FROM REGULATION TO LIABILITY: CHANGING DATA PRIVACY LANDSCAPE IN THE DIGITAL AGE
Keywords:
data privacy, accountability, responsibility, GDPR, data governance, privacy by design, DPIA, contextual integrityAbstract
The rapid digital transformation has turned data privacy into a global strategic issue. Regulations such as the General Data Protection Regulation (GDPR) provide a comprehensive legal framework for the protection of personal data, but their effectiveness depends heavily on the ability of organizations to apply the principles of accountability and substantive responsibility. This research aims to analyze the paradigm shift from regulatory compliance (regulation-based) to organizational accountability (responsibility-based) in data privacy governance in the digital era. The approach used is qualitative with a systematic literature study method, reviewing Scopus-indexed scientific articles and the Web of Science published between 2015–2025, as well as policy reports from international institutions such as the OECD and EDPB. The analysis was carried out using thematic analysis techniques to identify the main patterns in the application of the principles of accountability, privacy by design, data protection impact assessment (DPIA), as well as social context and privacy ethics. The results show that the paradigm shift towards responsibility requires organizations not only to comply with formal regulations, but also to build an internal governance system that is able to proactively prove data protection. Mechanisms such as privacy by design and DPIA have proven effective in increasing transparency, risk mitigation, and public trust. In addition, the theory of Contextual Integrity and the Taxonomy of Privacy assert that privacy protection must consider social norms and ethical values, not just legal aspects. In the context of developing countries, including Indonesia, the implementation of privacy responsibilities still faces challenges such as limited institutional capacity, low digital literacy, and policy fragmentation. Therefore, it is necessary to strengthen independent supervisory institutions, increase public literacy, and integrate accountability principles in business strategies and technology design. This research confirms that the future of data protection lies in the balance between strong regulation and ethical responsibility of organizations. By internalizing the principles of accountability, organizations can build a transparent, ethical, and sustainable data ecosystem, while strengthening public trust in the digital age.
Downloads
References
Ducato, R., Forgó, N., & Others. (2020). Data protection, scientific research, and the role of information. Computer Law & Security Review, 36(2), 105–118. https://doi.org/10.1016/j.clsr.2020.105392
Iwaya, L. H., Bernsmed, K., & Jaatun, M. G. (2024). Privacy impact assessments in the wild: A scoping review. Journal of Responsible Technology, 18, 100130. https://doi.org/10.1016/j.jrt.2024.100130
Kurtz, C., & Wagner, B. (2022). Accountability of platform providers for unlawful personal data processing. Journal of Responsible Technology, 9, 100020. https://doi.org/10.1016/j.jrt.2021.100020
Li, W., Cheng, L., & Li, Y. (2025). Mapping the empirical literature of the GDPR’s (in-)effectiveness. Computer Law & Security Review, 51, 105996. https://doi.org/10.1016/j.clsr.2025.105996
Nissenbaum, H. (2004). Privacy as contextual integrity. Washington Law Review, 79(1), 119–158.
OECD. (2023). Report on the Implementation of the OECD Privacy Guidelines. OECD Publishing.
Solove, D. J. (2006). A taxonomy of privacy. University of Pennsylvania Law Review, 154(3), 477–560.
Cavoukian, A. (2011). Privacy by design: The 7 foundational principles. Information & Privacy Commissioner of Ontario.
Braun, V., & Clarke, V. (2019). Reflecting on reflexive thematic analysis. Qualitative Research in Sport, Exercise and Health, 11(4), 589–597. https://doi.org/10.1080/2159676X.2019.1628806
Creswell, J. W., & Poth, C. N. (2018). Qualitative inquiry and research design: Choosing among five approaches (4th ed.). SAGE Publications.
Lincoln, Y. S., & Guba, E. G. (1985). Naturalistic inquiry. SAGE Publications.
Tranfield, D., Denyer, D., & Smart, P. (2003). Towards a methodology for developing evidence-informed management knowledge by means of systematic review. British Journal of Management, 14(3), 207–222. https://doi.org/10.1111/1467-8551.00375
Iwaya, L. H., Bernsmed, K., & Jaatun, M. G. (2024). Privacy impact assessments in the wild: A scoping review. Journal of Responsible Technology, 18, 100130. https://doi.org/10.1016/j.jrt.2024.100130
