who is affected by their operation (Yuming,
2019, 95).
2. An important aspect of understanding the
legal mechanism for the protection of
personal data on the Internet is the vision of
threats to their security, such as follows: a)
threats in the business sphere, owing to the
fact that personal data comprises both a new
type of resource (Yuming, 2019, 94, 95) as
well as an element of interaction with
customers (Urquhart et al., 2018, 317), who
may be abused by companies (UN General
Assembly, 2013); b) threats to freedom of
information and expression of opinion
(Farinpour, 2021, 368); c) cybercrime
(Bentotahewa et al., 2022, 14); d) threats
related to artificial intelligence (GIP Digital
Watch, n.d.; Pollicino, 2021).
The legal mechanism of personal data protection
on the Internet is in itself a complex
phenomenon, which encompasses a regulatory
framework, a subject, an operator and a data
controller with a predefined range of their rights,
obligations and liability for violations (OECD
Legal Instruments, 1980; Law of Ukraine No.
2297-VI, 2010; Yuming, 2019). That being said,
experts underline the utmost relevance of
regulatory support (Kaurin, 2019, 2;
Bentotahewa et al., 2022, 3). On the other hand,
the leading role of the European legal field is
recognized (McKay, 2018), attention is drawn to
the practice of the ECtHR regarding the
protection of personal data (Council of Bars &
Law Societies of Europe, 2019, 7; Hörnle, 2019),
which contributed to the reform of the legal
mechanism of such protection in EU member
states (López, 2022).
Despite their rigid character, European standards
have become a reference point for the
commercial legislation of other countries, such as
for instance, Britain and Japan (Bentotahewa et
al., 2022, 4). Accordingly, the EU law developed
to be a global regulator (Hadjiyianni, 2021),
which enabled international transfers of personal
data (European Commission, 2022, 9).
The USA elaborated their own approach to
personal data protection. On the one hand, it is
characterized by certain features such as a greater
involvement of the private sector and self-
regulation opportunities, and on the other, in the
differentiation of confidentiality rules for each
sector of the economy. Still, it should be
mentioned that this approach allows finding a
balance with European economic partners and
ensuring the needs of the national security sector
(Mendoza, 2017; GIP Digital Watch, n.d.). Using
the said approach would make it possible to
operate with the wide bulk of information
collected by special services to combat crimes
(Zhalimas, 2019, 82).
However, certain problems are inherent in each
of the aforementioned approaches, in particular,
as follows:
− the inconsistencies of legal regulation. For
the EU, these are internal (between member
states) and external ones (between the EU
and third countries) (Hörnle, 2019);
− the lack of balance between the state and the
private sector (United Nations, 2010, 4;
Mendoza, 2017; Hobokena van & Fathaigh,
2021);
− the choice between economic incentives to
protect personal data and the use of
considerable fines (McKay, 2018;
GDPR.EU, 2018; Singh, 2023).
3. The specifics of the principal threats to
personal data security on the Internet in the
conditions of martial law emerge from the
specifics of such a state. It is a consequence
of the most significant threats to national
security in the form of an actual or potential
armed conflict (Martial Law). What is more,
the major problem is the difficulty of finding
a balance between private interests and
national security, because the situation may
justify stricter restrictions on the right to
privacy (Council of Europe, 2006;
Bentotahewa et al., 2022, 15). The
interpretation of this issue can be considered
such a threat as the imperfection of
normative regulation and the possible abuse
of power by state bodies (Christakis &
Bouslimani, 2021). Furthermore, Ukraine's
experience has shown the relevance of such
threats as cyber attacks and hacking by the
enemy. In sum, cybercrime during modern
armed conflict is currently gaining in its
importance (Veselovska et al., 2022, 86).
4. Although experts do not address the
specifics of the legal mechanism for
personal data protection on the Internet in
the conditions of martial law, certain
conclusions can nevertheless be drawn from
the existing proposals for enhancing the
protection of such data. Notably, they reflect
international trends in legal regulation, even
those related to technological developments
(Kuner & Marelli, 2020, 42). The particular
emphasis is placed on the following
activities: a) the formation of a common
cyber security space at the global and
regional levels (Bentotahewa et al., 2022,