Data Protection in the EU, e-Privacy and Data Retention

• Unpacking privacy: Valuation of personal data protection. Skatova, Anya ; McDonald, Rebecca ; Ma, Sinong ; Maple, Carsten; Barreda-Tarrazona, Iván. PloS one, 2023-05, Vol.18 (5), p.e0284581-e0284581, Article e0284581

Abstract: Information about individual behaviour is collected regularly by organisations. This information has value to businesses, the government and third parties. It is not clear what value this personal data has to consumers themselves. Much of the modern economy is predicated on people sharing personal data, however if individuals value their privacy, they may choose to withhold this data unless the perceived benefits of sharing outweigh the perceived value of keeping the data private. One technique to assess how much individuals value their privacy is to ask them whether they might be willing to pay for an otherwise free service if paying allowed them to avoid sharing personal data. Our research extends previous work on factors affecting individuals' decisions about whether to share personal data. We take an experimental approach and focus on whether consumers place a positive value on protecting their data by examining their willingness to share personal data in a variety of data sharing environments. Using five evaluation techniques, we systematically investigate whether members of the public value keeping their personal data private. We show that the extent to which participants value protecting their information differs by data type, suggesting there is no simple function to assign a value for individual privacy. The majority of participants displayed remarkable consistency in their rankings of the importance of different types of data through a variety of elicitation procedures, a finding consistent with the existence of stable individual privacy preferences in protecting personal data. We discuss our findings in the context of research on the value of privacy and privacy preferences.

• AI privacy toolkit. Goldsteen, Abigail ; Saadi, Ola ; Shmelkin, Ron ; Shachor, Shlomit ; Razinkov, Natalia. SoftwareX, 2023-05, Vol.22, p.101352, Article 101352

Abstract: The need to analyse personal data to drive business alongside the requirement to preserve the privacy of data subjects creates a known tension. Data protection regulations such as GDPR and CCPA define strict restrictions and obligations on the collection and processing of personal data. These are also relevant for machine learning models, which can be used to derive personal information about their training sets. The open-source ai-privacy-toolkit is designed to help organizations navigate this challenging area and build more trustworthy AI solutions, with tools that protect privacy and help ensure the compliance of AI models.

• The Early Impact of GDPR Compliance on Display Advertising: The Case of an Ad Publisher. Wang, Pengyuan ; Jiang, Li ; Yang, Jian. Journal of marketing research, 2024-02, Vol.61 (1), p.70-91

Abstract: The European Union's General Data Protection Regulation (GDPR), with its explicit consent requirement, may restrict the use of personal data and shake the foundations of online advertising. The ad industry has predicted drastic loss of revenue from GDPR compliance and has been seeking alternative ways of targeting. Taking advantage of an event created by an ad publisher's request for explicit consent from users with European Union IP addresses, the authors find that for a publisher that uses a pay-per-click model, has the capacity to leverage both user behavior and web page content information for advertising, and observes high consent rates, GDPR compliance leads to modest negative effects on ad performance, bid prices, and ad revenue. The changes in ad metrics can be explained by temporal variations in consent rates. The impact is most pronounced for travel and financial services advertisers and least pronounced for retail and consumer packaged goods advertisers. The authors further find that web page context can compensate for the loss of access to users’ personal data, as the GDPR's negative impact is less pronounced when ads are posted on web pages presenting relevant content. The results suggest that publishers and advertisers should leverage targeting based on web page content after the GDPR’s rollout.

• Protecting EU data outside EU borders under the GDPR. Kuner, Christopher. Common market law review, 2023-02, Vol.60 (Issue 1), p.77-106

Abstract: The EU General Data Protection Regulation (GDPR) aims to protect personal data outside EU borders by its rules on territorial scope and its restrictions on international data transfers. Despite its importance in EU fundamental rights law, the purpose and interaction of the GDPR’s protections of cross-border data processing have long been shrouded in confusion. Initiatives of EU bodies to interpret the GDPR’s safeguards illustrate the need for EU law to demonstrate clarity and consistency in defending fundamental rights outside EU borders. Only by maintaining the high level of protection required by the GDPR and the Court of Justice, can the EU’s ambitions of cross-border data protection be realized and the GDPR’s influence in third countries be maintained. data protection, GDPR, territorial scope, international data transfers, Court of Justice, European Commission, European Data Protection Board

• Has the GDPR killed e-government? The “once-only” principle vs the principle of purpose limitation. Mikiver, Monika ; Tupay, Paloma Krõõt. International data privacy law, 2023-09, Vol.13 (3), p.194-206

Abstract: Allowing the state to use personal data for different purposes makes our life easier. When we move house or buy a car, a single exchange of data—if accessible to all the institutions concerned—can help ensure that the information that many public authorities have from us is up to date. The notion that the authorities should share with each other information they have already obtained once from citizens has also been enshrined in Estonian law as the ‘once-only principle’ (OOP). The European Union (EU) ministers responsible for e-government have affirmed their commitment to implementing the OOP for key public services also at EU level by the end of 2023. As large-scale data sharing may result in a loss of control of one’s personal data, the OOP’s impact on the right to privacy and on the protection of personal data must be carefully assessed. Success in reaching the OOP objective depends not least on the question of the extent to which this idea is compatible with EU data protection law—in particular, the purpose limitation principle laid down in Article 5 of the General Data Protection Regulation. Although the associated materials declare the OOP initiatives’ compliance with EU data protection principles, the present analysis shows the legal ambiguity related to processing personal data in this context. The present article offers different approaches to solutions.

• Table of contents – Subscribe to this service to receive in your mailbox the table of contents and full text access of specialised journals.
• Online journal articles – You can access a broad collection of e-articles through
  •  EBSCOhost search engine,
  • e-journal platform Browzine, or
  • via our EP Library Catalogue.

If you are unable to access the article you need, please contact us and we will get it for you as soon as possible.