Modern regulation of data circulation in developed countries: organisational and legal framework
DOI:
https://doi.org/10.61345/1339-7915.2024.5.14Keywords:
data regulation, data flows, legal frameworks, organisational frameworks, General Data Protection Regulation, California Consumer Privacy Act, data privacy, data governance, public-private partnerships, cross-border data flows, data accountability, data minimisation, data transparency, cybersecurity partnerships, global data governance, regional regulatory practices, digital economy, privacy safeguards, information security, technological adaptationAbstract
The article was devoted to the study of modern approaches to the regulation of data circulation in developed countries, focusing on the organisational and legal frameworks that ensure secure, ethical, and efficient data governance. It analyzed the principles and mechanisms underlying the legal frameworks, with particular attention to data minimization, transparency, and accountability. Comparative analysis was conducted to explore regional differences in regulatory practices, highlighting the interplay between national priorities and global standards. Special emphasis was placed on understanding how these frameworks have adapted to technological advancements and the increasing complexity of cross-border data flows in the digital economy.
Revealed were the strengths and weaknesses of data regulation practices in regions such as North America, Europe, and the Asia-Pacific. In Europe, the GDPR demonstrated a robust and harmonized approach that influenced global data protection standards, while North America showcased a fragmented landscape with progressive state-level initiatives like the CCPA. In the Asia-Pacific, Japan’s Act on the Protection of Personal Information was highlighted for its adaptability and alignment with international norms. These findings underscored the diversity in approaches, shaped by legal traditions, economic contexts, and policy objectives, and their implications for achieving a balanced data governance model.
Substantiated was the necessity of integrating public-private collaborations to address the challenges posed by emerging technologies and dynamic regulatory environments. Examples such as Australia’s cybersecurity partnerships and global initiatives like the World Economic Forum’s Centre for Cybersecurity highlighted the value of cooperative efforts in ensuring effective regulation. These collaborations provided a blueprint for balancing innovation with regulatory oversight, enabling adaptable and forward-looking governance models capable of responding to rapid technological changes and increasing cyber threats.
Deserves special attention the global influence of the GDPR, which has set a benchmark for transparency, accountability, and consent, inspiring similar frameworks worldwide, including Brazil’s LGPD and South Korea’s PIPA. The need for continuous updates to legal frameworks, enhanced enforcement mechanisms, and international cooperation was emphasized as critical for addressing enforcement gaps and harmonizing data protection standards. The article concluded with recommendations for further research and policy innovation to strengthen global data governance in the face of ongoing digital transformation.
References
European Data Protection Board. European Data Protection Board. Retrieved from: https://www.edpb.europa.eu/about-edpb/what-we-do/tasks-and-duties_en [in English]. Federal Trade Commission. Federal Trade Commission. Retrieved from https://www.ftc.gov/about-ftc/mission [in English].
OECD (2002), OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, OECD Publishing, Paris. Retrieved from: https://www.oecd-ilibrary.org/science-and-technology/oecd-guidelines-on-the-protection-of-privacy-and-transborder-flows-of-personal-data_9789264196391-en [in English].
Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. (2016). Official Journal of the European Union, L 194, 1–30. Retrieved from https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv%3AOJ.L_.2016.194.01.0001.01.ENG [in English].
Future of Privacy Forum. (2018). Comparing Privacy Laws: GDPR v. CCPA. Retrieved from https://fpf.org/wp-content/uploads/2018/11/GDPR_CCPA_Comparison-Guide.pdf [in English].
Clifford Chance. (2020, June). Amendments to the Protection of Personal Information Act of Japan. Retrieved from https://www.cliffordchance.com/content/dam/cliffordchance/briefings/2020/06/amendments-to-the-%20protection-of-personal-information-act-of-japan.pdf [in English].
Australian Government Office of the Australian Information Commissioner. Australian Privacy Principles. Retrieved from https://www.oaic.gov.au/privacy/australian-privacy-principles [in English].
Shanmugam, D., Shabanian, S., Diaz, F., Finck, M., & Biega, A. (2021). Learning to limit data collection via scaling laws: A computational interpretation for the legal principle of data minimization. arXiv. Retrieved from https://arxiv.org/abs/2107.08096 [in English].
Ruohonen, J., & Hjerppe, K. (2020). The GDPR enforcement fines at a glance. Science Direct. Retrieved from: https://doi.org/10.1016/j.is.2021.101876 [in English].
Greenleaf, G. (2021). Global data privacy laws 2021: Despite COVID delays, 145 laws show GDPR dominance. Privacy Laws & Business International Report, (170), 16-20. Retrieved from https://papers.ssrn.com/sol3/papers.cfm?abstractid=3836348 [in English].
Erickson, J. (2018). Brazil’s General Data Protection Law and GDPR: History, Analysis, and Impacts. Retrieved from https://www.academia.edu/38941099/Brazils_General_Data_Protection_Law_and_GDPR_history_analysis_and_impacts [in English].
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Andriy Olefirenko
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
