Raveendran, Nisheedh (2025) Technical review: How HIPAA, GDPR, and DMA apply to information retrieval systems. Global Journal of Engineering and Technology Advances, 24 (1). 016-027. ISSN 2582-5003
![[thumbnail of GJETA-2025-0212.pdf]](https://eprint.scholarsrepository.com/style/images/fileicons/text.png "GJETA-2025-0212.pdf")
Article PDF
GJETA-2025-0212.pdf - Published Version
Available under License Creative Commons Attribution Non-commercial Share Alike.
Abstract
Information retrieval systems face unprecedented regulatory complexity as healthcare privacy requirements, European data protection mandates, and digital market oversight converge to create multifaceted compliance challenges. The Health Insurance Portability and Accountability Act extends beyond traditional medical records to encompass search queries, user interactions, and behavioral analytics within healthcare environments, requiring sophisticated access controls and audit mechanisms. The General Data Protection Regulation introduces comprehensive data subject rights, including erasure, portability, and consent management, that demand fundamental architectural modifications across distributed processing systems. Digital Markets Act obligations for gatekeeper platforms mandate algorithmic transparency, interoperability requirements, and fairness monitoring that conflict with traditional optimization objectives. Technical implementation challenges encompass data minimization principles in large-scale indexing, cross-border data transfer mechanisms, machine learning model explainability, and bias detection across diverse user populations. Privacy-preserving technologies, including differential privacy, federated learning, and homomorphic encryption, offer pathways for maintaining compliance while preserving analytical capabilities, though practical deployment requires substantial expertise and computational overhead. Compliance-focused architecture patterns emphasizing modular audit systems, comprehensive data governance, and flexible design principles enable adaptation to evolving regulatory requirements. The regulatory landscape continues evolving rapidly with emerging artificial intelligence governance frameworks, cross-border enforcement coordination, and industry standardization efforts that will reshape information retrieval system development.
| Item Type: | Article |
|---|---|
| Official URL: | https://doi.org/10.30574/gjeta.2025.24.1.0212 |
| Uncontrolled Keywords: | Regulatory Compliance; Information Retrieval Systems; Privacy-Preserving Technologies; Data Protection Regulations; Algorithmic Accountability |
| Depositing User: | Editor Engineering Section |
| Date Deposited: | 22 Aug 2025 09:14 |
| URI: | https://eprint.scholarsrepository.com/id/eprint/5704 |