A comparative analysis: health data protection laws in Malaysia, Saudi Arabia and EU General Data Protection Regulation (GDPR),International Journal of Law and Management

当前位置： X-MOL 学术 › International Journal of Law and Management › 论文详情

Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)

A comparative analysis: health data protection laws in Malaysia, Saudi Arabia and EU General Data Protection Regulation (GDPR)
International Journal of Law and Management Pub Date : 2024-04-05 , DOI: 10.1108/ijlma-01-2024-0025
Jawahitha Sarabdeen , Mohamed Mazahir Mohamed Ishak

Purpose

General Data Protection Regulation (GDPR) of the European Union (EU) was passed to protect data privacy. Though the GDPR intended to address issues related to data privacy in the EU, it created an extra-territorial effect through Articles 3, 45 and 46. Extra-territorial effect refers to the application or the effect of local laws and regulations in another country. Lawmakers around the globe passed or intensified their efforts to pass laws to have personal data privacy covered so that they meet the adequacy requirement under Articles 45–46 of GDPR while providing comprehensive legislation locally. This study aims to analyze the Malaysian and Saudi Arabian legislation on health data privacy and their adequacy in meeting GDPR data privacy protection requirements.

Design/methodology/approach

The research used a systematic literature review, legal content analysis and comparative analysis to critically analyze the health data protection in Malaysia and Saudi Arabia in comparison with GDPR and to see the adequacy of health data protection that could meet the requirement of EU data transfer requirement.

Findings

The finding suggested that the private sector is better regulated in Malaysia than the public sector. Saudi Arabia has some general laws to cover health data privacy in both public and private sector organizations until the newly passed data protection law is implemented in 2024. The finding also suggested that the Personal Data Protection Act 2010 of Malaysia and the Personal Data Protection Law 2022 of Saudi Arabia could be considered “adequate” under GDPR.

Originality/value

The research would be able to identify the key principles that could identify the adequacy of the laws about health data in Malaysia and Saudi Arabia as there is a dearth of literature in this area. This will help to propose suggestions to improve the laws concerning health data protection so that various stakeholders can benefit from it.

中文翻译：

比较分析：马来西亚、沙特阿拉伯的健康数据保护法和欧盟通用数据保护条例（GDPR）

目的

欧盟（EU）通过了通用数据保护条例（GDPR）以保护数据隐私。尽管GDPR旨在解决欧盟范围内的数据隐私相关问题，但它通过第3条、第45条和第46条产生了域外效力。域外效力是指当地法律法规在另一个国家的适用或效力。全球立法者通过或加大努力通过法律来涵盖个人数据隐私，以便满足 GDPR 第 45 至 46 条规定的充分性要求，同时在当地提供全面的立法。本研究旨在分析马来西亚和沙特阿拉伯关于健康数据隐私的立法及其在满足 GDPR 数据隐私保护要求方面的充分性。

设计/方法论/途径

该研究通过系统的文献回顾、法律内容分析和比较分析，批判性地分析马来西亚和沙特阿拉伯的健康数据保护与GDPR的比较，看看健康数据保护是否足以满足欧盟数据传输要求的要求。

发现

研究结果表明，马来西亚的私营部门比公共部门受到更好的监管。沙特阿拉伯制定了一些一般法律来涵盖公共和私营部门组织的健康数据隐私，直到 2024 年新通过的数据保护法实施为止。调查结果还表明，马来西亚的《2010 年个人数据保护法》和《2022 年个人数据保护法》根据 GDPR，沙特阿拉伯的规定可以被认为是“足够的”。