The European Union's General Data Protection Regulation may be the most sweeping trans-national legislation protecting personal data to date, but it is certainly not the only influence on the way commercial, public and civil society organizations handle informational privacy. As the 'information society' evolved and societal interest in the protection of personal data increased, researchers from various academic disciplines investigated what happens when different kinds of organizations are confronted with new data governance demands. For instance, privacy economists have studied how internet users' perceptions of online data protection influence their consumption behavior (Acquisti & Grossklags, 2005), psychologists have studied how employee training influences compliance with information security policies (Parsons et al, 2014), and scholars in media and communication studies and in management have studied how massive personal data-gathering gave rise to business models in which the audience and predictions of their behaviour became the product (Van Dijck, 2013; Zuboff, 2019). While the subject of privacy protection is clearly an interdisciplinary one, few have crossed the boundaries of their academic disciplines to integrate findings about organizations' data protection practices into a comprehensive view on what influences those practices. Yet, there is a clear need for an all-round perspective on data protection 'on the ground'. For different stakeholders in the digital economy – policy makers, watchdogs, privacy or consumer advocates, industries, technology developers – having a complete model of what actually influences practices means a better understanding of how to reconfigure personal data protection and meet privacy needs. Our main research question is therefore: Which are the dominant theories in various academic disciplines that explain actual practices of personal data protection in organizations? As a first step towards a comprehensive model of influences on organizations' data protection practices, we have conducted a structured, interdisciplinary literature review combined with a thematic review of the main theories found in the structured review (cf. Jesson, Matheson & Lacey, 2011). The research is part of the university chair on ‘Data Protection on the Ground’ at the Vrije Universiteit Brussel in Belgium. Our results show that researchers from over 100 different academic disciplines (as categorized by Web of Science) have studied practices of personal data protection, from nursing to robotics and penology, and that those studies vary from small-scale qualitative research to substantial cross-cultural comparisons. The resulting model thus incorporates insights from a large variety of disciplines, offering a holistic perspective to inform policies and hands-on approaches at the macro (societal), meso (sector), and micro levels (organization).
Original languageEnglish
Publication statusPublished - 10 Jul 2019
EventIAMCR 2019: Communication, Technology and Human Dignity: Disputed Rights, Contested Truths: Communication, Technology and Human Dignity: Disputed Rights, Contested Truths - Universidad Complutense de Madrid, Madrid, Spain
Duration: 7 Jul 201911 Jul 2019


ConferenceIAMCR 2019: Communication, Technology and Human Dignity: Disputed Rights, Contested Truths
Internet address

ID: 46845255