The advantages of electronic communications in the e-commerce sector and the rapid exchange of information continue to have enormous benefits, but they come at a cost in terms of privacy protection and legal gaps. Privacy is defined differently in each jurisdiction – the EU and the US, and despite widespread agreement on the importance of privacy, there is no single definition of the concept in scientific circles. The difficulties of transferring personal data between the European Union and the United States were once again at the forefront of the country’s highest privacy and data protection concerns. General Data Protection Regulation (GDPR) positioned data protection to the highest level of company directions throughout the requirements imposed on any organization that collects, processes, manages, or stores information about European citizens, requiring stricter standards and giving users more control over their data. The new regulation has an impact on businesses and users all over Europe. The study’s goal is to compare the level of protection and security provided to e-commerce users in the European Union, the United States of America, the Republic of North Macedonia, and Albania. Also, the correlation between the obligations and the effect of the GDPR was studied in order to determine whether it will guarantee a higher level of protection of individuals’ rights, or whether will it primarily result in the bureaucratization of the processes for protecting personal data performed in e-commerce actions.

LITERATURE

Azzi A., The Challenges Faced by the Extraterritorial Scope of the General Data Protection Regulation, 2018, vol. 9, “Journal of Intellectual Property, Information Technology and E-Commerce Law” 2018, vol. 9(2).

Baldwin R., Cave M., Lodge M., Understanding Regulation: Theory, Strategy, and Practice, Cambridge 2011, DOI: https://doi.org/10.1093/acprof:osobl/9780199576081.001.0001.

Bhatti A., Akra H., Basit H.M., Khan A.U., Raza S.M., Naqvi M.B., E-commerce Trends during COVID-19 Pandemic, “International Journal of Future Generation Communication and Networking” 2020, vol. 13(2).

Boyne S.M., Data Protection in the United States, “American Journal of Comparative Law” 2018, vol. 66(1), DOI: https://doi.org/10.1093/ajcl/avy016.

Feiler N., Forgó F.L., Weigl N. (eds.), The EU General Data Protection Regulation (GDPR): A Commentary, New York 2018.

Goddard M., The EU General Data Protection Regulation (GDPR): European Regulation that Has a Global Impact, “International Journal of Market Research” 2017, vol. 59(6), DOI: https://doi.org/10.2501/IJMR-2017-050.

Gömann R.M., The New Territorial Scope of EU Data Protection Law: Deconstructing a Revolutionary Achievement, “Common Market Law Review” 2017, vol. 54(2), DOI: https://doi.org/10.54648/COLA2017035.

Hintze M., El Emam K., Comparing the Benefits of Pseudonymisation and Anonymisation under the GDPR, “Journal of Data Protection & Privacy” 2018, vol. 2(2).

Hoofnagle C.J., Sloot B., Borgesius F.Z., The European Union General Data Protection Regulation: What It Is and What It Means, “Information & Communications Technology Law” 2019, vol. 29(1), DOI: https://doi.org/10.1080/13600834.2019.1573501.

Jamal K., Maier M., Sunder S., Enforced Standards versus Volution by General Acceptance: A Comparative Study of e-Commerce Privacy Disclosure and Practice in the United States and the United Kingdom, “Journal of Accounting Research” 2005, vol. 41(1), DOI: https://doi.org/10.1111/j.1475-679x.2004.00163.x.

Jang-Jaccard J., Nepal S., A Survey of Emerging Threats in Cybersecurity, “Journal of Computer and System Sciences” 2014, vol. 80(5), DOI: https://doi.org/10.1016/j.jcss.2014.02.005.

Kennedy G.E., Prabhu L.S.P., Data Privacy Law: A Practical Guide, Kindle Edition, 2020.

Ryngaert C., Taylor M., The GDPR as Global Data Protection Regulation?, “AJIL Unbound” 2019, vol. 114, DOI: https://doi.org/10.1017/aju.2019.80.

Sarathy R., Robertson C., Strategic and Ethical Considerations in Managing Digital Privacy, “Journal of Business Ethics” 2003, vol. 46(2), DOI: https://doi.org/10.1023/A:1025001627419.

Udo G.J., Privacy and Security Concerns as Major Barriers for e‐Commerce: A Survey Study, “Information Management & Computer Security” 2001, vol. 9(4), DOI: https://doi.org/10.1108/EUM0000000005808.

Voigt P., Bussche A., The EU General Data Protection Regulation (GDPR): A Practical Guide, “Axel von dem Bussche Taylor Wessing” 2020, vol. 13(2).

ONLINE SOURCES

Annual Report of Albanian Data Protection Commissioner, 2021, https://www.idp.al/wp-content/uploads/2016/10/RAPORTI-VJETOR-2021.pdf (access: 7.10.2021).

Chevalier S., Retail e-Commerce Sales Worldwide from 2014 to 2025, 4.2.2022, https://www.statista.com/statistics/379046/worldwide-retail-e-commerce-sales (access: 20.5.2021).

Data Protection Laws and Regulations 2021–2022: International Comparative Legal Guide, Global Legal Group 2021, https://iclg.com/practice-areas/data-protection-laws-and-regulations (access:18.11.2021).

Hoven J. van de, Blaauw M., Pieters W., Warnier M., Privacy and Information Technology, [in:] Stanford Encyclopedia of Philosophy, 2020, https://plato.stanford.edu/entries/it-privacy (access: 20.12.2021).

Hoven J. van de, Doorn N., Swierstra T., Koops B.-J., Romijn H. (eds.), Responsible Innovation 1: Innovative Solutions for Global Issues, http://ndl.ethernet.edu.et/bitstream/123456789/18722/1/112..Jeroen%20van%20den%20Hoven.pdf (accesss: 10.8.2022).

Information and Data Protection Commissioner in Albania, https://www.idp.al/category/activities-of-the-commissioners-office/?lang=en (access: 13.10.2021).

International Classification of Functioning, Disability, and Health, Geneva 2001, http://whqlibdoc.who.int/publications/2001/9241545429.pdf (access: 10.7.2021).

Maria T., Data Protection / Data Privacy, [in:] Elgar Encyclopaedia of Human Rights, https://ssrn.com/abstract=3859440 (access: 10.2.2022).

Nuredini B., Paunkoska Dodevska V., Legal Aspects of Electronic Contracts, UBT Conference, October 2020, https://www.researchgate.net/publication/353515427_Legal_aspects_of_electronic_contracts (access: 20.3.2022).

Wolford B., What is GDPR, the EU’s New Data Protection Law?, https://gdpr.eu/what-is-gdpr (access: 10.2.2022).

LEGAL ACTS

Fair and Accurate Credit Transactions Act, http://uscode.house.gov/view.xhtml (access: 7.9.2021).

Federal Statute on the Telephone Consumer Protection Act, 47 U.S.C. § 22, https://www.fdic.gov/resources/supervision-and-examinations/consumer-compliance-examination-manual/documents/8/viii-5-1.pdf (access: 7.9.2021).

Gramm-Leach-Bliley Act, https://www.ftc.gov/tips-advice/business-center/privacy-and-security/gramm-leach-bliley-act (access: 7.9.2021).

Health Insurance Portability and Accountability Act of 1996 (HIPAA), http://www.legalarchiver.org/hipaa.htm (access: 7.9.2021).

Law on Protection of Personal Data no. 9887 (Data Protection Law) (Official Gazette of the Republic of Albania no. 44, 1.4.2008).

Law on Personal Data Protection (Official Gazette of the Republic of Macedonia 2005, no. 7).

Law on Personal Data Protection (Official Gazette of the Republic of North Macedonia 2020, no. 42).

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119/1, 4.5.2016).

CASE LAW

Judgement of the CJEU of 13 May 2014 in case C-131/12, Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González.