Question

In: Operations Management

PLEASE READ AND ANSWER QUESTIONS Global View: International Privacy Laws Today’s online world, including the increasing...

PLEASE READ AND ANSWER QUESTIONS

Global View: International Privacy Laws

Today’s online world, including the increasing use of the cloud to store data on remote third-party servers, offers unprecedented opportunities for the global storage and transfer of personal information. To address the risks associated with the unregulated exchange of personal information, many jurisdictions around the world have enacted privacy laws, regulations, and rules dealing with data collection, processing, storage, disclosure, and use. Although definitions of the term privacy vary, common elements include freedom or protection of individuals and sometimes groups from unauthorized or unwanted intrusion into, or observation of, their personal information and from violation of the integrity of this information.

The type of protection, as well as the speed, level of completeness, and depth of regulation and implementation, varies from country to country. Increasingly, countries have addressed the cross-border transfer of personal information and taken steps to prevent the circumvention of existing national laws governing the storage, processing, and disclosure of information through the “off-shoring” of these activities. Accordingly, when multinational companies do business outside their home country, including offering products or services on the Internet, and collect personal information from residents of a foreign country, they are likely to fall under the privacy laws and regulations in that country.

The following is a brief overview of privacy laws and regulations in several key jurisdictions.

European Union

The European Union (EU) Data Protection Directive (Directive 95/46/EC), adopted in 1995, requires its Member States to safeguard the privacy of personal data by

(1)

giving notice to individuals about how their information will be used;

(2)

offering a choice when disclosing information to third parties (with opt-in consent required for sensitive information);

(3)

maintaining the security of personal information;

(4)

ensuring that the data are reliable, accurate, and current; and

(5)

giving individuals access to examine, correct, and delete information about themselves.

Because each EU Member State had to incorporate the provisions of the Data Protection Directive into national law for them to be binding, there is some variation in the privacy laws among the states.

The EU adopted the General Data Protection Regulation (GDPR) in 2016. It will enter into full force across all Member States on May 25, 2018. The GDPR will replace Directive 95/46/EC and affect organizations based within the EU, as well as foreign organizations doing business there. Although the GDPR is intended to make it easier for multinational entities operating across the EU to comply with data protection law, certain aspects of the regulation permit Member States to enact their own legislation, so inconsistencies in application may exist.

An important principle of both the Data Protection Directive and the GDPR is that personal information generally should not be collected unless the collection is

(1)

proportional (meaning adequate and not excessive relative to its purpose),

(2)

transparent (meaning that the affected individual must be informed as to the circumstances of the collection and consent to it), and

(3)

for a legitimate purpose.

The GDPR will make it easier for individuals to access and control their own data, including information on how their data are processed; make it easier to transfer personal data between service providers; clarify the “right to be forgotten,” which allows an individual to require that certain personal data be deleted (the subject of the “Inside Story” in Chapter 24); and, under certain circumstances, require notification when data have been hacked (e.g., if the breach is likely to result in a “high risk” to the data subject). Additionally, a data subject’s consent to process personal data must be “as easy to withdraw as to give.” In the case of “sensitive data,” consent must be explicit.

By modernizing and unifying the rules, cutting red tape, and reinforcing consumer trust, the GDPR will help businesses reap the benefits of the “Digital Single Market.” The legislation will create a “one-stop-shop” so that businesses can deal with only one privacy supervisory authority, making it less costly to do business in the EU; require companies based abroad to apply the same rules as EU-based firms when offering services inside the EU; provide for a “risk-based approach” to incorporating the rules; and require firms to build in data protection safeguards when developing products and services in the beginning stages of development (so-called data protection by design).

The GDPR broadened the definition of personal and sensitive data to include political opinions, religious and philosophical beliefs, health and sex life, and genetic and biometric data. The regulation applies both to data controllers (the entities determining how and why personal data are processed) in the EU and to data processors (the entities that process the personal data on behalf of data controllers) in the EU. The GDPR also applies to controllers and processors outside of the EU whose processing activities involve offering goods or services to EU data subjects or monitoring these subjects’ behavior within the EU.Penalties for breaching the GDPR can be significant.

Unlike the Data Protection Directive, the GDPR does not require a company that processes personal information (“personal data”) to register or notify data protection supervisory authorities before it starts collecting personal information. Instead, data controllers are required to maintain appropriate records to evidence compliance with the GDPR. Personal information may be transferred into third countries (countries outside the EU) only if the third country provides an adequate level of protection for the information.

Although the United States is not regarded as providing adequate protection, the EU and the United States adopted the EU-U.S. Privacy Shield in 2016 to permit the transfer of personal information from any EU member state to the United States under certain circumstances. The EU-U.S. Privacy Shield requires U.S. companies to ensure that individuals’ digital information, “from social media posts and search queries to information about workers’ pensions and payroll,” is not misused. Companies must adhere to seven principles: notice; choice; accountability for onward transfer; security; data integrity and purpose limitation; access; and recourse, enforcement, and liability, all as determined by self-assessment or assessment of a third party, with recertification required each year. The rules apply to all companies regardless of whether they are social media platforms, pharmaceutical companies, or industrial conglomerates subject to the jurisdiction of the FTC or the U.S Department of Transportation. In addition, the agreement requires the United States to provide an annual guarantee that its intelligence agencies will not have “indiscriminate access” to Europeans’ digital data when these data are sent to the United States. The agreement enables about $260 billion of trade in digital services, with nearly 2,000 companies (including Facebook, Google, and Microsoft) relying on the EU-U.S. Privacy Shield to store data about EU citizens on U.S. servers. A separate Swiss-U.S. Privacy Shield became effective in April 2017 and covers data transfers from Switzerland.

In January 2017, the European Commission proposed a revision to the ePrivacy Directive that aims to reinforce the right to privacy and control of data for European citizens. (Directive 2002/58/EC, referred to as the ePrivacy Directive, protects the privacy of communications over public electronic networks.) The revision would require messaging, email, and voice service providers to guarantee the “confidentiality of conversations and metadata around the time, place and other factors of those conversations.” The rules would prohibit service providers, such as Facebook Messenger, Google, WhatsApp, Skype, and others, from listening to, tapping, intercepting, scanning, or storing communications without users’ consent (except for certain “critical” functions); require “explicit consent” before data could be used for advertising; and eliminate consent requirements for cookies that do not affect privacy (“privacy intrusive” cookies would still require consent). As with the GDPR, the fines for noncompliance would be significant. The proposed rule was designed to close the “perceived regulation gap between traditional telecom[] companies and predominantly US-based internet communications companies” and to also allow telecom companies to use certain metadata—for example, the length and location of calls—to provide more services and earn more revenue. Although one EU regulator asserted that the proposed regulation is balanced because it gives consumers a high level of protection while also permitting businesses to innovate, others have stated that the EU is “on the verge of a regulation overload,” as this proposal follows shortly after the adoption of the GDPR.Further, an industry spokesperson representing Google and other companies argued that the proposed revision risks “incoherence and confusion” because the GDPR requires one approach to safeguarding privacy and ePrivacy calls for another approach.

Exercise:

Read Global View article on international privacy laws [pages 247-249 of textbook.]

Note especially the European Union General Data Protection Regulation [GDPR] which entered into force on May 25, 2018. Note that the EU approach to data privacy is that the data is a digital asset of the owner and that organizations seeking to use your data must secure your affirmative consent and that the consent needs to be proportionate, transparent and for a legitimate purpose, including the right to be forgotten. The regulation applies to organizations outside the EU to the extent that they handle the data of EU nationals.

You are the Chief Privacy Officer of Facebook. Facebook accumulates and analyzes the data of persons accessing its service [even if open on your computer when doing other activities.] Facebook then sells advertising to third parties based on the data. Facebook currently considers your accession to their service as consent for the collection and use of your data. Facebook currently benefits from increased use. This is called a network effect. 'Network effect' is a phenomenon whereby a product or service gains additional value as more people use it.

Write a one [1] paragraph response in Word format and post to the Course Discussion Board:

If data is a digital asset owned by the individual, do individuals in the EU have the right to charge Facebook for each use of the individual's data? If so, what impact will this have on the market value of Facebook's stock

Solutions

Expert Solution

1) Online data privacy is one of the challenges now global users are facing. It provides tension, disputes, doubts, insecurity, and litigation like situations to social media users across the globe. EU has already set rules and guidelines to manage the social media policy in the territory of EU to both domestic as well as an outsider organization doing business in EU. As In EU  “Digital Single Market was created to businesses, They can deal with only one privacy supervisory authority, making it less costly to do business in the EU; require companies based abroad to apply the same rules as EU-based firms when offering services inside the EU; It ask companies to make law when they design their product . European Union General Data Protection Regulation is beneficial for EU citizens as their data was protected by EU and with consent other American and global firms.

2) Actually there is lack of law which binds face book or other companies to pay compensation individual in case of excess their private data. If, users will take charge from Face book in the EU then it will increase the competition among companies to attract users and get consent from them to use those data to even the third parties.

It will give some decreasing impact to the face book’s stock in the market but soon it will gain its older position. If, facbook will pay its users then I think more data base it can access globally. Individual and organizations will register it to get such payout. So, face book will be in advantage state.


Related Solutions

Please read case and answer questions thank you. Today’s digital media companies are locked in an...
Please read case and answer questions thank you. Today’s digital media companies are locked in an arms race to generate original, high- quality content that can only be seen on their proprietary platforms. Netflix, Amazon, and Hulu have all been developing their own TV shows to lure users to their services, for example. Although most people don’t think of it in the same way as those sites, YouTube is no different. For much of its existence, YouTube has been synonymous...
Please read and answer the questions. ESPN is a global cable television network and media company...
Please read and answer the questions. ESPN is a global cable television network and media company with headquarters in Bristol, Connecticut. Founded in 1979, ESPN grew along with the cable television industry to become a mainstay of American popular culture. After a series of investments by Hearst Publications and ABC (the American Broadcasting Network), 80% of ESPN finally ended up in the hands of entertainment giant The Walt Disney Company, and 20% with the Hearst Corporation, a 100-year-old media company...
Please read the article and answer about questions. International Strategies When you are struggling to get...
Please read the article and answer about questions. International Strategies When you are struggling to get through that first year of business, international sales are about the last thing on your mind. The U.S. Department of Commerce, however, indicates that large compa- nies account for only about 4 percent of all exporters, meaning the other 98 percent of the exporters in 2010 were small businesses.22 Entrepreneurs typically fall into three categories. There are those who realistically will never go international...
Please read the case and answer the questions at the end. Please respond to two of...
Please read the case and answer the questions at the end. Please respond to two of your peers. Do you agree or disagree? Collegiate Promotions distributes products that are marketed to students and alumni of major universities. High-selling products include coffee mugs and T-shirts that bear collegiate logos. In order to distribute its products, Collegiate Promotions has adopted an independent sales representative model. The sales representatives work for themselves and are not actual employees of Collegiate. They have independent contractor...
Please read the case and answer the questions at the end. Please respond to two of...
Please read the case and answer the questions at the end. Please respond to two of your peers. Do you agree or disagree? Jones Feed and Seed is a large regional warehouse that supplies agricultural products to retail stores. These products include pesticides that are used to treat animals and herbicides that are used to improve crops. For its warehouse operations, the company generally hires employees who have just finished high school. These employees work under the supervision of a...
Please answer the following questions: a) What is confidentiality and privacy controls in accounting information system?...
Please answer the following questions: a) What is confidentiality and privacy controls in accounting information system? b) How to identify and classify information that to be protected and how to protect confidentiality using encryption? c) What is privacy regulations and generally accepted privacy principles?
please read and answer this questions please and thanks. CERTIORARI TO THE UNITED STATES COURT OF...
please read and answer this questions please and thanks. CERTIORARI TO THE UNITED STATES COURT OF APPEALS FOR THE SECOND CIRCUIT Syllabus Held: The Court of Appeals erred in concluding that, when the Department of Housing and Urban Development (HUD) considered alternative sites before redesignating a proposed site for middle-income housing as one for low-income housing it should have given determinative weight to environmental factors such as crowding low-income housing into a concentrated area and should not have considered the...
Read the online news article on SA’s “rand and interest rate” below and answer questions 2(a),...
Read the online news article on SA’s “rand and interest rate” below and answer questions 2(a), (2b) and 3. Where are the rand and interest rates headed? Apr 12 2018 07:39 Mariam Isa The ousting of former President Jacob Zuma at the start of this year and the swift action taken by his successor, Cyril Ramaphosa, to root out corruption and address government mismanagement sparked a surge in business confidence, which has significantly improved South Africa’s growth outlook. But the...
Question 2 Read the extract below and answer the questions that follow Strawberry international wishes to...
Question 2 Read the extract below and answer the questions that follow Strawberry international wishes to conduct a research study using their employees as key participants. The organization maintains a global footprint and employs over 25 000 employees at several branches worldwide. 2.1 Discuss the reasons why sampling such a population is necessary. (10) Additional research is required. Read, understand and supply Section 4:sampling 2.2 Describe four types of non-probability sampling. (8) Additional research is required. Read, understand and apply...
Read the extract below and answer the questions below Strawberry international wishes to conduct a research...
Read the extract below and answer the questions below Strawberry international wishes to conduct a research study using their employees as key participants. The organization maintains a global footprint and employs over 25 000 employees at several branches worldwide 2.1 Discuss the reasons why sampling such a population is necessary. (10) 2.2 Describe four types of non-probability sampling. (8) 2.3 Critically analyse the principles of simple random sampling. (12)
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT