This chapter provides an overview of several recently proposed or passed privacy-related regulations, including General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Illinois Video Interview Act, Data Broker Regulations in Vermont, and Privacy Bill of Rights Act, and related but very limited studies. Toward the end, several research opportunities are discussed. These research opportunities include (1) economic consequences of these new regulations and (2) the new research framework to capture novel features of these regulations to explain security compliance. The authors further discuss possible research designs to address the proposed research opportunities. This chapter provides both professionals and researchers additional insights on the regulation of privacy issues.
TopIntroduction
With the advance in information technology, companies are capable of collecting much more information with a faster and cheaper manner. These pieces of information ranges from basic personal information to behavioral information such as social media activities and preferences or the way we talk and walk. Though such information helps companies better understand their customers and potentially provide more customized services, it does raise concerns about the collection, the use and share of personal information. For example, the Facebook scandal shows that about 87 million users’ information has been inappropriately shared with Cambridge Analytica (Newcomb, 2018), which resulted in a $5 billion fine by Federal Trade Commission (Snider & Baig, 2019) and the change of Facebook’s privacy policies (Corcoran, 2018). Not just Facebook, Google is also facing privacy challenges, including censored search engine service in China (Tiku, 2018), exposed user information (MacMillan & McMillan, 2018) and Nest spycam problem (Winder, 2019).
In addition to the collection and use/share of personal information, several recent high-profile cybersecurity breaches, such as Equifax and Marriott, all involve the loss of personal information. For example, the Marriott breach involves about 5 million users’ information (Fruhlinger, 2020) while Equifax lost personal information of about 150 million individuals due to an unpatched software (Andriotis, Rapoport & McMillan, 2017). These data breaches have further attracted the public’s and regulators’ attention regarding the protection of privacy.
In this book chapter, we will provide an overview of several recent development of privacy regulations. These regulations are: General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Illinois Video Interview Act, Data Broker Regulations in Vermont, and Privacy Bill of Rights Act. We select these five regulations because of the following reasons. First, these five regulations demonstrate a change in privacy concerns. That is, the privacy concern is not just about collecting personal information but also about the share, the use and the deletion of information. These five regulations also cover a wide variety of issues from personally identifiable information, behavioral information to data broker issues. Last, these five regulations range from a State-wide legislation (e.g., Illinois Video Interview Act) to a regional privacy act with a global impact (e.g., GDPR).
Existing research centered around this new development in privacy regulation is very limited with only a few exceptions. Accordingly, in this study, we highlight major areas that researchers can contribute to the understanding of privacy issues and provide policy implications for regulators. These research directions are: (1) economic consequences of these new regulations and (2) new research framework to capture novel features of these regulations to better explain security compliance. In addition to these research directions, we also discuss several research designs for scholars to consider in order to leverage this new stream of research opportunities.
In the following book chapter, we will first provide an overview of these five different regulations and discussed related available studies in the business field in Section 2. Following that, five future research directions are highlighted in Section 3. We conclude in Section 4.