Acta Informatica Pragensia 2022, 11(1), 123-140 | DOI: 10.18267/j.aip.1684398

Personal Data as a Market Commodity in the GDPR Era: A Systematic Review of Social and Economic Aspects

Aleksei Zelianin
D'Annunzio University of Chieti–Pescara, Pescara, Viale Pindaro, 42, 65122 Pescara PE, Italy

With the development of modern data processing, mining and collection technologies, various companies and institutions will have more opportunities to make these data operations faster and more efficiently. From the economic perspective, processing personal data is evidently lucrative and companies would therefore like to obtain as much data as possible. This paper analyses and summarizes existing and emerging social and economic trends, implications and issues caused by clashes between European legislation on personal data protection (the GDPR) and current data processing practices. Utilizing both quantitative and qualitative data, the article attempts to scrutinize the implications of the conflict between the rising demand for privacy and personal data protection on the one hand and the ever-growing need to process and store personal data, especially by commercial organizations, on the other. Analysing databases, legislation, reports, statistical data and surveys, the paper attempts to provide an estimate of the value of personal data and the consequences of poor handling of personal data.

Keywords: General data protection regulation; Personal data; Digital marketing; Personal data protection; Personal data processing; Data breach.

Received: July 31, 2021; Revised: December 9, 2021; Accepted: December 10, 2021; Prepublished online: December 10, 2021; Published: March 13, 2022  Show citation

ACS AIP APA ASA Harvard Chicago Chicago Notes IEEE ISO690 MLA NLM Turabian Vancouver
Zelianin, A. (2022). Personal Data as a Market Commodity in the GDPR Era: A Systematic Review of Social and Economic Aspects. Acta Informatica Pragensia11(1), 123-140. doi: 10.18267/j.aip.168
Download citation

References

  1. Backer McKenzie. (2020). GDPR survey. Benefits beyond compliance. https://www.bakermckenzie.com/-/media/files/insight/publications/2020/04/gdpr_survey.pdf?la=en
  2. Bonatti P. A., & Kirrane, S. (2019). Big Data and Analytics in the Age of the GDPR. In 2019 IEEE International Congress on Big Data (BigDataCongress), (pp. 7-16). IEEE. https://doi.org/10.1109/BigDataCongress.2019.00015 Go to original source...
  3. Bergemann, D., & Bonatti, A. (2011). Targeting in advertising markets: implications for offline versus online media. The RAND Journal of Economics, 42(3), 417-443. https://doi.org/10.1111/j.1756-2171.2011.00143.x Go to original source...
  4. Boston Consulting Group. (2018). Bridging the Trust Gap in Personal Data. https://www.bcg.com/publications/2018/bridging-trust-gap-personal-data
  5. CISCO. (2019). Consumer Privacy Survey. The growing imperative of getting data privacy right. https://www.cisco.com/c/dam/global/en_uk/products/collateral/security/cybersecurity-series-2019-cps.pdf
  6. CMS. (2021). GDPR Enforcement Tracker Report 2021. https://cms.law/en/deu/publication/gdpr-enforcement-tracker-report
  7. CNIL. (2019). Deliberation of the Restricted Committee SAN-2019-001 of 21 January 2019 pronouncing a financial sanction against GOOGLE LLC. https://www.cnil.fr/sites/default/files/atoms/files/san-2019-001.pdf
  8. Data privacy manager. (2020). Privacy, Data Breach and Reputation Management. https://dataprivacymanager.net/data-breach-and-reputation-management/
  9. Deloitte. (2019). The GDPR: Six Months After Implementation Practitioner Perspectives. https://www2.deloitte.com/content/dam/Deloitte/ce/Documents/legal/ce-deloitte-the-gdpr-six-months-after-implementation-report-1.pdf?nc=1
  10. ENISA. (2018). The Value of Personal Online Data. https://www.enisa.europa.eu/publications/info-notes/the-value-of-personal-online-data
  11. EUR-Lex. (1995). Directive 95/46/EC. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A31995L0046
  12. EUR-Lex. (2016). Regulation (EU) 2016/679. https://eur-lex.europa.eu/eli/reg/2016/679/oj
  13. European Parliament. (2020). The CJEU judgment in the Schrems II case. https://www.europarl.europa.eu/RegData/etudes/ATAG/2020/652073/EPRS_ATA(2020)652073_EN.pdf
  14. European Parliamentary Research Service. (2019). Blockchain and the General Data Protection Regulation Can distributed ledgers be squared with European data protection law? Scientific Foresight Unit (STOA)PE 634.445 - July 2019. https://www.europarl.europa.eu/RegData/etudes/STUD/2019/634445/EPRS_STU(2019)634445(ANN1)_EN.pdf
  15. Golla, S. (2017). Is Data Protection Law Growing Teeth? The Current Lack of Sanctions in Data Protection Law and Administrative Fines under the GDPR. Journal of Intellectual Property, Information Technology and E-Commerce Law, 8(1), 70-78.
  16. Greenwood, D., Stopczynski, A., Sweatt, B., Hardjono, T., & Pentland, A. (2014). The New Deal on Data: A Framework for Institutional Controls. In J. Lane, V. Stodden, S. Bender, H. Nissenbaum (Eds.), Privacy, Big Data, and the Public Good: Frameworks for Engagement (pp. 192-210). Cambridge University Press. Go to original source...
  17. Hoofnagle, C. J., van der Sloot, B., & Borgesius, F. Z. (2019). The European Union general data protection regulation: what it is and what it means. Information & Communications Technology Law, 28(1), 65-98. https://doi.org/10.1080/13600834.2019.1573501 Go to original source...
  18. IAPP. (2019). Annual Governance Report 2019. https://iapp.org/resources/article/iapp-ey-annual-governance-report-2019/
  19. IBM. (2020). How much does a data breach cost? https://www.ibm.com/security/data-breach
  20. IFLA. (2019). The future of online privacy and the security of personal data. https://trends.ifla.org/expert-meeting-summary/the-future-of-online-privacy-and-the-security-of-personal-data
  21. Internet World Stats. (2021). Internet usage statistics. https://www.internetworldstats.com/stats.htm
  22. Keating, M. G. (2013). Benefits of Targeted Advertisements: A Spotify Fail. https://www.ereach.net/benefits-of-targeting-advertisements/
  23. Peukert, C., Bechtold, S., Batikas, M., & Kretschmer, T. (2020). European privacy law and global markets for data. In CEPR Discussion Paper No. DP14475. https://doi.org/10.3929/ethz-b-000406601 Go to original source...
  24. Peukert, C., Bechtold, S., Batikas, M., & Kretschmer, T. (2020). Regulatory export and spillovers: How GDPR affects global markets for data global markets for data. https://european.economicblogs.org/voxeu/2020/bechtold-batikas-kretschmer-gdpr-affects-global-markets-data
  25. Ponemon. (2017). The Impact of data breaches on reputation & share value. https://www.centrify.com/media/4772757/ponemon_data_breach_impact_study_uk.pdf
  26. Rieger, A., Guggenmos, F., Lockl, J., & Urbach, N. (2019). Building a Blockchain Application that Complies with the EU General Data Protection Regulation. MIS Quarterly Executive, 18(4), Article no. 7. https://aisel.aisnet.org/misqe/vol18/iss4/7 Go to original source...
  27. Risk based security. (2019). Q3 2019 Data Breach QuickView Report. https://www.internetworldstats.com/stats.htm
  28. Science Focus. (2021). How much data is on the internet? https://www.sciencefocus.com/future-technology/how-much-data-is-on-the-internet/
  29. Spiekermann, S., Böhme, R., Acquisti, A., & Hui, K.-L. (2015). Personal data markets. Electronic Markets, 25(2), 91-93. https://doi.org/10.1007/s12525-015-0190-1 Go to original source...
  30. Statista. (2020). Google: annual advertising revenue 2001-2019. https://www.internetworldstats.com/stats.htm
  31. The Chartered Institute of Marketing. (2016). Be transparent on social media or risk the consequences. https://www.cim.co.uk/newsroom/opinion-be-transparent-on-social-media-or-risk-the-consequences/
  32. The Economist. (2017). The world's most valuable resource is no longer oil, but data. May 6th, 2017 edition. https://www.economist.com/leaders/2017/05/06/the-worlds-most-valuable-resource-is-no-longer-oil-but-data
  33. TrustArc. (2021). Global Privacy Benchmarks Report 2021. https://info.trustarc.com/Web-Resource-2021-05-26-Global-Benchmarking-Report_LP.html
  34. Zhuo, R., Huffaker, B., claffy, & Greenstein, S. (2021). The impact of the General Data Protection Regulation on internet interconnection. Telecommunications Policy, 45(2), 102083. https://doi.org/10.1016/j.telpol.2020.102083 Go to original source...

This is an open access article distributed under the terms of the Creative Commons Attribution 4.0 International License (CC BY 4.0), which permits use, distribution, and reproduction in any medium, provided the original publication is properly cited. No use, distribution or reproduction is permitted which does not comply with these terms.