Patient privacy is essential and so is ensuring confidentiality in the doctor-patient relationship. However, today’s reality is that patient information is increasingly accessible to third parties ...outside this relationship. This article discusses India's data protection framework and assesses data protection developments in India including the Digital Personal Data Protection Act, 2023.
The purposes of this research were the comparative study of criminal and administrative penalties underThe Personal Data Protection Act B.E. 2019 (PDPA). using descriptive research methods by ...documentary research. The results revealed that PDPA is the main law which sets the rules. Process or regulatory measures on the protection of personal data are in line with the international standard, the European Union’s General Data Protection Regulation (GDPR) for protection of the owner of personal information from the infringement of privacy and to exploit the personal information or disclose it without consent and to punish the offenders in the law. Although under this Act, there are criminal penalties and administrative penalties as mentioned, it was found that concepts and penalties are different because of the nature of punishment, the purpose of the punishment and the penalties rates. However, Thailand still needs to develop the concept of enforcing both penalties under this act, either through the classification of penalties that specifically focus on protecting certain types of information ; or It should reduce the enforcement of criminal penalties and focus more on administrative penalties which will affect the economic activities of the private sector, etc.
Information privacy is one of the important rights in modern people's lives, and the level of understanding regarding information privacy in the Personal Data Protection Act (hereinafter referred to ...as the PDPA) by students at the higher education stage (that is, at the university level or above) is the basis for exercising the right. To explore students' understanding of the PDPA, the researcher distributed the "PDPA situational-case questionnaire," and collected responses from 745 students. Results of the analysis stated that, firstly, the students have a high level of understanding in terms of "notification obligation". Secondly, students possess a moderate understanding of the definition of government agency and the liability of the commissioning agency for damages. Lastly, students have a low level understanding in the following concepts: 1. the personal data of the deceased are not protected by the PDPA; 2. Definition of personal data; 3. Notification of collection matters; 4. Collection of special personal data; 5. The condition for a non-government agency shall be liable for the damages; 6. Two situations where the PDPA is not applicable. In addition, students have a low or moderate understanding of the collection, processing and use of general personal data, depending on the actual situation. Results of the study can be used as a reference for colleges and universities in the development of PDPA courses.
•We examined how organizations' privacy policy meet the compliance requirement.•We found privately-owned organizations have higher compliance level.•Sectors with more personal sensitive data have ...significantly higher compliance score.•Government sectors have the lowest compliance score and highest readability score.•Foreign and local sectors demonstrate statistically significant comparable compliance scores.
This study examines how organizations in Malaysia frame their privacy policy notice to comply with the Personal Data Protection Act (PDPA, 2010) and if these organizations differ in their level of compliance and the readability of their privacy notices. We collected the online privacy polices of 306 organizations from 12 sectors to assess their readability and compliance with PDPA requirements. The results show that private-owned organizations have higher compliance level compared to public-owned organizations. Sectors that hold more personal sensitive data obtain higher compliance scores. Non-governmental organizations demonstrate higher compliance level compared to government-owned organizations. Despite differences in the compliance scores, most organizations fail to meet the requirements of the PDPA. Our study also reveals that readability has a negative correlation with the compliance score because simple and shorter version of the privacy policies often lack detailed information. Our findings provide valuable insights into organizations’ privacy policy compliance across different sectors in Malaysia. Specifically, the Malaysian authority should implement more effective mechanisms to enforce the compliance of the PDPA. Organizations should also take corrective actions to improve the compliance scores of their online privacy policies.
The study reviews the provisions and privacy implications of the India’s Digital Personal Data Protection Act, 2023 (referred to as “DPDP Act” in this study) from the library context. The immense ...nature of personal data breaches prompted the government to enact the DPDP Act on 11th August 2023. Through the DPDP Act, this study addresses the privacy concerns in the library by articulating the eleven (11) privacy principles, viz., data collection & notice; data retention; data processing; data sharing; users consent; children’s data; user’s rights; users security; reporting; accountability and compensation. These principles can act as privacy guidelines for libraries when negotiating with library vendors; these principles will further guide e-vendors into creating an online environment where user’s privacy rights are protected. Also, this study aims to address the online privacy gaps in libraries by providing additional corrective measures and examples, such as - setting up an itemised privacy policy, a simple policy that is easily accessible, reducing the use of web tracking technologies, encouraging the use of privacy-enhancing technologies, de-identification of patron’s data, and emphasising on user’s right in the web environments. The study may also empower the government and online businesses by preserving the privacy rights of users.
Malaysia is a pioneer in drafting and executing personal data protection law among the ASEAN countries. However, the adequacy of this protection regime is questionable. This study is aimed at ...evaluating the aptitude of the Personal Data Protection Act (2010) (P.D.P.A.) from the application perspective. The evaluation and analysis of the application and scope of the P.D.P.A. through comparative and descriptive approaches shows that the Act has provided for a narrow scope with wide exemptions. This approach may hinder a standard personal data protection legal system for the protection of individuals’ privacy. Moreover, the P.D.P.A. will fail the adequacy test of the developed nations such as the European Union Member States.
The mobile-based apps used is getting popular and continued to increased. Mobile user often downloaded the apps from various sources that provided from numerous of categorization of the application ...included health apps. Some of apps is optional to choose, but nevertheless, there are several apps is compulsory or must-action by citizens as instructed by the government or their agency. As for that, some issues of legal challenges on data privacy kin to data security have occurred. The issues on legal challenges is more intricate for non-legal educated users with non-awareness citizens while there are government involvements. Hence, in this paper, the issues and the legal challenges on the data privacy for mobile-based application are reviewed to give awareness for both side, the users (citizens) and apps provider (government or developer). Together with that, the idea of action, such as recommendation and option to react with the issues and challenges are also presented. Several Acts (legislation) are also proposed according to the legal issues and challenges that occurred, as showed the Personal Data Protection Act (PDPA) 2010 is became as the famous act used to confront with the existing privacy legislation in mobile-based application. The suggestions and recommendations might assist citizens to keep stand with their rights on data privacy issues in mobile apps, and to the other-side, it might provide some idea be more precise when create and develop the mobile apps.
資訊隱私權是現代人生活中重要權利之一,高等教育階段學生對資訊隱私之個人資料保護法(簡稱個資法)的理解程度,是落實此權利之基礎。本研究設計情境案例問卷,蒐集到745 位高等教育學生對個資法理解之情形,結果顯示:1. 高度理解部分為「通知義務」。2. 中度理解是關於公務機關之定義,以及委託者負擔損害賠償責任。3. 低度理解是(1) 死亡者個人資料不受個資法保護;(2) 個人資料之定義;(3) ...蒐集事項之告知;(4) 對特種個人資料之蒐集;(5) 非公務機關負擔損害賠償之要件;(6) 不適用個資法之兩種情況。至於對一般個人資料之蒐集,視實際具體情況為低度或中度理解。上述研究發現,可作為大專校院對學生個資法教育之參酌。 Information privacy is one of the important rights in modern people’s lives, and the level of understanding regarding information privacy in the Personal Data Protection Act (hereinafter referred to as the PDPA) by students at the higher education stage (that is, at the university level or above) is the basis for exercising the right. To explore students' understanding of the PDPA, the researcher distributed the “PDPA situational-case questionnaire,” and collected responses from 745 students. Results of the analysis stated that, firstly, the students have a high level of understanding in terms of “notification obligation”. Secondly, students possess a moderate understanding of the definition of government agency and the liability of the commissioning agency for damages. Lastly, students have a low level understanding in the following concepts: 1. the personal data of the deceased are not protected by the PDPA; 2. Definition of personal data; 3. Notification of collection matters; 4. Collection of special personal data; 5. The condition for a non-government agency shall be liable for the damages; 6. Two situations where the PDPA is not applicable. In addition, students have a low or moderate understanding of the collection, processing and use of general personal data, depending on the actual situation. Results of the study can be used as a reference for colleges and universities in the development of PDPA courses.
With the increasing number of smart devices and connections in Internet of Things (IoT) comes risks—specifically involving consumer data protection. In this respect, this exploratory research ...examines the current issues of IoT and personal data protection in Malaysia that includes: regulatory frameworks and data governance; issues and gaps; and key challenges in implementation. Results from this mixed-methods research indicates that a majority of consumers expressed concern about personal data risks due to increased usage of IoT devices. Moreover, there is a crucial need to increase regulation and accountability in the industry. In this regard, collaboration and partnerships between the main stakeholders are essential in tackling emerging issues of IoT and personal data protection. In order to strengthen IoT data governance, the fundamentals should be: strengthening consumer education and smart partnership between government-industry-civil society; providing motivation for active participation of NGOs and civil society; and obtaining industry buy-in. This paper also proposes a structure for the governance of evolving data-related technology, particularly in the case of data breaches or cyber incidents. It adds to the wider discussion of the current scenario, and proposes a model of collective responsibility in IoT data governance that is underpinned by the three principles of fair information practices, privacy impact assessment and privacy accountability.
兒童對於個人資料因使用網路服務與資訊設備從而遭到不當蒐集與利用一事,往往欠缺必要的認知與防備能力。美國在網路開放商業使用未久便通過兒童線上隱私保護法(Children’s Online Privacy Protection Act, COPPA)並由聯邦貿易委員會制定 COPPA ...規則,凡以兒童為目標客群的平台或線上服務,經營者蒐集兒童個人資料時必須取得父母事前同意並確保該等同意可資驗證,同時符合其他要求。觀察 COPPA 實施以降代表性執法案例,由電子商務、行動應用服務至近年廣受歡迎的視訊串流與短影音平台,除反映資通訊科技及網路商務模式的遞嬗情形,也突顯出數位時代兒童隱私保護法制設計,能否揆諸科技更迭適時進行調整實至為重要。國內現行個人資料法在定位為普通法之前提下,並未特別慮及兒童之保護需求,若擬強化兒童個人資料之保護,可能作法包括仿 COPPA 制定特別法進行規範,抑或仿歐盟GDPR 於個資法中納入相關保護規定。除立法論層面之討論,本文認為關鍵 當在於採納規定的可行性與落實,包括 COPPA 實務運作所突顯的平台╱網路服務是否以兒童作為目標客群之判斷,以及如何建立業界廣泛認可並可得負擔的父母事前同意確認機制。此外,能否識別網路使用者(兒童)的真實年齡亦殊為重要,導入第三方年齡驗證服務或運用人工智慧技術進行確認,是國內在研商相關法制時可併同納為考量之事項。 Children’s internet use has dramatically increased in recent years. The expansive engagement of children in cyber space triggered privacy threats, but children often lack the awareness and the capacity to foresee possible consequences. To address the growing online privacy concerns of children, US Congress passed the Children’s Online Privacy Protection Act (COPPA) in 1998 and the Federal Trade Commission enacted and implemented CO