Saudi Cultural Missions Theses & Dissertations

Permanent URI for this communityhttps://drepo.sdl.edu.sa/handle/20.500.14154/10

Browse

Filters

2023 - 20254

Settings

Subject: search.filters.subject.GDPR

Search Results

Now showing 1 - 4 of 4
  • No Thumbnail Available
    ItemRestricted
    A Comparative Analysis Between GDPR and CCPA: How Regulatory Frameworks Address Privacy and Data Protection
    (King's college london, 2025) Mashat, Fatmah; Tim, Stevens
    This study undertook a comparative qualitative analysis between the European Union’s General Data Protection Regulation (GDPR) and the United States’ California Consumer Privacy Act (CCPA), two pivotal legal frameworks shaping modern data protection and privacy standards. Despite their shared objective of enhancing data privacy, these frameworks face different regulatory challenges. Thus, this study sought to answer the research question: How do these regulatory frameworks address privacy and data protection? The study’s main argument was that while both frameworks aim to protect individual data, their legal approaches and cultural foundations differ. The GDPR offers a more comprehensive and stringent consent model compared to the CCPA, which is more flexible and consumer-centred. To explore this, the study delved into how each regulation addresses enforcement penalties, legal specificity, consent, transparency, accountability, and stakeholder participation. The findings highlight the strengths and weaknesses of each regulation and provide recommendations for stakeholders to improve data protection.
    9 0
  • No Thumbnail Available
    ItemRestricted
    Is Consent a Sufficient Means for Protecting Facial Biometric Data?
    (The University of Sheffield, 2023-09) Osailan, Haya Wayel; Chen, Jiahong
    Deleuze and Guattari prophesized in 1987, through their theory of faciality, that an individual is not born with a new face, they instead slide into one1. This prophecy is paralleled in the growing integration of facial recognition technologies (FRT) across various private sector domains such as workplaces2, schools3, retail4, and social media platforms5. FRTs aim to enhance efficiency in employee management6, boost student focus7, and provide personalized experiences for consumers8 and users9. However, the extraction and processing of facial biometric data (FBD) allow for hacking10, data scraping11, and identity theft12. Moreover, facial data extraction erodes the concept of obscurity13. Obscurity is defined as the barrier between the individual’s inside and outside world14, it shields individuals from recognition in their daily lives15. As FRT integration grows, opting out becomes increasingly challenging16. Despite the General Data Protection Regulation (GDPR) prohibiting FBD processing in the private sector17; consent is an exception to this rule18. Despite its prevalent use as a legitimate legal instrument, its porous and feeble nature is largely overlooked by the literature. The GDPR constitutes that for consent to be valid, it must be “freely given, specific, informed, and an unambiguous indication of the data subject’s wishes19...” Yet, the unbiased results of this study indicate that consent forms often overwhelm users with information, failing to convey risks adequately.20 As a result, the user does not fully fathom the consequences of their agreement to these forms21. Meanwhile, imbalances of power between the data subject and controller undermine the capability of consent to be freely given23. Consequently, consent becomes a mere procedural requirement rather than a protective measure for FBD processing. This study aims to illustrate the limitations of consent in safeguarding facial biometric data, emphasizing user vulnerability. Furthermore, it underscores the potential dangers of FRTs, including algorithmic bias and corporate misuse of personal data. Moreover, the algorithm dictates and supplies corporate entities with behavioral profiles of individuals without involving the individual or allowing them the ability to determine their own identity24. This research ultimately calls for a critical reassessment of current practices, it emphasizes the need for stricter regulations and greater user empowerment in controlling their personal data.
    10 0
  • Thumbnail Image
    ItemRestricted
    Personal Data Protection: Does the current legal framework correctly balance the competing interests of data controllers and subjects, especially as regards the use of the ‘legitimate interest’ justification? With a special focus on the EU & UK GDRP and the Saudi PDPL
    (University Of Reading, 2023-09-29) Alkhalifa, Shatha; Yong, Han
    With the speed of technological development, data has become a commercial, high-value product. In general, the value and control of a product belongs to its owner, the data subject. However, non-consensual external use of our personal data is exposing us to potential threats. Different countries have adopted laws to protect citizens' data, such as the UK General Data Protection Regulation (GDPR), the EU GDPR and the very recently implemented Personal Data Protection Law (PDLP) in the Kingdom of Saudi Arabia (KSA) However, these laws also grant considerable freedom to data controllers, allowing the use of personal data, without the data owner's permission, under certain provisions. One of the most controversial is the grounds of ‘legitimate interest’. This requires finding the right balance between the interests of the data controllers and the data owners. As such, this research studies the balancing exercise that needs to be delicately handled. This dissertation will mix different methodologies, namely the doctrinal methodology in terminologies and the international approach and descriptive analysis to examine the legal texts. A comparative methodology will be used to compare the GDPR transcripts with the new Saudi regulation. This study finds similarities and differences in the legitimate interest concept in the EU, the UK, and the Kingdom of Saudi Arabia, with a broad uncertainty in how legitimate interest should be defined. The role of data subject expectation is analysed. However, the research highlights that public entities should not use the legitimate interest base while it has already a public interest as a legal ground. Also, the importance of data ownership even after death, as under Saudi law, receive special attention. Finally, Saudi law also leads the way in an important focus, namely that direct marketing is purely a commercial activity and should not be prioritized over the private individual interest.
    30 0
  • Thumbnail Image
    ItemRestricted
    Developing an Awareness Framework for Software Developers to Implement Privacy into Software Systems
    (Saudi Digital Library, 2023-06-14) Alhazmi, Abdulrahman; Arachchilage‬, Nalin
    The use of software applications is inevitable as they provide different services to users. The software applications collect, store user data, and sometimes share it with a third party, even without the user’s consent. The Internet has also grown, significantly increasing data breaches in software systems. One of the reasons for this might be that the software developers responsible for ensuring that software systems are embedded with the appropriate privacy guided by laws such as GDPR, fail to implement the laws. GDPR law has guidelines that software developers can follow to implement privacy into software systems. Nevertheless, many data breaches might be due to the failure to implement guidelines. Developers might be lacking enough motivation to implement the GDPR law. Therefore, to equip developers with the motivation to implement their skills to mitigate such breaches, this thesis proposes a GDPR game-based teaching framework. Gamification, widely described as "the use of game design elements in non-game contexts", has previously shown potential in the development of exciting and efficient learning experiences, both in the sense of education and business. Some researchers have concentrated on the connection between software privacy and gamification, but they only focus on a few data privacy elements. The proposed framework will focus on improving developers' secure coding behaviour by way of their motivation. The novelty of this framework is that it will incorporate all GDPR principles together, making sure that software developers put GDPR into practice, resulting in software systems embedded with privacy. This study aimed to assess the effectiveness of a gamified application in educating developers on incorporating privacy-preserving techniques into software code. The impact of developers on application design was examined, and subjective satisfaction was assessed using the System Usability Scale (SUS). A think-aloud study experiment with pre-test and post-test evaluations was conducted, revealing encouraging results. Participants demonstrated a significant improvement in their understanding of the General Data Protection Regulation (GDPR) and their ability to incorporate privacy into their code. The gamified application successfully taught participants how to use privacy-preserving techniques in software design. This study investigates the motivating factors that influence developers' adoption of privacy-preserving techniques in software code. Key factors identified include perceived threat, susceptibility, severity, self-efficacy, lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality. These findings highlight the effectiveness of gamification in promoting secure coding behaviour and inform the game design framework for privacy incorporation.
    68 0

Copyright owned by the Saudi Digital Library (SDL) © 2025