PROTECTION OF PERSONAL DATA FROM CYBER THREATS

Authors

DOI:

https://doi.org/10.54934/ijlcw.v4i3.143

Keywords:

personal data, personal data protection, data leakage, cyberattack, personal data operator, datos personales, protección de datos personales, filtración de datos, ciberataque, operador de datos personales, 个人数据, 个人数据保护, 数据泄露, 网络攻击, 个人数据运营者

Abstract

Personal data has become a valuable business resource but is increasingly targeted by cyberattacks and leaks. This study uses comparative legal analysis and formal legal methods to examine how citizens' data rights can be better protected in the digital age. Focusing on liability and data breaches, the paper compares Russia’s personal data protection framework with European and American approaches. The findings suggest that effective protection requires more than just listing rights for data subjects—it demands enforceable guarantees in cyberspace. The study proposes both compliance and post-control measures aimed at preventing breaches and addressing their root causes. It also recommends assigning liability to data operators proportionate to the harm caused and remedied. The analysis of current laws and enforcement practices reveals that strengthening legal accountability and implementing preventive mechanisms are essential steps toward safeguarding personal data in an increasingly digital and interconnected world.

_____

PROTECCIÓN DE DATOS PERSONALES CONTRA CIBERAMENAZAS

Los datos personales se han convertido en un valioso recurso empresarial, pero cada vez son más blanco de ciberataques y filtraciones. Este estudio utiliza análisis jurídico comparativo y métodos legales formales para examinar cómo se pueden proteger mejor los derechos de los ciudadanos sobre sus datos en la era digital. Centrándose en la responsabilidad y las filtraciones de datos, el documento compara el marco de protección de datos personales de Rusia con los enfoques europeos y estadounidenses. Los hallazgos sugieren que una protección eficaz requiere más que simplemente enumerar los derechos de los titulares de los datos; exige garantías exigibles en el ciberespacio. El estudio propone medidas de cumplimiento normativo y control posterior destinadas a prevenir las filtraciones y abordar sus causas fundamentales. También recomienda asignar responsabilidad a los operadores de datos proporcional al daño causado y reparado. El análisis de la legislación vigente y las prácticas de aplicación revela que fortalecer la responsabilidad legal e implementar mecanismos preventivos son pasos esenciales para salvaguardar los datos personales en un mundo cada vez más digital e interconectado.

______

个人数据免受网

个人数据已成为宝贵的商业资源,但日益成为网络攻击和泄露的目标。本研究运用比较法律分析和正式法律方法,探讨如何在数字时代更好地保护公民的数据权利。本文聚焦责任和数据泄露,将俄罗斯的个人数据保护框架与欧美的做法进行了比较。研究结果表明,有效的保护不仅仅需要列举数据主体的权利,还需要在网络空间提供可执行的保障。本研究提出了合规和事后控制措施,旨在预防数据泄露并解决其根本原因。研究还建议根据造成的损害和补救措施,向数据运营者追究责任。对现行法律和执法实践的分析表明,在日益数字化和互联互通的世界中,加强法律问责和实施预防机制是保护个人数据的关键步骤。

Author Biography

Elizaveta Zainutdinova, Novosibirsk National Research State University

Ph.D., Department of Business Law, Civil and Arbitration Proceedings, Novosibirsk National Research State University, Novosibirsk, Russia

References

Aimin, Qi, Guosong, S., & Wentong Z. (2018). Assessing China’s Cybersecurity Law. Computer Law & Security Review, 34, 1342-1354. https://doi.org/10.1016/j.clsr.2018.08.007

Arhipov, V.V. (2018). The Problem of Qualifying Personal Data as Intangible Goods in the Digital Economy, or there is Nothing More Practical than a Good Theory, Zakon, 2, 52-68.

Ayala-Rivera, V., Portillo-Dominguez, O., & Pasquale, L. (2024). GDPR Compliance via Software Evolution: Weaving Security Controls in Software Design. Journal of Systems and Software, 216, 22 p. https://doi.org/10.1016/j.jss.2024.112144

Baik, J. (2020). Data Privacy against Innovation or against Discrimination?: The Case of the California Consumer Privacy Act (CCPA). Telematics and Informatics, 52. https://doi.org/10.1016/j.tele.2020.101431

Buckley, G., Caulfield, T., & Becker, I. (2024). How Might the GDPR Evolve? A Question of Politics, Pace and Punishment. Computer Law & Security Review, 54, 14 p. https://doi.org/10.1016/j.clsr.2024.106033

Burova, A.Yu. (2023). Digital Ecosystem as a Way of Doing Business: a Legal View. Current Issues of Russian Law, 11, 111-117. https://doi.org/10.17803/1994-1471.2023.156.11.111-117

Jingyu F. (2023). Legal Policies Failing on Data Breaches? Legal Policies Failing on Data Breaches? An Empirical Study of U.S. Information Security Law Implementations. Procedia Computer Science, 221, 971-978. DOI: 10.1016/j.procs.2023.08.076

Nohrina, M.L. (2013). The Concept and Signs of Intangible Benefits: Legislation and Civil Science, Izvestiya Vysshih Uchebnyh Zavedenij. Pravovedenie, 5, 143-160.

Ratushnyj, M. (2024). Overview of Key Changes in Personal Data Legislation. Available at: https://pravo.ru/opinion/251783/ (last visited 01.02.2025).

Rozhkova, M.A., & Glonina, V.N. (2020). Personal and Non-Personal Data as Part of Big Data, Law of Digital Economy. Yearbook-Antology. Series “Analisys of the Modern Law / IP & Digital Law”, ed. by M.A. Rozhkova. Moscow: Statut, pp. 271-296.

Rupp, V., & Grafenstein, M. (2024). Clarifying “Personal Data” and the Role of Anonymisation in Data Protection Law: Including and Excluding Data from the Scope of the GDPR (More Clearly) through Refining the Concept of Data Protection. Computer Law & Security Review, 52, 25 p. https://doi.org/10.1016/j.clsr.2023.105932

Savel'ev, A.I. (2021). Scientific and Practical Article-by-Article Commentary on the Federal Law “On Personal Data”. Moscow: Statut, 468 p.

Savel'ev, A.I. (2015). Problems of Application of Legislation on Personal Data in the Era of “Big Data”. Pravo. Zhurnal Vysshej Shkoly Ekonomiki, no. 1, pp. 43-66.

Soldatova, V.I. (2023). New Legislative Measures to Protect Personal Data. Pravo i Ekonomika, no. 3, pp. 25-30.

Uroshleva, A. (2018). Commercialization of Personal Data and the Concept of “Big Data” are Topical Issues in the IT Field.” Available at: https://www.garant.ru/article/1229761/ (last visited 01.02.2025).

Wenlong, L., & Jiahong, C. (2024). From Brussels Effect to Gravity Assists: Understanding the Evolution of the GDPR-Inspired Personal Information Protection Law in China. Computer Law & Security Review, vol. 54, 14 p. https://doi.org/10.1016/j.clsr.2024.105994

Xiaodong, D., & Hao, H. (2024). For Whom is Privacy Policy Written? A New Understanding of Privacy Policies. Computer Law & Security Review, 55, 13 p. https://doi.org/10.1016/j.clsr.2024.106072

Xiongbiao, Y., Yuhong Y., Jia, L., & Bo J. (2024). Privacy and Personal Data Risk Governance for Generative Artificial Intelligence: Chinese Perspective. Telecommunications Policy, (48)10, 15 p. https://doi.org/10.1016/j.telpol.2024.102851

Zinovieva, V., Shchelokov, M., & Litvinovskyа, E. (2023). Legal Issues of Protection of Personal Data: Cases of Transport Data Leaks. Transportation Research Procedia, 68, 461-467. https://doi.org/10.1016/j.trpro.2023.02.062

Ziwei, S. (2024). Personal data Security and Stock Crash Risk: Evidence from China’s Cybersecurity Law. China Journal of Accounting Research, (17) 4, 23 p. https://doi.org/10.1016/j.cjar.2024.100393

Downloads

Published

2025-06-28

How to Cite

Zainutdinova, E. (2025). PROTECTION OF PERSONAL DATA FROM CYBER THREATS. International Journal of Law in Changing World, 4(3), 55–70. https://doi.org/10.54934/ijlcw.v4i3.143

Issue

The International Journal of Law in Changing World Special Issue: Women's Research in Law and Digital Technologies

Section

Articles

License

Copyright (c) 2025 Elizaveta Zainutdinova

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Attribution 4.0 International (CC BY 4.0)