News Science Quarterly (NS)

News Science Quarterly (NS)

Comparison of Personal Data Protection Laws: Unique General Regulations under the European Union's General Data Protection Regulation (GDPR) and United States Laws

Document Type : Original Article

Authors
Morteza Mahmodi Parchini 1
Ladan Riazi 2
Alireza Pour Ebrahimi 3
Seyed Abdollah Amin Mousavi 4
1 Department of Information Technology Management, Kish International Branch, Islamic Azad University, Kish Island, Iran. E-mail: morteza.mahmodiparchini@iau.ir
2 Corresponding author, Department of Information Technology Management, Faculty of Management and Economics, Science and Research Branch, Islamic Azad University, Tehran, Iran. E-mail: l.riazi@gmail.com
3 Department of Industrial Management, Faculty of Management, Islamic Azad University, Karaj Branch, Islamic Azad University, Karaj Branch, Iran. E-mail: poorebrahimi@gmail.com
4 Department of Industrial Management, Faculty of Management, Central Tehran Branch, Islamic Azad University, Tehran, Iran. Email: saa.mousavi@iau.ac.ir
10.22034/lrsi.2024.468452.1210
Abstract
Objective: This research provides a comparative analysis of the General Data Protection Regulation (GDPR) of the European Union and the data protection laws of the United States, aiming to offer suggestions for improving data protection laws in Iran.
Methods: The study employs a mixed-methods approach, using both qualitative and quantitative techniques for data collection and analysis. Data were gathered through library research, questionnaires, and semi-structured interviews, and were analyzed using SPSS software.
Results: The findings revealed that the GDPR includes a comprehensive and unified framework for the protection of personal data, emphasizing transparency, consent, and notification. In contrast, the United States lacks a comprehensive federal law and relies on a collection of sectoral and state laws. Additionally, the implementation of the GDPR has led to increased transparency and accountability for businesses, whereas U.S. laws have resulted in greater complexity.
Conclusions:The recommendations for improving data protection laws in Iran include drafting a comprehensive and unified law similar to the GDPR, creating effective enforcement mechanisms, increasing public awareness and education, utilizing successful experiences from other countries, adapting laws to the specific needs of Iranian society and its legal system, strengthening the role of regulatory bodies, encouraging the use of new technologies in data protection, and fostering collaboration between public and private sectors.
Keywords
Data Privacy
EU
GDPR
Cyber Regulations
Ahlstrom, D., et al. (2020). Divergence in data privacy standards between the EU GDPR and U.S. regulations
Bakare, Adeniyi, Akpuokwe, & Eneh. (2024). Navigating cybersecurity beyond compliance: understanding your threat landscape and vulnerabilities. Computer Science & IT Research Journal, 5(3), 528-543.
Computer Crimes Law. (2009). Official Gazette of the Islamic Republic of Iran, No. 18856, pp. 1-10. [In Persian]
Cooke, et al. (2019). Harmonizing data protection practices to align with regulations.
Culot, et al. (2019). The patchwork of state and sector-specific regulations in the U.S.
Decrees and resolutions of the Supreme Council of Cyberspace. (2011). National Center for Cyberspace, pp. 1-50. [In Persian]
Esteves, B., & Rodríguez-Doncel, V. (2024). Analysis of ontologies and policy languages to represent information flows in GDPR. Semantic Web, 15(3), 709-743.‏
Expediency Discernment Council. (2022). General policies of the system in the field of information production and exchange space security, pp. 1-40. [In Persian]
Fallahi, A. (2021). Data security strategies in small and medium-sized enterprises. Technology Management Journal, 10(2), 60-75. [In Persian]
Flyverbom, Deibert & Matten. (2019). Navigating the complex tapestry of data privacy regulations.
Gal, M. S., & Aviv, O. (2020). The competitive effects of the GDPR. Journal of Competition Law & Economics, 16(3), 349-391.
General policies of the system in the field of information production and exchange space security (AFTA). (2011). Expediency Discernment Council, pp. 1-40. [In Persian]
Georgiadis, G., & Poels, G. (2022). Towards a privacy impact assessment methodology. Computer Law & Security Review, 44, 105640.
Georgiadis, G., & Poels, G. (2022). Towards a privacy impact assessment methodology. Computer Law & Security Review, 44, 105640.
Gstrein, O. J., & Beaulieu, A. (2022). How to protect privacy in a datafied society? Philosophy & Technology, 35(1), 3-15.
Gstrein, O. J., & Beaulieu, A. (2022). How to protect privacy in a datafied society? Philosophy & Technology, 35(1), 3.
Hamed Haji Molla Mirzaei, Hafez Mohammadi, & Amir Masoud Saadatmand. (2021). Explaining the role of big data technology in the intelligence of cyber command and control systems and providing its practical model. [In Persian]
Harding, E. L., et al. (2019). Understanding the scope and impact of the California Consumer Privacy Act of 2018. Journal of Data Protection & Privacy, 2(3), 234-253.
Harding, E. L., et al. (2022). Understanding the scope and impact of the California Consumer Privacy Act of 2018. Journal of Data Protection & Privacy, 3(2), 234-253.
Hartzog, W., & Richards, N. (2020). Privacy's constitutional moment and the limits of data protection. BCL Review, 61, 1687.
Hartzog, W., & Richards, N. (2022). Privacy's constitutional moment and the limits of data protection. BCL Review, 62, 1687-1705.
Hoofnagle, C. J., Van Der Sloot, B., & Borgesius, F. Z. (2019). The European Union general data protection regulation: what it is and what it means. Information & Communications Technology Law, 28(1), 65-98.
Hoofnagle, C. J., Van Der Sloot, B., & Borgesius, F. Z. (2022). The European Union general data protection regulation: what it is and what it means. Information & Communications Technology Law, 29(1), 65-98.
Hu, I. Y. (2019). The Global Diffusion of the ‘General Data Protection Regulation’ (GDPR). Edited by KH Stapelbroek and S. Grand. Erasmus School of Social and Behavioural Sciences.
Kambourakis, G., Neisse, R., & Nai-Fovino, I. (2021). Information security in the age of EU-Institutions digitalisation, a landscape analysis.
Kambourakis, G., Neisse, R., & Nai-Fovino, I. (2022). Information security in the age of EU-Institutions digitalisation, a landscape analysis. Security Journal, 30(2), 220-240.
Kamyabi, T. (2023). Data governance in modern technologies. Information Technology Journal, 11(1), 70-85. [In Persian]
Klar, R. (2020). Privacy-by-design principles and ethical data practices.
Klar, R. (2022). Privacy-by-design principles and ethical data practices. Data Ethics Journal, 14(1), 30-50.
Krzyzanowski, B., & Manson, S. M. (2022). Twenty years of the health insurance portability and accountability act safe harbor provision: unsolved challenges and ways forward. JMIR Medical Informatics, 10(8), e37756.
Krzyzanowski, B., & Manson, S. M. (2022). Twenty years of the health insurance portability and accountability act safe harbor provision: unsolved challenges and ways forward. JMIR Medical Informatics, 10(8), e37756.
Labadie, C., & Legner, C. (2019, February). Understanding data protection regulations from a data management perspective: a capability-based approach to EU-GDPR. In Proceedings of the 14th International Conference on Wirtschaftsinformatik
Latifzadeh, M., Ghabouli Dorafshan, S. M., Mohseni, S., & Abedi, M. (2022). Explaining the legitimacy of personal data processing from the perspective of the European Union and Iran. Legal Studies, 14(3), 325-364. https://doi.org/10.22099/jls.2022.40620.4390 [In Persian]
Latifzadeh, M., Ghabouli Dorafshan, S. M., Mohseni, S., & Abedi, M. (2021). Analysis of the legal framework for personal data protection in the European Union. Information Processing and Management Research Journal, 37(2), 439-472. [In Persian]
Latifzadeh, M., Ghabouli Dorafshan, S. M., Mohseni, S., & Abedi, M. (2021). Identifying the nature of personal data and seeking an appropriate legal framework to protect it in the Iranian legal system. Islamic Jurisprudence and Law Studies Quarterly, 14(27), 361-394. https://doi.org/10.22075/feqh.2021.22153.2696 [In Persian]
Ministry of Communications and Information Technology. (2022). Cross-sectoral document on e-government, pp. 1-80. [In Persian]
Ministry of Communications and Information Technology. (2022). Strategic document on the security of the country's information production and exchange space, pp. 1-60. [In Persian]
Ministry of Industry, Mines and Trade. (2022). Comprehensive plan for the development of e-commerce in the country, pp. 1-100. [In Persian]
Negri-Ribalta, C., Lombard-Platet, M., & Salinesi, C. (2024). Understanding the GDPR from a requirements engineering perspective—a systematic mapping study on regulatory data protection requirements. Requirements Engineering, 1-27.‏
Strategic document of the comprehensive national information technology system. (2012). Supreme Council of Cyberspace, pp. 1-70. [In Persian]
Supreme Council of Cyberspace. (2022). Resolutions of the Supreme Council of Cyberspace, pp. 1-50. [In Persian]