No weal without woe: Implementation of personal data protection systems and corporate value
Main Article Content
Abstract
The commercial exploitation of personal information has raised concerns regarding privacy, illegal data use, and information security, among others. Therefore, personal data protection systems (PDPS) play a significant role, and corporations are the primary enforcers of these systems’ regulation. However, PDPS require significant investment from companies, and there is no consensus regarding the economic outcomes of establishing these systems. This study investigates whether the establishment of PDPS affects short-term financial performance and longterm corporate value. After applying the propensity score matching method, a dataset comprising 912 firm-year observations of e-commerce companies listed on the Shanghai and Shenzhen Stock Exchanges from 2008 to 2020 was selected. The results show that PDPS implementation can improve a company’s shortterm financial performance by a) exploring markets and strengthening internal control and b) increase long-term corporate value by strengthening corporate social responsibility. This study offers insights for companies to proactively implement PDPS and strengthen their management of personal data, thereby boosting the overall corporate value. In addition, this study can help governments to develop legislation on national information security and enhance international cooperation, especially for emerging markets.
Downloads
Metrics
Article Details
A RAE compromete-se a contribuir com a proteção dos direitos intelectuais do autor. Nesse sentido:
- adota a licença Creative Commoms BY (CC-BY) em todos os textos que publica, exceto quando houver indicação de específicos detentores dos direitos autorais e patrimoniais;
- adota software de detecção de similaridades;
- adota ações de combate ao plagio e má conduta ética, alinhada às diretrizes do Committee on Publication Ethics (COPE)
References
Adjerid, I., Acquisti, A., Telang, R., Padman, R., & Adler-Milstein, J. (2016). The impact of privacy regulation and technology incentives, the case of health information exchanges, Management Science, 62(4), 1042-1063. https://doi.org/10.1287/mnsc.2015.2194
Allen, K. (2018). GDPR: Time to reap the opportunities for customer acquisition and management. EContent, 41(4), 26-27. https://www-proquest-com.ezproxy.lib.uts.edu.au/docview/2124417585?pq-origsite=primo
Ball, K. (2010). Data protection in the outsourced call center: An exploratory case study. Human Resource Management Journal, 20(3), 294-310. https://doi.org/10.1111/j.1748-8583.2010.00129.x
Bostic, R.B., Calem, P.S., 2003. Privacy restrictions and the use of data at credit repositories. In: Miller, M.J. (Ed.), Credit Reporting Systems and the International Economy. MIT Press. pp. 311–334. Hunt, R.M., 2002
Buttarelli, G. (2016). The EU GDPR as a clarion call for a new global digital gold standard. International Data Privacy Law, 6(2), 77-78. doi:10.1093/idpl/ipw006
Chen, X., Wang, Y., & Yang, Z. (2020). Corporate social responsibility and firm value: The moderating effect of organizational inertia and industry sensitivity. Journal of Technology Economics, 39(7), 140-146+158.
https://kns.cnki.net/kcms/detail/detail.aspx?FileName=JSJI202007018&DbName=CJFQ2020
Chen, Y. H., Zhang, Z. G., & Huang, L. (2021). Exploring the mechanisms and paths of manufacturing digital enablement on business model innovation. Chinese Journal of Management, 18(5), 731-740. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=GLXB202105012&DbName=CJFQ2021
Chowdhury, R. H., Fu, C., Huang, Q., & Lin, N. (2021). CSR disclosure of foreign versus U.S. firms: Evidence from ADRs. Journal of International Financial Markets, Institutions and Money, 70, 101275. https://doi.org/10.1016/j.intfin.2020.101275
Cornett, M. M., McNutt, J. J., & Tehranian, H. (2009). Corporate governance and earnings management at large U.S. bank holding companies. Journal of Corporate Finance, 15(4), 412-430.
Demetzou, K. (2019). Data protection impact assessment: A tool for accountability and the unclarified concept of ‘high risk’ in the General Data Protection Regulation. Computer Law & Security Review, 35(6), 105342. https://doi.org/10.1016/j.clsr.2019.105342
Demsetz., H., & Lehn, K. M. (1985). The structure of coporate owenership: Causes and Consequences. Journal of Political Economy, 93(6), 1155-1177. https://doi.org/10.1086/261354
Forsgren, M., & Holm, U. (2021). Controlling without owning – owning without controlling: A critical note on two extensions of internalization theory. Journal of International Business Studies, 1, 1-13. https://doi.org/10.1057/s41267-021-00416-3
Froot, K., Kang, N., Ozik, G., & Sadka, R.(2017), What do measures of real-time corporate sales say about earnings surprises and post-announcement returns? Journal of Financial Economics, 125(1), 143-162. https://doi.org/10.1016/j.jfineco.2017.04.008
Gal, M. S., & Aviv, O. (2020). The competitive effects of the GDPR. Journal of Competition Law & Economics, 16(3), 349-391. https://doi.org/10.1093/joclec/nhaa012
Ghoul, S. E., Guedhami, O., & Kim, Y. (2017). Country-level institutions, firm value, and the role of corporate social responsibility initiatives. Journal of International Business Studies, 48(3), 360-385. https://doi.org/10.1057/jibs.2016.4
Grover, V., Chiang, R. H. L. , Liang, T. P., & Zhang, D. (2018). Creating strategic business value from big data analytics: A research framework. Journal of Management Information Systems, 35(2), 388-423. https://doi.org/10.1080/07421222.2018.1451951
Huang, L., Wang, H. C, & Qiu, Y. Z.(2009). Does Tobin Q reflect the value of the firm--based on the perspective of market speculativeness. Nankai Management Review, 12(1), 90-95+123. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=LKGP200901014&DbName=CJFQ2009
Jones, J. J. (1991). Earnings management during import relief investigations. Journal of Accounting Research, 29(2), 193-228. https://doi.org/10.2307/2491047
Kallberg, J. G., & Udell, G. F. (2003). The value of private sector business credit information sharing: The US case. Journal of Banking & Finance, 27(3), 449-469. https://doi.org/10.1016/S0378-4266(02)00387-4
Krämer, J., & Stüdlein, N. (2019). Data portability, data disclosure and data-induced switching costs: Some unintended consequences of the General Data Protection Regulation. Economics Letters, 181, 99-103. https://doi.org/10.1016/j.econlet.2019.05.015
Lachaud, E. (2020). ISO/IEC 27701 standard: Threats and opportunities for GDPR certification. Eur. Data Prot. L. Rev, 6(2), 194-210. https://heinonline.org/HOL/LandingPage?handle=hein.journals/edpl6&div=32&id=&page=
Lang, L. H. P., & Stulz, R. M. (1994). Tobin’s Q, corporate diversigication and firm performance. Jorunal of Political Economy, 102(4), 1248-1280. https://doi.org/10.1086/261970
Li, Z., Ruan, D., & Zhang, T. (2020). Value creation mechanism of corporate social responsibility: A study based on internal control. Accounting Research, 11, 112-124. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=KJYJ202011009&DbName=CJFQ2020
Libaque-Sáenz, C. F., Wong, S. F., Chang, Y., Ha, Y. W., & Park, M. C. (2016). Understanding antecedents to perceived information risks: An empirical study of the Korean telecommunications market. Information Development, 32(1), 91-106. https://doi.org/10.1177/0266666913516884
Lins, K. V., Servaes, H., & Tamayo, A. (2017). Social capital, trust, and firm performance: The value of corporate social responsibility during the financial crisis. The Journal of Finance, 72(4), 1785-1824. https://doi.org/10.1111/jofi.12505
Lombart, C., & Louis, D. (2012). Consumer satisfaction and loyalty: Two main consequences of retailer personality. Journal of Retailing and Consumer Services, 19(6), 644-652. https://doi.org/10.1016/j.jretconser.2012.08.007
Lu, M. (2020). The Chinese approach to CSR development: An analysis of CSR-government relationship in China. International Journal of Business Governance and Ethics, 14(4), 384-405. https://doi.org/10.1504/IJBGE.2020.110788
Mattoo, A., & Meltzer, J. P. (2018), International data flows and privacy: The conflict and its resolution, Journal of International Economic Law, 21(4), 769-789.
Negrouk, A., & Lacombe, D. (2018). Does GDPR harm or benefit research participants? An EORTC point of view. The Lancet Oncology, 19(10), 1278-1280. https://doi.org/10.1016/S1470-2045(18)30620-X
Nguyen, N. T., Nguyen, N. P., & Hoai, T. T. (2021). Ethical leadership, corporate social responsibility, firm reputation, and firm performance: A serial mediation model. Heliyon, 7(4), 1-9. https://doi.org/10.1016/j.heliyon.2021.e06809
Nyi, N. H., Martin, H., & Lynne, B. (2018). Beyond traditional collaborative search: Understanding the effect of awareness on multi-level collaborative information retrieval. Information Processing & Management, 54(1), 60-87. https://doi.org/10.1016/j.ipm.2017.09.003
Ong, R. (2012). Data protection in Malaysia and Hong Kong: One step forward, two steps back? Computer Law & Security Review, 28(4), 429-437. https://doi.org/10.1016/j.clsr.2012.05.002
Özcan, F., & Elçi, M. (2020). Employees’ perception of CSR affecting employer brand, brand image, and corporate reputation. SAGE Open, 10(4). https://doi.org/10.1177/2158244020972372
Politou, E., Alepis, E., & Patsakis, C. (2019). Profiling tax and financial behaviour with big data under the GDPR. Computer Law & Security Review, 35(3), 306-329.
Ramos, F. E., & Blind, K. (2020). Data portability effects on data-driven innovation of online platforms: Analyzing Spotify. Telecommunications Policy, 44(9), 102026. https://doi.org/10.1016/j.telpol.2020.102026
Schwartz, P. M., & Peifer, K. N. (2017). Transatlantic data privacy law, The Georgetown Law Journal, 106(1), 146-147.
Seo, J., Kim, K., Park, M., Park, M., & Lee, K. (2018). An analysis of economic impact on IoT industry under GDPR. Mobile Information Systems, vol. 2018 6792028. https://doi.org/10.1155/2018/6792028
Sheng, X., & Yang, S. (2020). Analysis on the applicabilities and functions of GDPR to personal data protection in open sharing of scientific data. Library and Information Service, 64(22), 48-57.
Skaife, H. A., Colins, D. W., Kinney, W. R., & Lafond, R. (2008). The effect of SOX internal control deficiencies and their remediation on accrual quality. The Accounting Review, 83(1), 217-250. https://doi.org/10.2308/accr.2008.83.1.217
Steppe, R. (2017). Online price discrimination and personal data: A general data protection regulation perspective. Computer Law & Security Review, 33(6), 768-785. https://doi.org/10.1016/j.clsr.2017.05.008
Sullvian, C. (2019). EU GDPR or APEC CBPR? A comparative analysis of the approach of the EU and APEC to cross border data transfers and protection of personal data in the IoT era. Computer Law & Security Review, 35(4), 380-397. https://doi.org/10.1016/j.clsr.2019.05.004
Taufick, R. D. (2021). The underdeterrence, underperformance response to privacy, data protection laws, Technology in Society, 67, 101752. https://doi.org/10.1016/j.techsoc.2021.101752
Tsai, J. Y., Egelman, S., Cranor, L., & Acquisti, A. (2011). The effect of online privacy information on purchasing behavior: An experimental study. Information Systems Research, 22(2), 254-268. https://doi.org/10.1287/isre.1090.0260
Vázquez, J. L., Lanero, A., & Licandro, O. (2013). The added value of corporate social responsibility: Some insights from a research in Uruguay. International Review on Public and Nonprofit Marketing, 10(3), 187-200. https://doi.org/10.1007/s12208-013-0099-3
Wernerfelt, B., & Montgomery, C. A. (1988). Tobins’Q and the importance of couse in firm performance. Amercan Economic Review, 78(1), 245-250. https://www.jstor.org/stable/1814713
Wilson, S. (2018). A framework for security technology cohesion in the era of the GDPR. Computer Fraud & Security, 2018(12), 8-11. https://doi.org/10.1016/S1361-3723(18)30119-2
Xu, L., Chen, G., & Xin, Y. (2005). The shift of controlling right, the reform of ownership and the enhancement of company’s achievements in operation. Management World, 3, 126-136. https://t.cnki.net/kcms/detail?v=GQ3D3QRod5BpvDg7NxP_oqIWtTMP0MigcQ2OjkNdkk-ws1_xObc5-jSiHD78h5sctluvjcb66gbvmJeZtBRwJAMufJcHFwI93DplO8JL4TiwMr6M5CSfNQ==&uniplatform=NZKPT&language=CHS
Yan, H., & Zhang, T. (2013). The protection and utilization of consumers’ private information in the operation of financial groups-U.S. legislative experience, evaluation and reference. Financial Theory & Practice, 44, 76-79. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=JRLS201304016&DbName=CJFQ2013
Yu, X. L., & Zhao, Y. (2019). Dualism in data protection: Balancing the right to personal data and the data property right. Computer Law & Security Review, 35(5), 105318. https://doi.org/10.1016/j.clsr.2019.04.001
Zhang, Z., Jin, X., & Li, G. (2013). An empirical study on the interactive intertemporal impact between corporate social responsibility and financial performance. Accounting Research, 8, 32-39+96. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=KJYJ201308005&DbName=CJFQ2013
Zhao, Y. (2021). The impact of EU GDPR on China-EU digital economy cooperation and its response. Practice in Foreign Economic Relations and Trade, 2, 22-25. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=DWJW202102007&DbName=CJFQ2021