This paper looks at cybersecurity and the protection of critical national infrastructure, as an area of systemic risk to society. In particular, it looks at the obligations and potential penalties which apply to cloud providers under the regulatory framework established by the EU’s Network and...

As businesses and other entities have sought to collect more personal data on individuals, the public has pushed back, and lawmakers throughout the United States and elsewhere have responded by passing data protection laws. Recent data protection laws passed by the European Union and by several...

This is a draft report from the ACCAN funded-project, “Regulating to Protect Security & Privacy in the Internet of Things (IoT)”. This report is intended for the purpose of consultation. The report analyses legal issues relating to data security, consumer protection and privacy of consumer...

I examine how firms strategically bundle news reports to offset the negative effects of a privacy breach disclosure. Using a complete dataset of privacy breaches from 2005 to 2014, I find that firms experience a small and significant 0.27% decrease in their stock price on average following the...

I examine how firms strategically bundle news reports to offset the negative effects of a privacy breach disclosure. Using a complete dataset of privacy breaches from 2005 to 2014, I find that firms experience a small and significant 0.27% decrease in their stock price on average following the...

We analyze personal data protection laws in the United States through the lenses of the economic theories of ex ante safety regulation, ex post liability and information disclosure. Specifically, we consider and contrast how legal and economic theories interpret privacy costs and the remedies to...

Trust is a key requirement for all electronic information and transactions, and information security is the means used establish a level of trust appropriate to the situation. Through the implementation of appropriate information security measures, businesses seek to ensure a reasonable level of...

Where data centres located in the European Economic Area ('EEA') are utilised for cloud computing services, the customers, and in some circumstances even cloud service providers, could become subject to the EU Data Protection Directive on the basis that the data centre may be an...

This article discusses ways in which the General Agreement on Trade in Services (GATS) and post-GATS free trade agreements may limit the EU's ability to regulate privacy and personal data protection as fundamental rights. After discussing this issue in two dimensions – the vertical...

Considerable debate exists as to the interaction of antitrust and privacy law. This nuanced debate encompasses many difficult questions: when is there a strong consumer preference for privacy, and when is there not? Under what circumstances do consumers happily trade data for service access?...