An Analytical Review of Industrial Privacy Frameworks and Regulations for Organisational Data Sharing

Abstract

This study examines the privacy protection challenges in data sharing between organisations and third-party entities, focusing on changing collaborations in the digital age. Utilising a mixed-method approach, we categorise data-sharing practices into three business models, each with unique privacy concerns. The research reviews legal regulations like the General Data Protection Regulation (GDPR), highlighting their emphasis on user privacy protection but noting a lack of specific technical guidance. In contrast, industrial privacy frameworks such as NIST and Five Safes are explored for their comprehensive procedural and technical guidance, bridging the gap between legal mandates and practical applications. A key component of this study is the analysis of the Facebook–Cambridge Analytica data breach, which illustrates the significant privacy violations and their wider implications. This case study demonstrates how the principles of the NIST and Five Safes frameworks can effectively mitigate privacy risks, enhancing transparency and accountability in data sharing. Our findings highlight the dynamic nature of data sharing and the vital role of both privacy regulations and industry-specific frameworks in protecting individual privacy rights. This study contributes insights into the development of robust privacy strategies, highlighting the necessity of integrating comprehensive privacy frameworks into organisational practices for improved decision making, operational efficiency, and privacy protection in collaborative data environments.