley, Tristan Caulfield, Ingolf Becker,
- Abstract summary: We investigate how cost and effort is viewed by workers and citizens.
Participants recognise their rights when prompted but know little about their regulator.
They have observed concrete changes to practices in their workplaces and appreciate trade-offs.
The very people who consider it to be positive for their company consider it to be positive for privacy and not pointless bureaucratic regulation.
- Score: 1.9662978733004604
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: The General Data Protection Regulation (GDPR) remains the gold standard in privacy and security regulation. We investigate how the cost and effort required to implement GDPR is viewed by workers who have also experienced the regulations' benefits as citizens: is it worth it? In a multi-stage study, we survey N = 273 & 102 individuals who remained working in the same companies before, during, and after the implementation of GDPR. The survey finds that participants recognise their rights when prompted but know little about their regulator. They have observed concrete changes to data practices in their workplaces and appreciate the trade-offs. They take comfort that their personal data is handled as carefully as their employers' client data. The very people who comply with and execute the GDPR consider it to be positive for their company, positive for privacy and not a pointless, bureaucratic regulation. This is rare as it contradicts the conventional negative narrative about regulation. Policymakers may wish to build upon this public support while it lasts and consider early feedback from a similar dual professional-consumer group as the GDPR evolves.
Related papers
- A BERT-based Empirical Study of Privacy Policies' Compliance with GDPR [9.676166100354282]
This study aims to address challenge of compliance analysis between privacy policies for 5G networks.
We manually collected privacy policies from almost 70 different MNOs and we utilized an automated BERT-based model for classification.
In addition, we present first empirical evidence on the readability of privacy policies for 5G network. we adopted incorporates various established readability metrics.
arXiv Detail & Related papers (2024-07-09T11:47:52Z) - SoK: The Gap Between Data Rights Ideals and Reality [46.14715472341707]
Do rights-based privacy laws effectively empower individuals over their data?
This paper scrutinizes these approaches by reviewing empirical studies, news articles, and blog posts.
arXiv Detail & Related papers (2023-12-03T21:52:51Z) - A Randomized Approach for Tight Privacy Accounting [63.67296945525791]
We propose a new differential privacy paradigm called estimate-verify-release (EVR)
EVR paradigm first estimates the privacy parameter of a mechanism, then verifies whether it meets this guarantee, and finally releases the query output.
Our empirical evaluation shows the newly proposed EVR paradigm improves the utility-privacy tradeoff for privacy-preserving machine learning.
arXiv Detail & Related papers (2023-04-17T00:38:01Z) - Protecting User Privacy in Online Settings via Supervised Learning [69.38374877559423]
We design an intelligent approach to online privacy protection that leverages supervised learning.
By detecting and blocking data collection that might infringe on a user's privacy, we can restore a degree of digital privacy to the user.
arXiv Detail & Related papers (2023-04-06T05:20:16Z) - Privacy Dashboards for Citizens and corresponding GDPR Services for Small Data Holders: A Literature Review [0.0]
We present a literature review on solutions promising relief in the form of privacy dashboards for citizens and services for small data holders.
This is ought to be a step towards both enabling citizens to exercise their rights and supporting small data holders to comply with their duties.
arXiv Detail & Related papers (2023-02-01T09:08:54Z) - Automated Detection of GDPR Disclosure Requirements in Privacy Policies
using Deep Active Learning [3.659023646021795]
Most privacy policies are verbose, full of jargon, and vaguely describe companies' data practices and users' rights.
In this paper, we create a privacy policy dataset of 1,080 websites labeled with the 18 requirements.
We develop a Convolutional Network (CNN) based model which can classify the privacy policies with an accuracy of 89.2%.
arXiv Detail & Related papers (2021-11-08T01:28:27Z) - "It may be a pain in the backside but..." Insights into the impact of
GDPR on business after three years [2.5567566997688043]
General Data Protection Regulation ( Ireland) came into effect in May.
Aim of study is to investigate if is all pain and no gain for business.
We find threat threat fines has focused corporate mind and made business more privacy aware.
Many implementation challenges remain.
New business development and intra-company communication is more constrained.
arXiv Detail & Related papers (2021-10-22T16:44:21Z) - Towards Automatic Comparison of Data Privacy Documents: A Preliminary
Experiment on GDPR-like Laws [1.3537117504260623]
General Data Protection Regulation (NLP) becomes standard law for protection in many countries.
12 countries adopt their similarities-like regulations, but evaluating differences is time-consuming and needs manual effort from legal experts.
In this paper, we investigate a simple natural language processing (NLP) approach to tackle the problem.
arXiv Detail & Related papers (2021-05-21T03:59:29Z) - Second layer data governance for permissioned blockchains: the privacy
management challenge [58.720142291102135]
In pandemic situations, such as the COVID-19 and Ebola outbreak, the action related to sharing health data is crucial to avoid the massive infection and decrease the number of deaths.
In this sense, permissioned blockchain technology emerges to empower users to get their rights providing data ownership, transparency, and security through an immutable, unified, and distributed database ruled by smart contracts.
arXiv Detail & Related papers (2020-10-22T13:19:38Z) - A vision for global privacy bridges: Technical and legal measures for
international data markets [77.34726150561087]
Despite data protection laws and an acknowledged right to privacy, trading personal information has become a business equated with "trading oil"
An open conflict is arising between business demands for data and a desire for privacy.
We propose and test a vision of a personal information market with privacy.
arXiv Detail & Related papers (2020-05-13T13:55:50Z) - GDPR: When the Right to Access Personal Data Becomes a Threat [63.732639864601914]
We examine more than 300 data controllers performing for each of them a request to access personal data.
We find that 50.4% of the data controllers that handled the request, have flaws in the procedure of identifying the users.
With the undesired and surprising result that, in its present deployment, has actually decreased the privacy of the users of web services.
arXiv Detail & Related papers (2020-05-04T22:01:46Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.