Unraveling the Complexity of Data Privacy

Sammanfattning: As we have entered a new digital age where technology is a crucial part of everyday practice, data has risen in priority as a crucial part of business. With this the idea of data privacy – an idea rooted in human rights – has also received increased attention, for example, the EU passing the General Data Protection Regulation (GDPR) applicable to any organization collecting data from European citizens. Previous research into data privacy, and the GDPR in particular, has largely focused on conceptual recommendations related to its implementation, paying limited attention to how firms are implementing the GDPR in practice. To address this limitation in previous studies, we analyze how firms are translating the idea of data privacy into practice. We answer this based on interviews with, and documents from, a large European streaming provider and its work with the GDPR. We show that it is far from straightforward for firms to translate the data privacy idea (as materialized in the GDPR) into practice, since the traveling data privacy idea clashes with ideas in residence. We also show how these ideas coexist in a competitive relationship in the firm and how this shapes how the data privacy idea is translated into practice. In doing this, we contribute to the research into data privacy, and the GDPR in the following ways: first, we respond to the call for more empirical research on how organizations implement the GDPR. Second, the study adds empirical support to the previous literature on the relevance of contextual factors through the traveling of ideas. Lastly, the study brings forth empirical findings that corroborate and adds value to previous research highlighting the misalignment between the legislative framework and the technical reality.