Research Project

Investigator:
Elif Kiesow Cortez

Abstract:
The General Data Protection Regulation (GDPR) in the EU and the
California Consumer Protection Act (CCPA) in the US are representative
of the recent regulatory attention given to data protection and privacy.
As a result, corporations’ data protection practices are now acquiring
more attention from shareholders. Recent shareholder class-actions
showed that there are potential information asymmetries between
shareholders and the management of corporations regarding the assessment
of data protection and privacy compliance risks. This research project
aims at providing insights into the effectiveness of selected prominent
data protection laws in the US and in the EU, focusing on the neglected
dynamics driven by mandatory data protection risk reporting
requirements.