Ethical Problems in the Field of Legal Protection of Personal Data

Problem setting. In order to build an innovative society, it is necessary to develop legal norms and regulators aimed at protecting privacy and controlling personal data. In addition, the need to ensure effective and reliable protection of personal data in the conditions of rapid technological development, globalization and the growing threat of cybercrime is becoming more urgent. The need for the development of legal norms, the introduction of innovative technologies and the raising of public awareness become important tasks for ensuring privacy and protection of personal data. The study also aims to identify and analyze the main challenges facing the field of personal data protection, such as cybercrime, hacker attacks, globalization and cross borders. Legal norms and regulations aimed at protecting privacy are also analyzed, as well as the potential opportunities of new technologies that can increase the level of protection of personal data. Аnalysis of recent researches and publications. The problems of legal protection of personal data have recently become the subject of research by an increasing number of scientists, both lawyers and representatives of other fields of knowledge. In particular, such scientists as: S. Hlibko, T. Egorova-Lutchenko, K. Yefremova, O. Korvat, V. Kokhan, M. Haustova devote their attention to the study of these issues. etc. Purpose of the research is to develop possible ways of legal protection of personal data in view of today’s challenges related to this issue. The article aims to consider the development of technologies and the growth of the volume of personal data as the main factors affecting the need for effective protection of privacy and security of this data. The article is aimed at expanding the understanding of the problem and providing recommendations for improving the protection of privacy and security of personal data in the future. article’s main body. According to the preamble to the Agreement between Ukraine and the European Union on the participation of Ukraine in the European Union program “Digital Europe” (2021-2027), the important supporting role of digital infrastructure, including in the field of cyber security, is recognized to ensure inextricably linked transformation processes and digital leadership of the European Union. The purpose of concluding the Agreement is to establish mutually beneficial cooperation in order to strengthen and support the deployment of reliable and secure digital capabilities in the Union in the field, including cyber security. It is recognized that mutual participation in each other’s programs for the implementation of digital technologies should ensure mutual benefits for the Parties, while observing a high level of data protection, digital rights, etc. In accordance with paragraph 12 of Article 2 of Annex III to the Agreement, the exchange of information between the European Commission or OLAF and the competent state authorities of Ukraine must take place with due consideration of confidentiality requirements. Personal data included in the exchange of information must be transferred in accordance with the current legal norms on data protection of the Party making the transfer. According to paragraph 49 of the preamble of Regulation (EU) 2021/694 of the European Parliament and of the Council of April 29, 2021 on the establishment of the Digital Europe Program, digital transformation should allow citizens to access, use and securely manage their personal data across borders, regardless of their location or data location. According to point 60 of the preamble, by providing a single set of rules that are directly applicable in the legal systems of the Member States, Regulation (EU) 2016/679 guarantees the free flow of personal data between Member States and strengthens the trust and security of individuals, two indispensable elements of a true Digital Single Market . All actions taken within the framework of the Program, which involve the processing of personal data, must contribute to the smooth implementation of this Regulation, for example, in the field of artificial intelligence and distributed ledger technologies (for example, blockchain). These actions should support the development of digital technologies that meet data protection obligations both by design and by default. In addition, according to paragraph 69 of the preamble, this Regulation respects fundamental rights and adheres to the principles recognized in the Charter of Fundamental Rights of the European Union, in particular regarding the protection of personal data, etc. In the Charter of Fundamental Rights of the European Union (2016/C 202/02) dated June 7, 2016, Chapter II “Freedoms” contains Article 8, which is entitled “Protection of personal data”, according to which it is assumed that everyone has the right to the protection of personal data data concerning him. Such data must be processed fairly for specific purposes and on the basis of the consent of the person concerned or on another legal basis established by law. Everyone has the right to access the data that has been collected about him and the right to correct it. Compliance with these rules is subject to control by an independent body. In addition, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data establishes rules relating to the protection of natural persons with regard to the processing of personal data, as well as rules, relating to the free movement of personal data, and protects the fundamental rights and freedoms of natural persons and, in particular, their right to protection of personal data. Today in Ukraine, the main legislative act in this area is the Law of June 1, 2010 No. 2997-VI “On the Protection of Personal Data”. Article 11 of the Law of Ukraine “On Information” specifies what information about a natural person (personal data) is. In turn, the legal and organizational bases for ensuring the protection of the vital interests of a person and citizen, society and the state, national interests of Ukraine in cyberspace, the main goals, directions and principles of state policy in the field of cyber security, the powers of state bodies, enterprises, institutions, organizations, individuals and citizens in this area, the basic principles of coordination of their cyber security activities are defined in the Law of Ukraine “On Basic Principles of Cyber Security of Ukraine”. In addition, relations in the field of information protection in information, electronic communication and information and communication systems are regulated by the Law of Ukraine “On the Protection of Information in Information and Communication Systems”. In turn, the Concept of the development of e-governance in Ukraine, as well as the Law of Ukraine “On the National Informatization Program” defines e-governance. In addition, in 2021, the Law of Ukraine “On Public Electronic Registers” was adopted, which defines the State electronic platform for maintaining public electronic registers. On April 18, 2023, by a resolution of the Cabinet of Ministers of Ukraine, the Regulation on the information system “Software platform for the deployment and support of state electronic registers” was approved, as well as the Procedure for using the software “Software platform for the deployment and support of state electronic registers”. conclusions and prospects for the development. The protection of digital personal data requires the development of appropriate technical and regulatory tools, as well as judicial practice of prosecution for violations of the order of their use. It is possible to create a database or registry for private electronic/digital platforms, with the help of which or which would control their activities, including regarding the protection of personal data. At the same time, at the regulatory and legal level, it is necessary to provide that a mandatory condition for the creation and functioning of an Internet platform is its registration in such a database / such a register, and a mandatory condition for registration is confirmation of technical capabilities to ensure the protection of personal data of platform users. It is necessary to define at the regulatory level the list and mechanisms of acquisition of digital rights, their implementation, protection, compensation and responsibility for their violation. The protection of personal data should be considered one of the digital rights of a person and a citizen. The development of digitalization in a legal state must inevitably be accompanied by the development of the legal framework, in particular, the emergence, consolidation, definition and protection of digital rights of individuals and legal entities. Digital rights are a multifaceted category, they become connected and interwoven with other rights defined and established in the norms of different branches of law. The multifaceted nature of the “digital rights” category implies the separation and delimitation of various categories of digital rights, their distribution into appropriate types, for example, “personal digital rights”, “financial digital rights”, etc. It should be quite natural to form a separate element in the general system of law, such as digital law, as a set of legal norms regulating social relations related to the circulation of (including personal) data in digital networks.

This study aims to discuss the legal weak protection of personal data which is motivated by the phenomenon of society today which is like living in a world without borders so that it impacts on easy access to one's personal information, the impact of begins to spread illegal practices by irresponsible parties in the illegal use of personal information. In addition, there are no laws that specifically regulate the protection of personal data/information in the 4.0 Industrial Revolution era. The approach method used is a conceptual and case approach, with the purpose of the research is to analyze the weakness of legal protection for personal data in the 4.0 Industrial Revolution era in Indonesia. The results of the study, the spread of personal data protection arrangements in various laws and regulations indicate the protection of personal data is not yet a national legal priority and results in legal weak protection of the personal data of citizens so as to position Indonesian citizens in a vulnerable position, which is certainly not in line with the legal objectives namely provide legal certainty, justice, and expediency. The various cases that exist and pay attention to the phenomenon of digitalization in the era of the industrial revolution 4.0 illustrate the urgency of the need for the legal protection of personal data a state priority. Legal reform through the legitimacy of protecting personal data as a responsive and progressive legal policy is a must so that legal protection in the form of legal guarantees can be carried out properly in order to create a safe and comfortable digital ecosystem for the community.

The article is devoted to a number of issues of legal protection and protection of personal data processed using artificial intelligence technologies in the Russian Federation through the prism of analysis of legal acts and legislative initiatives in the field of protection and protection of personal data and artificial intelligence; the problems of improving legislation; the experience of the European Union in regulating personal data processed using artificial intelligence. The following problems were raised: the adoption of requirements for the depersonalization of personal data for the purposes of processing by artificial intelligence; the need for separate consent to the processing of personal data processed using artificial intelligence; the need for a separate, special, comprehensive act regulating artificial intelligence technologies.

The development of digital technology has driven the transformation of banking services that are now digital-based. Behind the convenience of these services, there are major challenges related to the protection of consumer personal data. This research aims to analyse the legal protection of personal data in digital banking services in Indonesia. This normative research uses a statutory approach by examining relevant laws and regulations, such as the Personal Data Protection Act, Financial Services Authority Regulations and Bank Indonesia Regulations as well as a conceptual approach. The results of this study show that there are already several laws and regulations governing digital financial services in Indonesia that seek to provide protection for the use of personal data for financial services consumers, although there are still several cases of theft and misuse of personal data of financial services consumers as well as forms of legal protection of personal data in digital banking services. This study is expected to provide further understanding of the urgency of personal data protection and the contribution of regulations in creating a safe digital banking ecosystem for consumers.

<em>Since the legal connection between consumers and banks is one built on trust, legal protection for customers is crucial given that banks are financial entities whose operation cannot be divorced from the role of customers. Every individual has personal data, which is something that is intrinsic to them and has to be secured since everyone has the right to privacy, which is guaranteed by the Republic of Indonesia's 1945 Constitution and is a fundamental citizen right.</em> <em>The goal of this study is to identify the legal safeguards for the confidentiality of consumer information held by Bank Financial Institutions, as well as the legal actions that consumers may take in the event that their privacy is violated. This study employs a normative juridical research design, combining an analytical, historical, and legislative approach. The data type for the research specifications is secondary data, obtained through document/library research (Library Research), and the research standards call for analytical descriptive data. The research's data is organized logically and methodically, examined using qualitative analytic techniques, and then presented in a qualitative report.</em> <em>The study's findings indicate that state people have a constitutional right to privacy, which is the cornerstone of the legal protection of personal data. Both government control and self-regulation can be used to legally secure the personal data of customers. As of now, personal data is not legally based in any of Indonesia's laws or regulations. As a result, Indonesia lacks standards for the legal protection of personal data, making it unable to provide its residents with the best possible protection. </em>

This scientific article comprehensively examines various methods and approaches to the administrative and legal protection of personal data in the online environment. Emphasis is placed on the importance of comprehensive application of various methods of protection, as well as on the need for constant improvement of legislation in this area, taking into account the development of new technologies and challenges. The article thoroughly studies the theoretical principles of administrative and legal protection of personal data. The concepts of «personal data» and «administrative protection» are studied in the context of this topic. The provisions of the current legislation of Ukraine and the European Union, which regulate the issue of personal data protection, are analyzed. The authors pay special attention to the activities of the Commissioner of the Verkhovna Rada of Ukraine for human rights in the field of personal data protection. The powers of the Commissioner are disclosed, as well as the procedures for carrying out inspections and applying measures for administrative termination of violations of legislation in the field of personal data protection. An important aspect of the research is the analysis of administrative liability for violation of the legislation on personal data protection. Describes the types of violations for which administrative responsibility is provided. The article offers a number of recommendations for improving the administrative and legal protection of personal data in Ukraine. These include the adoption of new and amendments to current legislation that would more clearly regulate the issue of personal data protection in the online environment; ensuring adequate financing of the activities of the Commissioner of the Verkhovna Rada of Ukraine for human rights; conducting regular trainings and seminars for civil servants and business representatives on issues of personal data protection; strengthening cooperation with international organizations in the field of personal data protection. Based on the conducted research, the author concludes that administrative and legal methods of personal data protection are an important component of a comprehensive system of protection of human rights and freedoms in the digital environment. The effectiveness of personal data protection can be ensured only under the condition of comprehensive application of various methods, constant improvement of legislation and effective control over its compliance.

Information technology-based money lending service is the implementation of financial services to bring lenders together with borrowers in order to make loan agreements to borrow money. Many people have complained about the dissemination of personal data by online loan providers without notice and without the owner's permission. The purpose of this paper is to review the legal protection of customers' personal data in technology-based money lending services. The motto used in this writing is a normative legal method with a statutory approach and a fact approach. The results of the study show that legal protections and sanctions for personal data breaches have been stipulated in Law No. 11 of 2008 and changes in information and electronic transactions, but specifically regarding legal protection and sanctions for personal data breaches in online loan services have been listed in the financial services authority regulation No. 77/POJK.01/2016. Information technology-based money lending services. The organizer is responsible for maintaining the confidentiality, integrity, and availability of personal data use and in the utilization must obtain approval from the data owner, the organizer may be subject to administrative sanctions in the form of written warnings, fines, obligation to pay a certain amount of money, restrictions on business activities, and revocation of business license

Legal protection for consumers must be considered because the existence of consumers is prone to fraud. Personal consumer data protect one form of legal protection for consumers in conducting transactions with business actors, both domestic and foreign transactions. With the times at this time, consumer data that exists on business actors, both in the form of state-owned enterprises or business actors in the private form, is a lot of consumer data that these business actors trade and this consumer data is widely known. The problem studied is how the consumer’s legal protection of personal data on digital platforms. Research methods are using normative research methods, namely by explaining the issues and views of consumer legal protection of personal data on existing legal regulatory, digital platforms. The results illustrate that for now, consumer legal protection of personal data on digital platforms still refers to several laws and regulations in Indonesia. The government is also preparing a Draft Law on Personal Data Protection, which will become lex specialis. For the protection of personal consumer data in Indonesia related to personal data on digital platforms.

<em>In the era of digital transformation, one prominent model of Fintech is Peer-to-Peer (P2P) lending, which offers alternative financing access through digital platforms. The protection of personal data in P2P lending becomes crucial as sensitive information such as financial and credit history is collected and processed by these platforms. Data protection regulations, like GDPR, play a vital role in maintaining the balance between Fintech innovation and individual privacy rights. This research aims to discuss the legal protection of personal data within the context of Peer-to-Peer (P2P) Lending in the realm of Financial Technology (Fintech) in Indonesia. The research methodology employed is normative law, using descriptive legal analysis. Data is gathered from various sources, including legal statutes, court decisions, legal literature, and government guidelines related to Fintech and personal data protection. Qualitative analysis is conducted to identify relevant legal provisions, explain their legal implications, and formulate improvement recommendations. The research findings reveal that personal data protection within Indonesian Fintech P2P Lending is governed by a range of regulations, including the Electronic Information and Transactions Law (UU ITE), the amended UU ITE, OJK regulations, and the Ministry of Communication and Informatics regulations. Moreover, the Omnibus Law on Job Creation provides a strong foundation for the protection of consumer personal data. Key principles in personal data protection encompass transparency, explicit consent, data security, limited data usage, fair and ethical business practices, individual rights over personal data, and data integration</em>

The development of information and communication technology, one of which is the internet (interconnection networking). Protection of personal data privacy if it is not regulated in a law and regulation can result in losses for someone due to the dissemination of personal information. This study aims to analyze the protection of personal data privacy in a comparative law perspective. This study uses the literature study research method. Data collection techniques by collecting several previous studies as a reference for answering the importance of using Shopee among students, the latest features of Shopee that make it easier for consumers to use it and the reasons students choose to buy and sell online at Shopee, as well as supporting data. as supports such as newspapers, magazines, articles, e-books from the internet, image data and graphics according to the topic. The purpose and focus of this research is to find out the nature of legal protection of personal data as a right to privacy and forms of legal protection of personal data as a right to privacy in Indonesia. The result of this research is that the essence of legal protection of personal data as a right to privacy is a citizen's constitutional right. Indonesia does not yet have statutory regulations which form the legal basis for the protection of personal data

In the development of China’s Internet industry and digital economy, great importance is attached to the protection of personal data and seriously protects the legitimate rights and interests of citizens’ personal data. Generally speaking, with the development of technology and industry, China’s personal data protection has gone from “indirect protection” to “direct protection” and then to “comprehensive protection”. In the early years of China’s Internet industry, the indirect protection of personal data was mainly achieved through the protection of the “rights to privacy” of citizens. Since the Internet industry of the People’s Republic of China has entered a stage of rapid development, the state began to directly protect personal data in accordance with the provisions of the Chapter “Network Information Security” established in the “Cyber Security Law” of 2016, establishes several principles for the collection and use of personal data, protection requirements information security. Until November 1, 2021, the “Personal Data Protection Law of the People’s Republic of China” (PPD) was adopted to comprehensively protect personal data, reflecting the ideology of development focused on bringing the people to the center, meeting the new needs and aspirations of the people in the new era, and also proposing the creation international digital legal order “Chinese version”. The PPD further expands the scope of the object of personal data protection, comprehensively establishes the rights of individuals to process data, strengthens the obligations to protect personal data processors, creates strict rules for the protection of sensitive personal data and regulates the processing of personal data by public authorities, as well as improving the means of legal protection of personal data, all of which are important points in the legislation. The law incorporates advanced foreign experience, while emphasizing Chinese wisdom, the spirit of the times, and practicality in accordance with the reality of China.

The article is devoted to the issues of modern understanding of the concept, essence and content of administrative and legal support for the protection of personal data of citizens. In this aspect, the author emphasizes the growing need to form an appropriate level of protection of an individual from information threats of the modern world and to form administrative and legal support for the protection of personal data of citizens. The methodological basis of the study. The selected issue is approached using a systematic methodology, which incorporates dialectical, formal-logical, and structural-functional methods, in addition to other standard scientific research techniques. Furthermore, specific legal methods, such as formal-logical, systematic-functional, comparative analysis, methods of legal interpretation, and legal forecasting, are employed. The study is grounded in the theory of cognition, with a particular emphasis on materialist dialectics as its overarching method. General scientific research methods used include formal-logical and systematic approaches. Results. The author emphasizes that legal protection of personal data by the authorities is based on legislation and regulations governing the rights and obligations of the authorities with respect to personal data processing. It is emphasized that these rules may include requirements for data registration, confidentiality, notification of an individual about the collection and use of his or her personal data, and establishment of liability for violation of data protection rules. The concept of personal data protection by the authorities includes the adoption of appropriate legal measures to ensure the security and confidentiality of these data. Conclusions. The administrative and legal support for the protection of citizens’ personal data takes place within the activities of government authorities as an element of their service function. The concept of administrative and legal support for the protection of citizens’ personal data is defined as the regulated administrative and legal activities of entities responsible for ensuring the protection of personal data, primarily the activities of public administration subjects, aimed at administrative and legal regulation, implementation, protection, and safeguarding of public relations in the field of personal data. It guarantees the rights and legitimate interests of all subjects of legal relations, focusing on creating the necessary conditions for compliance with legislation on personal data protection. It is emphasized that administrative support is the activity of public authorities manifested in legal regulation, application, and protection of the rights, freedoms, and interests of citizens.

The article is devoted to the issues of legal protection of personal data when providing to commercial banks both by the subjects of personal data themselves and by third parties; the problem of legal protection of personal data of underage who is not client of the bank, within the framework of the functioning of digital educational platforms for teaching in schools; the role of the state in ensuring the legal protection of personal data of citizens; protection of personal data of citizens used by commercial organizations not in accordance with the purposes of providing data; problems with the dissemination of personal data without the consent of the subject of personal data; the possibility or impossibility of using personal data obtained through digital educational platforms by banks for analytics for the purpose of further possible provision of banking services, advertising, etc., including when transferred for processing to foreign consulting firms whose services the bank uses; problems of improving legislation on banks and banking activities in relation to the Civil Code of the Russian Federation and in relation to legislation on personal data.

The paper examines the state of legal regulation of personal data protection of employees in Ukraine. It is established that the national labour legislation does not have special rules on the specifics of regulating the security of processing and storage of personal data in the process of concluding, implementing and terminating employment relations. With this in mind, the authors refer to the experience of international and European institutions in regulating this area. It is established that the ILO and EU instruments have a broader scope than national legislation, namely, they contain not only general rules, but also those regulating relations in the field of employment and employment. Given Ukraine's commitment to improve its personal data protection legislation in order to bring it in line with the GDPR as part of the implementation of the Association Agreement with the European Union, the authors propose a number of measures to improve the mechanisms and means of legal regulation of employee personal data protection in the context of digital and European integration. These include - introduction of international standards for ensuring mechanisms related to the security, protection and defence of employee personal data; - creation of a legal regime for the protection and defence of employee personal data in accordance with the European Regulation; - establishment of liability and determination of types of punishment for violation of legislation in the field of protection of employee personal data; - introduction of special provisions in the Labour Code of Ukraine regarding the employer's obligation to protect personal data. It is noted that in connection with the military aggression of the Russian Federation against Ukraine and the introduction of martial law, this issue has become even more relevant and requires further legislative consolidation and consideration of international experience and analysis of the current state, taking into account the existing practical component.

Protection of personal data is one of the rights possessed by humans, which is one of the privacy rights possessed by a person in maintaining and securing personal data owned by each individual. The development of Artificial Intelligence (AI)-based technology has developed rapidly in the digital world 4.0, where legal protection is needed in personal data protection legal instruments. This research aims to examine the use of AI as a tool in protecting personal data and to examine the urgency of a special regulation in Indonesia in protecting personal data. The research method used in writing this law is normative legal research. In this research, what is meant by juridical research is the 1945 Constitution of the Republic of Indonesia, the Law on Information, and Electronic Transactions Number 11 of 2008, the Regulation of the Minister of Communication and Information Number 20 of 2016, Government Regulation Number 82 of 2012, and UDHR by conducting a study of legal products in the form of laws and regulations. Furthermore, what is meant by normative research is related to the principle of legal certainty, which later can be linked to the urgency of personal data protection regulations for the protection, supervision, and utilization of personal data abuse. Keywords: personal data, artificial intelligence, protection, urgency