A survey conducted in April and May 2023 found that less than half of the surveyed organizations in the United States and the United Kingdom (UK) had completed selected actions to comply with state data privacy laws in the United States. Around ** percent of the respondents had made a comparison of the United States' state-level privacy law frameworks. A further ** percent said they were in the process of doing so. Furthermore, ** percent of the respondents said they had updated privacy policies, while almost ** percent were in the process of planning and conducting data assessments.

According to a survey of adults in the United Kingdom who had contacted organizations regarding their privacy rights in October 2023, around a quarter of respondents contacted subscription services. Social media companies ranked second, with almost 20 percent of the respondents communicating their privacy rights with them, while e-commerce websites followed with 18 percent.

According to a survey of adults in the United Kingdom (UK) from January to February 2024, around seven in ten respondents asked an organization to stop sending them marketing communication through electronic means. Furthermore, over 30 percent refused to provide an organization with biometric data.

A survey conducted in April and May 2023 revealed that around 35 percent of organizations in the United States and 40 percent of organizations in the United Kingdom pay higher costs for international data transfers due to data privacy regulations, but they also find it manageable. Furthermore, approximately 35 percent of respondents from both countries think the regulations encourage businesses by guaranteeing that the data will be safeguarded in other countries.

A survey conducted in April and May 2023 revealed that around 55 percent of the companies that do business in the European Union (EU) and the United Kingdom (UK) found it challenging to adapt to new or changing requirements of the General Data Protection Regulation (GDPR) or Data Protection Act 2018 (DPA). A further 45 percent of the survey respondents said it was challenging to increase the budget because of the changes in the data privacy laws.

This dataset is a central catalogue of Data Protection Impact Assessments (DPIAs) of smart city projects that collect personal information in public spaces. By publishing this in one place for the first time, it will enable public transparency and support good practice among operators. A DPIA helps to identify and minimise the risks of a project that uses personal data. Further information: DPIA registration form: https://www.london.gov.uk/dpia-register-form Information Commissioner DPIA: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-impact-assessments/

SAR Database contains details of staff & ex-staff Data Protection Act (DPA) SARs received by BIS (including predecessor departments BERR and DTI, and relevant Executive Agencies), and DECC.

This dataset is about books. It has 4 rows and is filtered where the book is Data protection : a practical guide to UK and EU law. It features 7 columns including author, publication date, language, and book publisher.

A February 2023 survey in the United Kingdom (UK) found that around 22 percent of the respondents somewhat agreed that they were supposed to give away personal information in return for online services. Another 33 percent was neutral about it, while nearly 30 percent disagreed with the statement.

DP (Data Protection Act) / SAR (Subject Access Request) - In time

Dataset on commits (and repositories) on GitHub making reference to data privacy legislation (covering laws: GDPR, CCPA, CPRA, UK DPA).

The dataset contains:
+ all_commits_info_merged-v2-SHA.csv : commits information as collected from various GitHub REST API calls (all data merged together).
+ repos_info_merged_USED-v2_with_loc.csv: repository information with some calculated data.
+ top-70-repos-commits-for-manual-check_commits-2coders.xlsx: results of the manual coding of the commits of the 70 most popular repositories in dataset.
+ user-rights-ω3.csv: different terms for user rights teriminology in legislation.
+ github_commits_analysis_replication.r: main analysis pipeline covering all RQs in the R programming language.

In order to perform also the initial data collection, the GitHub REST API can be used, collecting data using time intervals, for instance:
https://api.github.com/search/commits?q=%22GDPR%22+committer-date:2018-05-25..2018-05-30&sort=committer-date&order=asc&per_page=100&page=1

This dataset accompanies the following publication, so please cite it accordingly:

Georgia M. Kapitsaki, Maria Papoutsoglou, Evolution of repositories and privacy laws: commit activities in the GDPR and CCPA era, accepted for publication at Elsevier Journal of Systems & Software, 2025.

(1) To ascertain how the British public (adults) feel about personal data storage apps and services, and how in control over their personal data they feel, we conducted a UK-wide demographically representative national survey (implemented by survey company, ICM Unlimited, across 15-18 January 2021, 2,065 respondents, online omnibus).

(2) To qualitatively assess UK adults' views on control over personal data, and perceptions of personal data storage apps and services, six two-hour focus groups (35 participants) were conducted in February 2021, split according to age (18-34 year olds in Groups A, D and E, and 65+ in Groups B, C and F).

(3) To ascertain how the British public (adults) feel about being paid for supplying their biometric and emotion personal data in a controlled fashion via personal data storage apps and services, we conducted a UK-wide demographically representative national survey (implemented by survey company, Walnut Unlimited, across 29 Sep – 1 Oct 2021, 2,070 respondents, online omnibus).

Research from academia, industry and regulators finds that most citizens care about their privacy and want greater control over their personal data. However, even the digital cognoscenti struggle to understand how personal data is collected, used and recirculated. Data literacy approaches therefore do not solve the issue of privacy exploitation. The utility of legal approaches is also questionable as European General Data Protection Directive consent processes are problematic. In addition to rights frameworks and regulation, new solutions are needed. As part of a privacy toolkit, privacy-by-design may help to achieve greater data privacy by embedding privacy considerations into systems that process personal data.

Funded by Innovate UK Smart Grants (TS/T019964/1, File reference: 106283) in collaboration with project partner, Cufflink, this project’s central research question is: What empirically generated ethical factors do citizen-level personal data storage services such as Cufflink need to build in their app to empower users to manage their own personal information?

Citizen-level personal data storage services seek to empower users to manage and control their own personal information when linking this to other individuals and organisations. Our project partner, Cufflink is developing a personal data storage app that, uniquely does not require users to prove their identity, and that has a clear, iconography-driven explanation of terms and conditions. However, we do not yet understand the ethical principles by which these apps work, whether their revenue models raise other ethical and privacy externalities, and whether their design adequately reflects citizen concerns with control over their data. If they are a privacy solution that helps structure interaction between citizens and businesses, what features are needed to ensure that everyday citizens, and not just the digital cognoscenti, use it?

To answer these questions, we have collaborated with Cufflink to understand the perceptual, behavioural and ethical contexts in which their product will be used. We have studied the affordances of early iterations of Cufflink’s app and key established competitor apps, and we undertook scoping interviews with relevant governance actors to discuss issues raised by citizen-level personal data storage apps. We conducted 2 demographically representative national surveys: survey 1 establishes UK-level attitudes towards the level of control that people feel they have over personal data, and towards personal data stores; survey 2 establishes UK-level attitudes towards being paid for supplying their biometric and emotion personal data in a controlled fashion via personal data storage apps. We conducted online focus groups of lay users’ comprehension of personal data and privacy provided by personal data stores. We fed our analysis into Cufflink’s product design, thereby improving the product, and we developed an Ethical Impact Assessment toolkit to evaluate all apps that are based on citizen-level personal data storage principles.

As of August 2023, the most used online privacy feature for internet users worldwide was private accounts, with 56 percent of global respondents stating to have used them. Additionally, 54 percent of respondents said they reviewed friend or follow requests. Roughly 51 percent used parental control tools.

BackgroundThe COVID-19 pandemic brought global disruption to health, society and economy, including to the conduct of clinical research. In the European Union (EU), the legal and ethical framework for research is complex and divergent. Many challenges exist in relation to the interplay of the various applicable rules, particularly with respect to compliance with the General Data Protection Regulation (GDPR). This study aimed to gain insights into the experience of key clinical research stakeholders [investigators, ethics committees (ECs), and data protection officers (DPOs)/legal experts working with clinical research sponsors] across the EU and the UK on the main challenges related to data protection in clinical research before and during the pandemic.Materials and methodsThe study consisted of an online survey and follow-up semi-structured interviews. Data collection occurred between April and December 2021. Survey data was analyzed descriptively, and the interviews underwent a framework analysis.Results and conclusionIn total, 191 respondents filled in the survey, of whom fourteen participated in the follow-up interviews. Out of the targeted 28 countries (EU and UK), 25 were represented in the survey. The majority of stakeholders were based in Western Europe. This study empirically elucidated numerous key legal and ethical issues related to GDPR compliance in the context of (cross-border) clinical research. It showed that the lack of legal harmonization remains the biggest challenge in the field, and that it is present not only at the level of the interplay of key EU legislative acts and national implementation of the GDPR, but also when it comes to interpretation at local, regional and institutional levels. Moreover, the role of ECs in data protection was further explored and possible ways forward for its normative delineation were discussed. According to the participants, the pandemic did not bring additional legal challenges. Although practical challenges (for instance, mainly related to the provision of information to patients) were high due to the globally enacted crisis measures, the key problematic issues on (cross-border) health research, interpretations of the legal texts and compliance strategies remained largely the same.

A Data Protection Impact Assessment (DPIA) is one of the ways to find out what privacy risks people face when information is collected, used, stored, or shared about them. This helps the London Borough of Barnet find issues so that risks can be taken away or lowered to a level that is acceptable. It also cuts down on privacy breaches and complaints that could hurt the Council's reputation or lead to action by the Information Commissioner (the government watchdog). The London Borough of Barnet makes DPIAs public in with its Data Charter and the 2018 Data Protection Act and UK GDPR.

A survey conducted in April and May 2023 among companies in the United States and the United Kingdom (UK) showed that seven in 10 organizations had designated an internal manager or owner to lead and implement data privacy measures. Additionally, almost 60 percent conducted regular training of all staff on data privacy and compliance.