Professional Documents
Culture Documents
Student's Name
PhD Proposal - Page 1 of 19
Abstract
This proposal describes the best model for consumer data protection in a participatory
economy. It also elaborates on the effects expected for UK consumers after the occurrence of
Brexit regarding data protection laws. It examines the changes in the law that could affect
consumers in the UK market when they are no longer part of the EU participatory economy. This
is explained using the example of Uber business, which has attained a high number of customers,
thus disrupting traditional taxis. The proposal also explains why the “General Data Protection
Regulation (GDPR) from the EU” legislation is the best regulation for consumer data protection
in a participatory economy.
PhD Proposal - Page 2 of 19
1. Introduction
A participatory economy is one where major decision are made as a group. The European
Union is a participatory economy because overall market decisions are made jointly by member
nations. The EU economy has regulations that prescribe how member nations operate. Included
in those regulations is the General Data Protection Regulation, which purports to protect and
enforce customer privacy rights.1 If a member nation leaves the EU but continues to do business
with it, the remaining member nations lose their ability to have a direct impact on how the
former member nation operates in light of EU laws and regulations. Nations that were part of the
EU may leave certain regulations to the EU instead of promulgating them internally and must
figure out how to handle them when it leaves. The United Kingdom will have to either adopt the
GDPR or otherwise adopt a new law that protects the privacy of consumer data. In analysing
what the UK should do to protect consumer data, it is important to analyse the purposes of
consumer data protection regulations. The best consumer data protection regulations create a
balance between the need to protect the self-interest of customers and that of businesses. 2
Protection also promotes fair competition in the market, where no single player can utilize
States are allowed to have their interpretation of the GDPR and make certain adjustments
to the law. The law provides an opportunity for the state's legislature to amend the law to match
the needs of the states. They are allowed quite a bit leeway in GDPR just like any laws. States
are permitted to act like independent countries within the federal government. The EU also
1
S Al-Mamari and J Devenney, ‘General Principles of Consumer Protection in e-Commerce Trade: A Comparative
Study between Islamic Law and EU Laws’ (dissertation)
2
‘General Data Protection Regulation’ (InTouch Systems) <https://www.intouchsystems.co.uk/gdpr> accessed 9
March 2020
PhD Proposal - Page 3 of 19
allows the member countries to slightly leeway from GDPR to match the needs of the country.
The paper’s main objectives are to identify the qualities of the best consumer data
protection model and the effect of Brexit on data protection in the UK.
PhD Proposal - Page 4 of 19
2. Literature Review
When the UK leaves the EU, it should adopt the GDPR instead of creating its own
consumer data privacy regulation because the GDPR is an adequate regulation for managing
consumer data privacy. There is no need for the UK to reinvent the wheel. The GDPR meets the
necessity for good consumer data privacy regulation. The best consumer data protection
regulation is one that enables the lawful processing of data while ensuring fairness and
transparency when processing consumer data. The first element ensures that data belonging to a
customer cannot be processed without legal approval. The second element ensures that the
processing enhances fairness and transparency concerning consumer data. 3 One of the principles
the GDPR is created upon is ensuring that all processing is legal. It also meets the need to
The advantages of the GDPR are that it is a regulatory framework that ensures that data
exchange is appropriately governed. In the participatory economy of the EU, all member nations
must understand and agree on how to treat consumer data. Otherwise, the necessary transparency
that drives a participatory economy is lost. The GDPR encourages companies to have a plan that
protects the processes of collection of data, its use, and its storage, and eventually its
destruction5. The GDPR legislation ensures that customer data is appropriately used and that
companies find ways to prevent the exploitation of the customers through access by third parties.
If the UK continues with the GDPR, it can implement plans to cater to the needs of the
consumer and their privacy6. The GDPR legislation allows the country’s legal systems and
3
I Graef, T Tombal, and AD Streel, ‘Limits and Enablers of Data Sharing. An Analytical Framework for EU
Competition, Data Protection and Consumer Law’ (2019) SSRN Electronic Journal
4
‘General Data Protection Regulation’ (InTouch Systems) <https://www.intouchsystems.co.uk/gdpr> accessed
March 9, 2020
5
Pavlovic, Dusan. "Self-exclusion mechanism and GDPR principles." (2019).
6
. Duncan, Bob, Andreas Happe, and Alfred Bratterud. "Achieving GDPR Compliance with
Unikernels." International Journal on Advances in Security Volume 11, Number 3 & 4, 2018 (2018).
PhD Proposal - Page 5 of 19
companies to recognize and protect the privacy of the customer. In the past, customer data could
be collected without the customer’s consent, and the companies then used the data for activities
that the customer was not aware of 7. Large data firms could obtain data from companies and
would have few if any consequences as a result of the data misuse. The GDPR provides a
mechanism when companies mishandle customer data. Firms have re-evaluated their data
security measures and have put emphasis on how consumer data should be handled and protected
from unauthorized access. Companies now use the GDPR to protect themselves from legal action
that comes from the breaches8. Companies that follow the GDPR guidelines with respect to
protecting consumer data are protected from liability 9. There are specific elements to the
protection, including the need for a data protection controller and processor. Furthermore, the
law requires companies to notify customers of the data breach promptly. Further, when
companies use new technologies, they are required to create a plan to manage the technology
against violations.
Companies have realized that consumers are vital, and the violation of privacy can have
negative effects on their business10. The GDPR does not favour third party relationships in the
sharing of the data. They are seen as more likely to bring a breach of privacy of the data because
they do not have direct contractual agreements with customers. The GDPR legislation of
protecting consumer data recognizes breaches are common when there is a long chain of
7
Lachaud, Eric. "Adhering to GDPR codes of conduct: A possible option for SMEs to GDPR certification." Journal
of Data Protection & Privacy 3, no. 1 (2019): 48-68.
8
Sarkar, Subhadeep, Jean-Pierre Banatre, Louis Rilling, and Christine Morin. ".
9
S. Sirur, J. Nurse and H. Webb "Are we there yet? Understanding the challenges faced in complying with the
General Data Protection Regulation (GDPR)." In Proceedings of the 2nd International Workshop on Multimedia
Privacy and Security, (2018) 88-95.
10
Addis, Maria Chiara, and Maria Kutar. "The general data protection regulation (GDPR), emerging technologies
and UK organisations:
PhD Proposal - Page 6 of 19
The consumers’ data is legally protected to ensure that the customers are protected from
illegal uses. For instance, companies might use customer data customers to engage in marketing
activities without the consent of the consumer. The GDPR is fair because it protects customers
from the company exploiting data and failing to compensate the customer for the data adequately
use11. The regulation aims to protect the rights of both parties. Fairness arises from protecting
those rights to ensure that both the consumer and the company can flourish in a competitive
market economy12.
protects companies from nefarious uses of data by outsiders. For example, ensuring that third
parties do not access data improperly 13. For instance, the location data that the consumer
provides to Uber drivers are protected by ensuring that third parties cannot access it for other
purposes. The inability of drivers to use location data for personal gain is an aspect of fairness.
Even though the UK should adopt the GDPR, it still has limitations. It is the main aim to
bring fairness and transparency to customers and how they can transact. However, it does not
require companies to explain data risks to customers. The GDPR does not push for the training
and education of consumer on their data privacy, and it would be inaccurate to state that the
regulation was designed with customer education in mind. Instead, the GDPR was designed by a
government entity without having customer input. The regulation would be more effective if it
first understood the needs of consumers and the preferences on data privacy14.
11
Diker Vanberg, Aysem, and Mehmet B. Ünver. "The right to data portability in the GDPR and EU competition
law: odd couple or dynamic duo?." European Journal of Law and Technology 8, no. 1 (2017).
12
Graham, Georgina, and Ashley Hurst. "GDPR enforcement: How are EU regulators flexing their muscles?." IQ:
The RIM Quarterly 35, no. 3 (2019): 20.
13
Linden, Thomas, Rishabh Khandelwal, Hamza Harkous, and Kassem Fawaz. "The privacy policy landscape after
the GDPR." Proceedings on Privacy Enhancing Technologies 2020, no. 1 (2020): 47-64.
14
Gal, Michal, and Oshrit Aviv. "The Unintended Competitive Consequences of the GDPR." Journal of
Competition Law and Economics, Forthcoming (2020).
PhD Proposal - Page 7 of 19
The GDPR also does not protect the consumer data from benefitting companies 15.
Consumers’ data has been used to profit companies without the consumers realizing that their
personal data is used by the companies to enrich themselves. The GDPR should be able to cover
all the aspects of the consumer data. Failure to protect the consumer data in the case of Uber can
cause loss of huge amounts of data, which could lead to a crisis on the part of the company and
the consumer. The company could lose payment information from the consumer. The consumer
could risk being manipulated to pay double the price of the company services.
The GDPR can thus be considered fair and transparent despite its limitations. The
provisions of the legislation are grounded on the EU law. After Brexit, the UK should maintain
the GDPR legislation for its consumer protection because it is fair and effective¸ because it limits
Per Regulation (EU) No 575/2013, any whistleblower can be protected in any of the
member states of the EU. The country that has breached the regulations of the union is to receive
sanctions from the member states until they rectify the mistake. Protecting the whistleblowers
provide an opportunity for people to come forward to the union and report the wrongdoings of
their country.
The study will use a literature review approach. Specifically, the study will look at past
The research will be looking at secondary sources determining whether or not privacy
laws have a significant impact on how safe customers feel about their data.
15
Teixeira, Gonçalo Almeida, Miguel Mira da Silva, and Ruben Pereira. "The critical success factors of GDPR
implementation: a systematic literature review." Digital Policy, Regulation and Governance (2019).
PhD Proposal - Page 8 of 19
PhD Proposal - Page 9 of 19
4. Ethical Considerations
This study has no significant ethical concerns as it will not work with any participants.
This study should determine how effectively companies follow the data protection
also relates to Professor Willett’s major legislative reform of laws, policies and regulations in
UK consumer law.16
Various scholars from the Research Cluster of Commercial Law at the School of Law,
University of Essex, are focusing academic efforts on consumer protection. My research interest
in examining the role of the UK’s digital economy consumer protection is significant in light of
Brexit. The research proposal is also aligned with the School of Law’s current research priorities.
consumer and contract law, the quality and safety of goods and services as well as unfair terms
and conditions; Dr. Andrea Fejos’s18 interests in the consumer in the digital age, consumer
protection and new technologies and post-crisis, a new direction in consumer protection; and Dr.
16
Professor Christopher Willett, University of Essex [website] <https://www.essex.ac.uk/people/wille56200/
christopher-willett> accessed 30 December 2019
17
Professor Christopher Willett, University of Essex [website] <https://www.essex.ac.uk/people/wille56200/
christopher-willett> accessed 30 December 2019
18
Andrea Fejos, University of Essex [website] <https://www.essex.ac.uk/people/fejos32004/andrea-fejos> accessed
30 December 2019
PhD Proposal - Page 10 of 19
Onyeka Osuji’s19 interests in consumer protection and online lending, consumer protection,
sustainable development and Credit, Consumers and the Law: After the Global Storm.
19
Dr Onyeka Osuji, University of Essex [website] <https://www.essex.ac.uk/people/osuji09409/onyeka-osuji>
accessed 30 December 2019
PhD Proposal - Page 11 of 19
8. WORK PLAN
9.0 RESOURCES
Bibliography
Addis, Maria Chiara, and Maria Kutar. "The general data protection regulation (GDPR),
Butler, Oliver. "Obligations imposed on private parties by the GDPR and UK Data Protection
Law: Blurring the public-private divide." European Public Law 24, no. 3 (2018): 555-572.
Chua HN and others, ‘Compliance to Personal Data Protection Principles: A Study of How
Organizations Frame Privacy Policy Notices’ (2017) Telematics and Informatics 34, 157-170
Diker Vanberg, Aysem, and Mehmet B. Ünver. "The right to data portability in the GDPR
and EU competition law: odd couple or dynamic duo?." European Journal of Law and
Duncan, Bob, Andreas Happe, and Alfred Bratterud. "Achieving GDPR Compliance with
2018 (2018).
PhD Proposal - Page 14 of 19
Gal, Michal, and Oshrit Aviv. "The Unintended Competitive Consequences of the
Graef I, Clifford D, and Valcke P, ‘Fairness and Enforcement: Bridging Competition, Data
Protection, and Consumer Law’ (2018) International Data Privacy Law 8, 200-223
Graef I, Tombal T, and Streel AD, ‘Limits and Enablers of Data Sharing. An Analytical
Framework for EU Competition, Data Protection and Consumer Law’ (2019) SSRN
Electronic Journal
Greenleaf G and Tian G, ‘Data Protection Widened by China's Consumer Law Changes’
HN Chua and others, ‘Compliance to Personal Data Protection Principles: A Study of How
Organizations Frame Privacy Policy Notices’ (2017) 34 Telematics and Informatics 157-170
J Brill, ‘The Intersection of Privacy and Consumer Protection’ The Cambridge Handbook of
Kemp K and Buckley RP, ‘Protecting Financial Consumer Data in Developing Countries: An
King NJ and Forder J, ‘Data Analytics and Consumer Profiling: Finding Appropriate Privacy
Principles for Discovered Data’ (2016) Computer Law & Security Review 32, 696-714
PhD Proposal - Page 15 of 19
Kirillova EA, ‘The Principles of the Consumer Right Protection in Electronic Trade: A
Comparative Law Analysis’ (2016) International Journal of Economics and Financial Issues
6, 117-122
La Diega GN, ‘Uber Law and Awareness by Design. An Empirical Study on Online
383-413
Lachaud, Eric. "Adhering to GDPR codes of conduct: A possible option for SMEs to GDPR
Linden, Thomas, Rishabh Khandelwal, Hamza Harkous, and Kassem Fawaz. "The privacy
Mantelero A, ‘The Future of Consumer Data Protection in the E.U. Re-Thinking the ‘Notice
and Consent’ Paradigm in the New Era of Predictive Analytics’ (2014) Computer Law &
Mckim CA, ‘The Value of Mixed Methods Research’ (2016) Journal of Mixed Methods
Mercer Shannon Togawa, ‘The Limitations of European Data Protection As A Model For
Mohajan Haradhan Kumar, ‘Two Criteria for Good Measurements in Research: Validity and
Reliability’ (2017) Annals of Spiru Haret University. Economic Series 17, no. 4, 59-82
doi:10.26458/1746
Pierce TW, ‘Ethical Considerations for Student-Based Reminiscence Projects’ (2019) The
responsibilities: the case of Equifax and Uber’ (2019) Global Journal of Business Pedagogy
3, no. 3, 8-15
Sarkar, Subhadeep, Jean-Pierre Banatre, Louis Rilling, and Christine Morin. "Towards
Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom)
Sirur, S., J. Nurse and H. Webb "Are we there yet? Understanding the challenges faced in
complying with the General Data Protection Regulation (GDPR)." In Proceedings of the 2nd
Skok Walter and Samantha Baker, ‘Evaluating the Impact of Uber on London's Taxi Service:
A Strategic Review’ (2018) Knowledge and Process Management 25, no. 4, 232-246
doi:10.1002/kpm.1575
PhD Proposal - Page 17 of 19
Teixeira, Gonçalo Almeida, Miguel Mira da Silva, and Ruben Pereira. "The critical success
and Governance (2019).