A Comparative Overview of Data Protection in e-Commerce in the European Union, the United States of America, the Republic of North Macedonia, and Albania: Models and Specifics

• Authors: Bashkim Nuredini , Jorida Xhafaj , Vesna Paukovska Dodevska

Title variants

PL

Prawnoporównawcze ujęcie zasad ochrony danych osobowych w handlu elektronicznym w Unii Europejskiej, Stanach Zjednoczonych, Republice Macedonii Północnej i Albanii. Modele i specyfika

Abstracts

PL

Zalety elektronicznych środków komunikacji w sektorze e-commerce oraz szybkiej wymiany informacji nadal przynoszą olbrzymie korzyści, ale kosztem ochrony prywatności i powstawania luk prawnych. W każdym systemie prawnym – czy to unijnym, czy to amerykańskim – prywatność jest definiowana inaczej; pomimo tego, że waga prywatności jest szeroko akceptowana, brak jest jednolitej definicji tego pojęcia w środowisku naukowym. Trudności w przenoszeniu danych osobowych pomiędzy Unią Europejską a Stanami Zjednoczonymi znów wyszły na pierwszy plan pośród najważniejszych kwestii związanych z prywatnością i ochroną danych w poszczególnych krajach. Rozporządzenie o ochronie danych osobowych (RODO) postawiło ochronę danych na najwyższym poziomie działalności przedsiębiorstw poprzez wymagania nałożone na każdą organizację zbierającą, przetwarzającą, zarządzającą lub przechowującą informacje o europejskich obywatelach, wymuszając surowsze standardy i dając użytkownikom większą kontrolę nad swoimi danymi. Nowe rozporządzenie oddziałuje na przedsiębiorców i użytkowników w całej Europie. Celem opracowania jest porównanie poziomu ochrony i bezpieczeństwa zapewnianego użytkownikom e-commerce w Unii Europejskiej, Stanach Zjednoczonych Ameryki, Republice Macedonii Północnej i Albanii. Ponadto zbadano korelację pomiędzy obowiązkami a skutkami RODO w celu stwierdzenia, czy zapewni ono wyższy poziom ochrony praw jednostek czy też raczej przede wszystkim wywoła zbiurokratyzowanie procesów ochrony danych osobowych prowadzonych w ramach czynności e-commerce.

EN

The advantages of electronic communications in the e-commerce sector and the rapid exchange of information continue to have enormous benefits, but they come at a cost in terms of privacy protection and legal gaps. Privacy is defined differently in each jurisdiction – the EU and the US, and despite widespread agreement on the importance of privacy, there is no single definition of the concept in scientific circles. The difficulties of transferring personal data between the European Union and the United States were once again at the forefront of the country’s highest privacy and data protection concerns. General Data Protection Regulation (GDPR) positioned data protection to the highest level of company directions throughout the requirements imposed on any organization that collects, processes, manages, or stores information about European citizens, requiring stricter standards and giving users more control over their data. The new regulation has an impact on businesses and users all over Europe. The study’s goal is to compare the level of protection and security provided to e-commerce users in the European Union, the United States of America, the Republic of North Macedonia, and Albania. Also, the correlation between the obligations and the effect of the GDPR was studied in order to determine whether it will guarantee a higher level of protection of individuals’ rights, or whether will it primarily result in the bureaucratization of the processes for protecting personal data performed in e-commerce actions.

Keywords

EN

data protection; e-commerce; GDPR; jurisdiction; European Union; United States; Republic of North Macedonia; Albania

PL

ochrona danych; e-commerce; RODO; system prawny; Republika Macedonii Północnej; Albania

• Publisher: Wydawnictwo Uniwersytetu Marii Curie-Skłodowskiej
• Journal: Studia Iuridica Lublinensia
• Year: 2022
• Volume: 31
• Issue: 3
• Pages: 61-84

Dates

published

2022

Contributors

author

Bashkim Nuredini

• University for Business and Technology, Republic of Kosovo

author

Jorida Xhafaj

• University for Business and Technology, Republic of Kosovo

author

Vesna Paukovska Dodevska

• Legal and Corporate Affairs Department, North Macedonia

References

• Azzi A., The Challenges Faced by the Extraterritorial Scope of the General Data Protection Regulation, 2018, vol. 9, “Journal of Intellectual Property, Information Technology and E-Commerce Law” 2018, vol. 9(2).
• Baldwin R., Cave M., Lodge M., Understanding Regulation: Theory, Strategy, and Practice, Cambridge 2011, DOI: https://doi.org/10.1093/acprof:osobl/9780199576081.001.0001.
• Bhatti A., Akra H., Basit H.M., Khan A.U., Raza S.M., Naqvi M.B., E-commerce Trends during COVID-19 Pandemic, “International Journal of Future Generation Communication and Networking” 2020, vol. 13(2).
• Boyne S.M., Data Protection in the United States, “American Journal of Comparative Law” 2018, vol. 66(1), DOI: https://doi.org/10.1093/ajcl/avy016.
• Feiler N., Forgó F.L., Weigl N. (eds.), The EU General Data Protection Regulation (GDPR): A Commentary, New York 2018.
• Goddard M., The EU General Data Protection Regulation (GDPR): European Regulation that Has a Global Impact, “International Journal of Market Research” 2017, vol. 59(6), DOI: https://doi.org/10.2501/IJMR-2017-050.
• Gömann R.M., The New Territorial Scope of EU Data Protection Law: Deconstructing a Revolutionary Achievement, “Common Market Law Review” 2017, vol. 54(2), DOI: https://doi.org/10.54648/COLA2017035.
• Hintze M., El Emam K., Comparing the Benefits of Pseudonymisation and Anonymisation under the GDPR, “Journal of Data Protection & Privacy” 2018, vol. 2(2).
• Hoofnagle C.J., Sloot B., Borgesius F.Z., The European Union General Data Protection Regulation: What It Is and What It Means, “Information & Communications Technology Law” 2019, vol. 29(1), DOI: https://doi.org/10.1080/13600834.2019.1573501.
• Jamal K., Maier M., Sunder S., Enforced Standards versus Volution by General Acceptance: A Comparative Study of e-Commerce Privacy Disclosure and Practice in the United States and the United Kingdom, “Journal of Accounting Research” 2005, vol. 41(1), DOI: https://doi.org/10.1111/j.1475-679x.2004.00163.x.
• Jang-Jaccard J., Nepal S., A Survey of Emerging Threats in Cybersecurity, “Journal of Computer and System Sciences” 2014, vol. 80(5), DOI: https://doi.org/10.1016/j.jcss.2014.02.005.
• Kennedy G.E., Prabhu L.S.P., Data Privacy Law: A Practical Guide, Kindle Edition, 2020.
• Ryngaert C., Taylor M., The GDPR as Global Data Protection Regulation?, “AJIL Unbound” 2019, vol. 114, DOI: https://doi.org/10.1017/aju.2019.80.
• Sarathy R., Robertson C., Strategic and Ethical Considerations in Managing Digital Privacy, “Journal of Business Ethics” 2003, vol. 46(2), DOI: https://doi.org/10.1023/A:1025001627419.
• Udo G.J., Privacy and Security Concerns as Major Barriers for e‐Commerce: A Survey Study, “Information Management & Computer Security” 2001, vol. 9(4), DOI: https://doi.org/10.1108/EUM0000000005808.
• Voigt P., Bussche A., The EU General Data Protection Regulation (GDPR): A Practical Guide, “Axel von dem Bussche Taylor Wessing” 2020, vol. 13(2).
• Annual Report of Albanian Data Protection Commissioner, 2021, https://www.idp.al/wp-content/uploads/2016/10/RAPORTI-VJETOR-2021.pdf (access: 7.10.2021).
• Chevalier S., Retail e-Commerce Sales Worldwide from 2014 to 2025, 4.2.2022, https://www.statista.com/statistics/379046/worldwide-retail-e-commerce-sales (access: 20.5.2021).
• Data Protection Laws and Regulations 2021–2022: International Comparative Legal Guide, Global Legal Group 2021, https://iclg.com/practice-areas/data-protection-laws-and-regulations (access:18.11.2021).
• Hoven J. van de, Blaauw M., Pieters W., Warnier M., Privacy and Information Technology, [in:] Stanford Encyclopedia of Philosophy, 2020, https://plato.stanford.edu/entries/it-privacy (access: 20.12.2021).
• Hoven J. van de, Doorn N., Swierstra T., Koops B.-J., Romijn H. (eds.), Responsible Innovation 1: Innovative Solutions for Global Issues, http://ndl.ethernet.edu.et/bitstream/123456789/18722/1/112..Jeroen%20van%20den%20Hoven.pdf (accesss: 10.8.2022).
• Information and Data Protection Commissioner in Albania, https://www.idp.al/category/activities-of-the-commissioners-office/?lang=en (access: 13.10.2021).
• International Classification of Functioning, Disability, and Health, Geneva 2001, http://whqlibdoc.who.int/publications/2001/9241545429.pdf (access: 10.7.2021).
• Maria T., Data Protection / Data Privacy, [in:] Elgar Encyclopaedia of Human Rights, https://ssrn.com/abstract=3859440 (access: 10.2.2022).
• Nuredini B., Paunkoska Dodevska V., Legal Aspects of Electronic Contracts, UBT Conference, October 2020, https://www.researchgate.net/publication/353515427_Legal_aspects_of_electronic_contracts (access: 20.3.2022).
• Wolford B., What is GDPR, the EU’s New Data Protection Law?, https://gdpr.eu/what-is-gdpr (access: 10.2.2022).
• Fair and Accurate Credit Transactions Act, http://uscode.house.gov/view.xhtml (access: 7.9.2021).
• Federal Statute on the Telephone Consumer Protection Act, 47 U.S.C. § 22, https://www.fdic.gov/resources/supervision-and-examinations/consumer-compliance-examination-manual/documents/8/viii-5-1.pdf (access: 7.9.2021).
• Gramm-Leach-Bliley Act, https://www.ftc.gov/tips-advice/business-center/privacy-and-security/gramm-leach-bliley-act (access: 7.9.2021).
• Health Insurance Portability and Accountability Act of 1996 (HIPAA), http://www.legalarchiver.org/hipaa.htm (access: 7.9.2021).
• Law on Protection of Personal Data no. 9887 (Data Protection Law) (Official Gazette of the Republic of Albania no. 44, 1.4.2008).
• Law on Personal Data Protection (Official Gazette of the Republic of Macedonia 2005, no. 7).
• Law on Personal Data Protection (Official Gazette of the Republic of North Macedonia 2020, no. 42).
• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119/1, 4.5.2016).
• Judgement of the CJEU of 13 May 2014 in case C-131/12, Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González.

Identifiers

DOI

10.17951/sil.2022.31.3.61-84

Biblioteka Nauki

31348195