The State and Personal Data in the Post-GDPR World:  Towards a Global Consensus or Regulatory Fragmentation?

doi:10.26565/1727-6667-2024-2-02

Igor Dunayev V. N. Karazin Kharkiv National University, 4 Svobody Sq, Kharkiv, 61022, Ukraine http://orcid.org/0000-0002-0790-0496
Nataliya Lugovenko V. N. Karazin Kharkiv National University, 4 Svobody Sq, Kharkiv, 61022, Ukraine http://orcid.org/0000-0003-0386-7630

DOI: https://doi.org/10.26565/1727-6667-2024-2-02

Keywords: personal data, GDPR, public administration, platforms, blockchain, decentralized services, privacy protection, regulatory fragmentation, harmonization of standards, Web 3.0.

Abstract

This article explores the transformation of the state’s role in regulating personal data in the post-GDPR world. The author analyzes the impact of the EU’s General Data Protection Regulation (GDPR) on the evolution of the global privacy protection landscape, identifying trends towards harmonization and fragmentation of national legislations. The changing functions of the state as a regulator and guarantor of personal data protection in the context of digitalization are unveiled. The potential of blockchain technologies and distributed ledgers in ensuring user control over data is investigated. The influence of the development of the data market and new business models on the regulatory approaches of states and corporations is analyzed. The consequences of the spread of decentralized services for the relationships between the state, business, and civil society are considered. Priority directions for improving Ukrainian legislation in the field of personal data protection are substantiated, taking into account the realities of Web 3.0 and the need to balance innovation and security. The key idea is that the post-GDPR world stands at a crossroads between further fragmentation of the regulatory landscape and a long path towards harmonizing privacy standards. The choice of development trajectory depends on the coordinated political will of states, corporations, and global civil society to protect personal data as a shared value that unites humanity in the digital age. The article delves into the complex interplay of technological, legal, and societal factors shaping the future of data governance, offering insights into the challenges and opportunities ahead. It highlights the need for adaptive and inclusive regulatory frameworks that balance individual rights, economic interests, and public goods in an increasingly data-driven world.

Downloads

Author Biographies

Igor Dunayev, V. N. Karazin Kharkiv National University, 4 Svobody Sq, Kharkiv, 61022, Ukraine

Dr.Sc. of public administration, professor, professor of the department
of economic policy and management, Educational and Scientific Institute
«Institute of Public Administration», V. N. Karazin Kharkiv National University,
4 Svobody Sq., Kharkiv, 61022, Ukraine

Nataliya Lugovenko, V. N. Karazin Kharkiv National University, 4 Svobody Sq, Kharkiv, 61022, Ukraine

PhD in Public Administration, associate professor,
associate professor of the Department of Economic Policy and Management,
Educational and Scientific Institute «Institute of Public Administration»,
V. N. Karazin Kharkiv National University, 4 Svobody Sq., Kharkiv, 61022, Ukraine

References

Dunayev, I., & Kovalenko, M. (2022). New traces for regulating information platforms and the platform economy for the public good. Pressing Problems of Public Administration, 2(61), 6-24. https://doi.org/10.26565/1684-8489-2022-2-01 [in Ukrainian].

Dunayev, I. V., & Kud, A. A. (2024, May 24). Conditions for introducing a decentralized information platform for the needs of operational support for the reconstruction of war-damaged infrastructure [Paper presentation]. Public Administration of the 21st Century: New Challenges and Transformations in Wartime: 24th International Scientific Congress, Kharkiv, Ukraine [in Ukrainian].

Zhora, V. (2023). Since January 14, 2022, Ukraine remains in first place in the world in terms of the number of cyberattacks against it – Deputy Head of the State Service for Special Communications. Interfax. https://interfax.com.ua/news/interview/911979.html [in Ukrainian].

Kud, A. A. (2022). Transformation of economic relations and methods of their implementation in the conditions of digital technology development. Bulletin of Lviv University. Economic Series, (62), 42-59. https://doi.org/10.30970/ves.2022.62.0.6204 [in Ukrainian].

Kud, A. A. (2023). Comprehending the future development of market infrastructure based on the use of tokenized assets. Economic Analysis, 33(3), 9-32. https://doi.org/10.35774/econa2023.03.009 [in Ukrainian].

Kud, A. A. (2023). Legal and technological conditions for the legal circulation of tokenized assets in modern private and public information platforms. Investments: Practice and Experience, (18), 12-21. https://doi.org/10.32702/2306-6814.2023.18.12 [in Ukrainian].

Aaronson, S. A. (2021). Data is dangerous: Comparing the risks that the United States, Canada and Germany see in data troves. Centre for International Governance Innovation. https://www.cigionline.org/static/documents/documents/no.241%202_0.pdf.

Aaronson, S. A., & Leblond, P. (2018). Another digital divide: The rise of data realms and its implications for the WTO. Journal of International Economic Law, 21(2), 245-272. https://doi.org/10.1093/jiel/jgy019

Adlam, R., & Haskins, B. (2021). Applying blockchain technology to security-related aspects of electronic healthcare record infrastructure. The African Journal of Information and Communication (AJIC), (28). https://doi.org/10.23962/10539/32211

Bradford, A. (2020). The Brussels effect: How the European Union rules the world. Oxford University Press. https://doi.org/10.1093/oso/9780190088583.001.0001

Oxford University Press. (2024). Brain rot named Oxford Word of the Year 2024. https://corp.oup.com/news/brain-rot-named-oxford-word-of-the-year-2024/

Burman, A. (2023). Understanding India’s new data protection law. Carnegie India. http://surl.li/itwzva

Bygrave, L. A. (2021). The ‘Strasbourg Effect’ on data protection in light of the ‘Brussels Effect’: Logic, mechanics and prospects. Computer Law & Security Review, 40, Article 105460. https://doi.org/10.1016/j.clsr.2020.105460

Cannataci, J. (2021). Visit to the United States of America: Report of the Special Rapporteur on the Right to Privacy. https://policycommons.net/artifacts/8937236/visit-to-the-united-states-of-america/9753201/

Chander, A. (2020). Is data localization a solution for Schrems II? Journal of International Economic Law, 23(3), 771-784. https://doi.org/10.1093/jiel/jgaa024

Chander, A., Kaminski, M., & McGeveran, W. (2021). Catalyzing privacy law. Minnesota Law Review, 105, 1733-1802. http://surl.li/obgtyb

Chauhan, P., & Kshetri, N. (2021). State of the practice in data privacy and security. Computer, 54(8), 125-132. https://doi.org/10.1109/MC.2021.3083916

CNIL. (2021). Cookies: la CNIL sanctionne les sociétés GOOGLE à hauteur de 150 millions d’euros et Facebook à hauteur de 60 millions d’euros pour non-respect de la législation française [Cookies: CNIL fines GOOGLE €150 million and Facebook €60 million for non-compliance with French legislation]. http://surl.li/fiqwdu

Corbishley, N. (2024). Western media finally begin warning about the dark side of digital identity...in China. http://surl.li/kclpzd

Cory, N., & Dascoli, L. (2021). How barriers to cross-border data flows are spreading globally, what they cost, and how to address them. ITIF. http://surl.li/isuhir

Court of Justice of the European Union. (2020). Judgment in Case C-311/18: Data Protection Commissioner v Facebook Ireland and Maximillian Schrems. https://curia.europa.eu/juris/documents.jsf?num=C-311/18

Dunayev, I. V., Gavkalova, N. L., & Kud, A. A. (2023). Designing a platform-based model of civic participation within the smart-city concept for post-war Ukrainian cities. Eastern-European Journal of Enterprise Technologies, 3(14(123)), 46-56. https://doi.org/10.15587/1729-4061.2023.285448

European Commission. (2022). Adequacy decisions: How the EU determines if a non-EU country has an adequate level of data protection. https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

Feiner, L. (2021). State AGs plan to fight court dismissal of their antitrust claims against Facebook. CNBC. https://www.cnbc.com/2021/07/28/state-ags-to-fight-dismissal-of-facebook-antitrust-claims.html

Fielding, J. (2020). Wreaking extraordinary destruction: Defendant’s irreplaceability as presumptively reasonable grounds for downward departure in sentencing. Minnesota Law Review, 104, 2565-2597. https://scholarship.law.umn.edu/cgi/viewcontent.cgi?article=4315&context=mlr

Freedom House. (2023). Freedom on the Net 2023: Digital election interference. https://freedomhouse.org/report/freedom-net/2023/digital-election-interference

Greenleaf, G. (2021). Global data privacy laws 2021: Despite COVID delays, 145 laws show GDPR dominance. Privacy Laws & Business International Report, 169(1), 3-5. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3836348

Greenleaf, G., & Cottier, B. (2020). 2020 ends a decade of 62 new data privacy laws. Privacy Laws & Business International Report, 163, 24-26. https://ssrn.com/abstract=3572611

Greenleaf, G. (2019). Global data privacy laws 2019: 132 national laws & many bills. Privacy Laws & Business International Report, 157, 14-18. https://ssrn.com/abstract=3381593

Hu, W. Z. (2024). Understanding the power of China’s national social credit system: A structural/mechanism explanation. Philosophy of the Social Sciences, 54(3), 203-225. https://doi.org/10.1177/00483931241229445

ID2020. (2023). Manifesto. https://id2020.org/manifesto

Piasecki, S., & Jiahong Chen, J. (2022). Complying with the GDPR when vulnerable people use smart devices. International Data Privacy Law, 12(2), 113-131. https://doi.org/10.1093/idpl/ipac001

Kleinwächter, W. (2024). Digital Governance Discussion Group (DGDG): One world, one internet, many voices. CircleID. https://circleid.com/posts/20240214-digital-governance-discussion-group-dgdg-one-world-one-internet-many-voices (accessed on December 01, 2024)

Kuner, C. (2019). The internet and the global reach of EU law. In M. Cremona & J. Scott (Eds.), EU law beyond EU borders: The extraterritorial reach of EU law. Oxford University Press. https://doi.org/10.1093/oso/9780198842170.003.0004

Marcén, A. G. (2021). The new personal data protection in Japan: Is it enough? In M. Lee & P. Chung (Eds.), Personal data protection and privacy (pp. 23-40). Springer. https://doi.org/10.1007/978-981-16-2293-6_3

Mehta, N. (2024). China proposes comprehensive digital identity system for citizens. The Financial Times. https://www.ft.com/content/821fc08a-f4d3-40a8-9d5c-e8b16f428e02

Mattoo, A., & Meltzer, J. P. (2018). International data flows and privacy: The conflict and its resolution. Journal of International Economic Law, 21(4), 769-789. https://doi.org/10.1093/jiel/jgy044

Meads, N. (2022). The perils and promise of self-sovereign identity. Ada Lovelace Institute. https://www.adalovelaceinstitute.org/blog/the-perils-and-promise-of-self-sovereign-identity

Meng, Z., & Wang, L. (2024). Personal data trusts in China: A balance between data sharing and privacy protection. Trusts & Trustees. Advance online publication. https://doi.org/10.1093/tandt/ttae089

Morgan, S. (2022). Cybercrime to cost the world $10.5 trillion annually by 2025. Cybersecurity Ventures. https://cybersecurityventures.com/cybercrime-damage-costs-10-trillion-by-2025

OECD. (2020). A roadmap toward a common framework for measuring the digital economy: Report for the G20 Digital Economy Task Force. https://www.yunbaogao.cn/index/partFile/5/itu/2022-04/5_22772.pdf

Otta, S., & Panda, S. (2022). Decentralized identity and access management of cloud for security as a service. In 2022 14th International Conference on COMmunication Systems & NETworkS (COMSNETS) (pp. 299-303). IEEE. https://doi.org/10.1109/COMSNETS53615.2022.9668529

Piasecki, S., & Jiahong Chen, J. (2022). Complying with the GDPR when vulnerable people use smart devices. International Data Privacy Law, 12(2), 113-131. https://doi.org/10.1093/idpl/ipac001

Raghavan, B., & Schneier, B. (2023). A bold new plan for preserving online privacy and security. IEEE Security & Privacy. http://surl.li/rfcyoy

Rothstein, M. A., & Tovino, S. (2019). California takes the lead on data privacy law. Hastings Center Report, 49(5), 4-5. https://doi.org/10.1002/hast.1042

Sacks, S. (2021). China’s emerging data privacy system and GDPR. Centre for Strategic and International Studies. https://www.csis.org/analysis/chinas-emerging-data-privacy-system-and-gdpr

Sadowski, J. (2019). When data is capital: Datafication, accumulation, and extraction. Big Data & Society, 6(1), 1-12. https://doi.org/10.1177/2053951718820549

Schwartz, P. M., & Peifer, K.-N. (2017). Transatlantic data privacy law. Georgetown Law Journal, 106(1), 115-179. https://www.law.georgetown.edu/georgetown-law-journal/in-print/volume-106/volume-106-issue-1-november-2017/transatlantic-data-privacy-law

Sestino, A., Kahlawi, A., & De Mauro, A. (2023). Decoding the data economy: A literature review of its impact on business, society and digital transformation. European Journal of Innovation Management. Advance online publication. https://doi.org/10.1108/EJIM-01-2023-0078

Shead, S. (2021). Amazon hit with $887 million fine by European privacy watchdog. CNBC. https://www.cnbc.com/2021/07/30/amazon-hit-with-fine-by-eu-privacy-watchdog-

Simons, A. (2017). Decentralized digital identities and blockchain: The future as we see it. Microsoft. https://techcommunity.microsoft.com/users/alex%20simons%20(azure)/53477

Sovrin Foundation. (2023). Sovrin: A protocol and token for self-sovereign identity and decentralized trust. http://surl.li/lmwbzr

Summerfield, C., Goldsmith, J., Greenberg, B., Gat, I., Khepra, A. G., Khosrowshahi, F., Lyons, T., Lyre, Ö., Roff, H., Tegmark, M., & Voss, P. (2024). How will advanced AI systems impact democracy? SchneierOnSecurity. https://www.schneier.com/wp-content/uploads/2024/09/How-Will-Advanced-AI-Systems-Impact-Democracy.pdf

United Nations Conference on Trade and Development. (2021). Data protection and privacy legislation worldwide. https://unctad.org/page/data-protection-and-privacy-legislation-worldwide

United Nations Conference on Trade and Development. (2023). Data protection and privacy legislation worldwide. https://unctad.org/page/data-protection-and-privacy-legislation-worldwide

Ukrainian Parliament Commissioner for Human Rights. (2022). Decree of 15.02.2022 No. 3-p. http://www.ombudsman.gov.ua/ua/page/zpd/

Wetzling, T., Sarkesian, L., & Dietrich, C. (2021). Solving the Transatlantic data dilemma: Surveillance reforms to break the international gridlock. Stiftung Neue Verantwortung. https://www.stiftung-nv.de/publications/downloadPdf/solving-transatlantic-data-dilemma

White House. (2022). Biden-Harris administration announces key actions to advance tech accountability and protect the rights of the American public. http://surl.li/sddjac

World Economic Forum. (2021). Reimagining data privacy for the 21st century. https://www.weforum.org/agenda/2021/07/reimagining-data-privacy-for-the-21st-century

World Bank. (2022). Europe and Central Asia economic update, Spring 2022: War in the region. https://hdl.handle.net/10986/37268

Xiong, Y. (2022). China fines Didi $1.2 billion for violating cybersecurity and data laws. CNN. https://edition.cnn.com/2022/07/21/economy/china

Zuboff, S. (2019). The age of surveillance capitalism: The fight for a human future at the new frontier of power. PublicAffairs.