Abstract
This chapter analyses some of the main legal requirements laid down in the new European General Data Protection Regulation (GDPR) with regard to hybrid Cloud Computing transformations. The GDPR imposes several restrictions on the storing, accessing, processing and transferring of personal data. This has generated some concerns with regard to its practicability and flexibility given the dynamic nature of the Internet. The current architecture and technical features of the Cloud do not allow adequate control for end-users. Therefore, in order for the Cloud adopters to be legally compliant, the design of Cloud Computing architectures should include additional automated capabilities and certain nudging techniques to promote better choices. This chapter explains how to fine tune and effectively embed these legal requirements at the earlier stages of the architectural design of the computer code. This automated process focuses on Smart Contracts and Service Level Agreements (SLAs) frameworks, which include selection tools that take an information schema and a pseudo-code that follows a programming logic to process information based on that schema. The pseudo-code is essentially the easiest way to write and design computer code, which can check automatically the legal compliance of the contractual framework. It contains a set of legal questions that have been specifically designed to urge Cloud providers to disclose relevant information and comply with the legal requirements established by the GDPR.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
- 2.
- 3.
- 4.
- 5.
Varshney (2017).
- 6.
Kost de Sevres (2016).
- 7.
Mougayar (2015).
- 8.
Lessig (2006), p. 1.
- 9.
Post (2009), p. 129.
- 10.
Lessig (2001), p. 283.
- 11.
Asharaf and Adarsh (2017), p. 50.
- 12.
Hogan (2017).
- 13.
Myler (1998), p. 37.
- 14.
Kamthane and Kamal (2012), pp. 79–80.
- 15.
- 16.
Brooks (1997), p. 27.
- 17.
Agarwal et al. (2010), p. 130.
- 18.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). While the Regulation entered into force on 24 May 2016, it shall apply to all EU Member States from 25 May 2018. See European Commission, Reform of EU Data Protection Rules. http://ec.europa.eu/justice/data-protection/reform/index_en.htm. Accessed 10 October 2016.
- 19.
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
- 20.
- 21.
Article 46 GDPR; Voigt and von dem Bussche (2017), p. 120.
- 22.
- 23.
See Recital 43, Article 7 (4) of the GDPR; Wisman (2017), p. 357.
- 24.
See Article 33 of the GDPR; Müthlein (2017), p. 78.
- 25.
See Articles. 12–14 of the GDPR; Quelle (2016), p. 143.
- 26.
See Article 17 of the GDPR; Sobkow (2016), p. 36.
- 27.
See Article 20 of the GDPR; see also Article 29 Data Protection Working Party, Guidelines on the right to data portability. Adopted on 13 December 2016. As last revised and adopted on 5 April 2017; see also Fosch Villaronga (2018), p. 232.
- 28.
Cavoukian (2015), pp. 293 et seq.; see also Information and Privacy Commissioner of Ontario, https://www.ipc.on.ca/. Accessed 10 October 2017.
- 29.
- 30.
- 31.
Horrigan (2008).
- 32.
Millham (2012), p. 2.
- 33.
Balasubramanyam (2013), p. 102.
- 34.
See, e.g., IBM Cloud Computing, Cisco Cloud Computing, Microsoft Azure, Rackspace and Amazon Web Services (AWS).
- 35.
Naughton and Dredge (2011).
- 36.
Moskowitz (2017), p. 59.
- 37.
Hossain (2013), p. 14.
- 38.
See, e.g., King and Squillante (2005), pp. 195 et seq.
- 39.
See, e.g., generally, Kimball (2010).
- 40.
- 41.
Carstensen et al. (2012), p. 244.
- 42.
Griggs (2013).
- 43.
Anderson (2015), p. 159.
- 44.
Anderson (2015), p. 159.
- 45.
Anderson (2015), p. 159; see also, letter from the Article 29 Data Protection Working Party to Google on Google Privacy Policy (Appendix: List of Possible Compliance Measures. Ref. Ares (2014) 3113072).
- 46.
- 47.
See, e.g., Olislaegers (2012), p. 80.
- 48.
See, e.g., Olislaegers (2012), p. 80.
- 49.
- 50.
See, e.g., generally, Zamir and Teichman (2014) (eds).
- 51.
- 52.
See Thaler and Sunstein (2009).
- 53.
Corrales and Jurčys (2016), p. 533.
- 54.
Briggs et al. (2016), p. 117.
- 55.
Willis (2015).
- 56.
Bernheim et al. (2015), p. 35.
- 57.
Whyte et al. (2015), p. 171.
- 58.
Cwalina et al. (2015), p. 78.
- 59.
Schweizer (2016), p. 111.
- 60.
Corrales and Jurčys (2016), p. 533.
- 61.
Ben-Porath (2010), p. 11.
- 62.
- 63.
Detels and Gulliford (2015), p. 782.
- 64.
- 65.
European Commission (2014), Journalist Workshop on Organ Donation and Transplantation: Recent Facts and Figures. Available at: http://ec.europa.eu/health/sites/health/files/blood_tissues_organs/docs/ev_20141126_factsfigures_en.pdf. Accessed 13 April 2017.
- 66.
Leitzel (2015), p. 137.
- 67.
Cahn (2013), p. 148.
- 68.
Corrales and Jurčys (2016), p. 533.
- 69.
Sunstein (2015), p. 26.
- 70.
Lindahl and Stikvoort (2015), p. 45.
- 71.
Lindahl and Stikvoort (2015), pp. 28–30.
- 72.
Lindahl and Stikvoort (2015), pp. 28–30.
- 73.
Lindahl and Stikvoort (2015), pp. 28–30.
- 74.
- 75.
Sunstein (2014a), p. 98.
- 76.
Marc et al. (2015), p. 529.
- 77.
Lindahl and Stikvoort (2015), pp. 28–30.
- 78.
See, e.g., generally, Ho (2012), pp. 574–688.
- 79.
Howard (2012).
- 80.
Howard (2012).
- 81.
Howard (2012).
- 82.
Howard (2012); see, e.g., http://www.hellowallet.com.
- 83.
Howard (2012); see, e.g., http://www.greenbuttondata.org.
- 84.
Ho (2012), pp. 574–575.
- 85.
Ho (2012), pp. 574–575.
- 86.
For more details on “behavioral market failures” and default rules as nudging strategies see, e.g., Sunstein (2015), pp. 206 and 218.
- 87.
- 88.
Ho (2012), pp. 574–575.
- 89.
Grynbaum and Taylor (2012).
- 90.
Fung et al. (2007), pp. 44, 50–51, 59–62, 68, 82–83, 120, 179.
- 91.
Overgaard (1999), p. 99.
- 92.
Debbabi et al. (2010), p. 37.
- 93.
Debbabi et al. (2010), p. 37.
- 94.
Patel (2005), p. 206.
- 95.
Galis (2000), p. 87.
- 96.
Muresan (2009), p. 233.
- 97.
See, e.g., generally, Hennicher and Koch (2001), pp. 158–172.
- 98.
Advanced Software-based Service Provisioning and Migration of Legacy Software (ARTIST). This project was partially funded by the European Commission under the Seventh (FP7—2007–2013) Framework Program for Research and Technological Development. For more details about the ARTIST project, see: http://www.artist-project.eu/content/r12-certification-model#sthash.zpJSBZ9t.dpuf. Accessed 18 May 2016.
- 99.
ARTIST R12 Certification Model. Available at: http://www.artist-project.eu/content/r12-certification-model. Accessed 10 December 2016.
- 100.
ARTIST R12 Certification Model. Available at: http://www.artist-project.eu/content/r12-certification-model. Accessed 10 December 2016.
- 101.
- 102.
Brooks (1997), p. 27.
- 103.
Agarwal et al. (2010), p. 130.
- 104.
Myler (1998), p. 37.
- 105.
Agarwal et al. (2010), p. 130.
- 106.
Agarwal et al. (2010), p. 130.
- 107.
- 108.
Myler (1998), p. 37.
- 109.
Chulani et al. (2012).
- 110.
Weale (2001), p. 6.
- 111.
Blanc and Vento (2007), p. 192.
- 112.
See, e.g., Barnitzke et al. (2011), pp. 51–55.
- 113.
For further details with regard to encryption in the scope of the GDPR, see, e.g., Spindler and Schmechel (2016), pp. 163–177.
- 114.
See Article 32 (1) (a) of the GDPR; regarding these protective measures see also Recitals 74, 75, 76, 77 and 83 of the GDPR.
- 115.
Kousiouris et al. (2013), pp. 61–72.
- 116.
Caelli et al. (1989), p. 144.
- 117.
Williams (2007), p. 12.
- 118.
- 119.
Kousiouris et al. (2013), pp. 61–72.
- 120.
Forgó et al. (2013), p. 20.
- 121.
See, e.g., Pearson and Charlesworth (2009), p. 137.
- 122.
House of Commons, Great Britain Parliament, 2014, Responsible Use of data, p. 21, House of Commons, Science and Technology Committee, Fourth Report of Session 2014–15.
- 123.
The contract read: “By placing an order via this Web site on the first day of the fourth month of the year 2010 Anno Domini, you agree to grant Us a non transferable option to claim, for now and for ever more, your immortal soul. Should we wish to exercise this option, you agree to surrender your immortal soul, and any claim you may have on it, within 5 (five) working days of receiving written notification from gamesation.co.uk or one of its duly authorized minions.” See: Fox News Tech, 7,500 Online Shoppers Unknowingly Sold Their Souls. Available at: http://www.foxnews.com/tech/2010/04/15/online-shoppers-unknowingly-sold-souls.html. Accessed 10 December 2016.
- 124.
Lori (2012), p. 175.
- 125.
Lindstrom (2011), p. 225.
- 126.
- 127.
- 128.
See, e.g., generally, Zanfir (2012), pp. 149–162.
- 129.
See, e.g., Carpenter (2010), pp. 1–14.
- 130.
See also Google Spain SL, Google Inc. v Agencia Española de Protección de Datos (es), Mario Costeja González, number C-131/12.
- 131.
Lindsay (2014), p. 311.
- 132.
See Article 17 of the GDPR; see also Lindsay (2014), p. 311.
- 133.
La Fors-Owezynik (2017), p. 129.
- 134.
See Article 17 (1) (2) (3) of the GDPR.
- 135.
Reform of EU Data Protection Rules. EU Commission. Available at: http://ec.europa.eu/justice/data-protection/reform/index_en.htm. Accessed 3 July 2014.
- 136.
Kousiouris et al. (2013), p. 63.
- 137.
See also Articles 33, 34, 83 and Recitals 85, 87 and 88 of the GDPR; Article 29 Working Party, Guidelines on Personal data breach notification under Regulation 2016/679 adopted on 3 October 2017; Müthlein (2017), p. 78.
- 138.
See, e.g., generally, ENISA Report on “Data breach notifications in the EU.” Available at: https://www.enisa.europa.eu/topics/data-protection/personal-data-breaches/personal-data-breach-notification-tool. Accessed 30 October 2017.
References
Agarwal B, Tayal M, Gupta S (2010) Software engineering and testing. Jones and Bartlett Publishers, Sudbury (MA)
Anderson D (2015) A question of trust. Williams Lea Group, London
Asharaf S, Adarsh S (2017) Decentralized computing using blockchain technologies and smart contracts: emerging research and opportunities. IGI Global, Hershey PA
Balasubramanyam S (2013) Cloud-based development using classic life cycle model. In: Mahmood Z, Saeed S (eds) Software engineering frameworks for the cloud computing paradigm. Springer, London
Bar-Gill O (2012) Seduction by contract: law, economics, and psychology in consumer markets. Oxford University Press, Oxford
Barlow R-J, Barnett A-R (1998) Computing for scientists: principles of programming with Fortran 90 and C++. Wiley, Chichester
Barnitzke B et al (2011) Legal restraints and security requirements on personal data and their technical implementation in clouds. In: Workshop for E-contracting for clouds. eChallenges. http://users.ntua.gr/gkousiou/publications/eChallenges2011.pdf. Accessed 1 Sept 2016
Ben-Porath S (2010) Tough choices: structural paternalism and the landscape of choice. Princeton University Press, Princeton
Bernheim R et al (2015) Essentials of public health ethics. Jones and Bartlett Learning, Burlington (MA)
Blanc I, Vento C (2007) Performing with microsoft office 2007: Introductory. Cengage Learning, Boston
Bragg S (2006) Outsourcing: A guide to selecting the correct business unit, negotiating the contract, maintaining control of the process, 2nd edn. Wiley, Hoboken
Briggs P, Jeske D, Coventry L (2016) Behavior change interventions for cybersecurity. In: Little L, Sillence E, Joinson A (eds) Behavior change research and theory: psychological and technological perspectives. Academic Press, Amsterdam
Brooks D (1997) Problem solving with Fortram 90: for scientists and engineers. Springer, New York
Busch C (2016) The future of pre-contractual information duties: from behavioral insights to big data. In: Twigg-Flesner C (ed) Research handbook on EU consumer and contract law. Edward Elgar Publishing, Cheltenham
Caelli W, Longley D, Shain M (1989) Information security for managers. Stockton Press, New York
Cahn N (2013) The new kinship: constructing donor-conceived families. New York University Press, New York
Carnevale C (2017) Future of the CIO: towards an enterpreneurial role. In: Bongiorno G, Rizzo D, Vaia G (eds) CIOs and the digital transformation: a new leadership role. Springer, Cham
Carpenter R (2010) Walking from cloud to cloud: the portability issue in cloud computing. Wash J Law Technol Arts 6(1):1–14
Carstensen J, Morgenthal J, Golden B (2012) Cloud computing: assessing the risks. IT Governance Publishing, Cambridgeshire
Cavoukian A (2015) Evolving FIPPs: proactive approaches to privacy, not privacy paternalism. In: Gutwirth S, Leenes R, de Hert P (eds) Reforming European data protection law. Springer, Dordrecht
Chulani I et al (2012) Technical implementation of legal requirements, exploitation of the toolkit in use cases and component licenses, p 23, Cloud Legal Guidelines, OPTIMIS Deliverable 7.2.1.3. Accessed 10 Oct 2017. http://www.optimis-project.eu/sites/default/files/content-files/document/d7213-cloud-legal-guidelines.pdf
Corrales M, Jurčys P (2016) Cass Sunstein, Why nudge: the politics of libertarian paternalism, New Haven/London: Yale University Press, 2014, 208 pp, pb, £10.99. Modern Law Rev 79(3):533–536
Cwalina W, Falkwoski A, Newman B (2015) Persuasion in the political context: opportunities and threats. In: Stewart D (ed) The handbook of persuasion and social marketing, vol 1: Historical and social foundations. Praeger, Santa Barbara (CA)
D’Aquisto et al. (2015) Privacy by design in big data: an overview of privacy enhancing technologies in the era of big data analytics. European Union Agency for Network and Information Security (ENISA)
Debbabi M et al (2010) Verification and validation in systems engineering: assessing UML/SysML design models. Springer, Berlin
Detels R, Gulliford M (2015) Oxford textbook of global public health, 6th edn, vol 1. Oxford University Press, Oxford
Diamond P, Vartiainen H (2007) Behavioral economics and its applications. Princeton University Press, Princeton
Ford W (2015) Numerical linear algebra with applications: using MARLAB. Elsevier, Amsterdam
Forgó N, Nwankwo I, Pfeiffenbring J (2013) Cloud legal guidelines final report, Deliverable 7.2.1.4. OPTIMIS European funded project
Fung A, Graham M, Weil D (2007) Full disclosure: the perils and promise of transparency. Cambridge University Press, Cambridge
Galis A (2000) Multi-domain communication management systems. CRC Press, Boca Ratón
Gjermundrød H, Dionysiou I, Costa K (2016) privacyTracker: A Privacy-by-Design GDPR-compliant framework with verifiable data traceability controls. In: Casteleyn S, Dolog P, Pautasso C (eds) Current trends in web engineering. ICWE 2016 international workshops DUI, TELERISE, SoWeMine, and Liquid Web, Lugano Switzerland, 6–9 June 2016, Revised Selected Papers. Springer, Cham
Goodman M (2015) Future crimes: inside the digital underground and the battle for our connected world. Transworld Publishers (Bantam Press), London
Gries D, Gries P (2005) Multimedia introduction to programming using Java. Springer, New York
Griggs S (2013) 5 Hidden problems with cloud SLAs. http://www.thewhir.com/blog/5-hidden-problems-cloud-slas. Accessed 10 May 2017
Grynbaum M, Taylor K (2012) Bloomberg defends grading system derided by restaurateurs, The New York Times. http://www.nytimes.com/2012/03/07/nyregion/restaurant-grading-system-under-fire-gets-mayors-backing.html. Accessed 10 May 2017
Hamilton D, Zufiaurre B (2014) Blackboards and bootstraps: revisioning education and schooling. Sense Publishers, Rotterdam
Hennicker R, Koch N (2001) Modeling the user interface of web applications with UML. In: Evans A et al (eds) Practical UML-based rigorous development methods—countering or integrating the eXtremists, Workshop of the pUML-Group held together with UML 2001, Toronto, Canada. GI, Gesselschaft für Informatik, Bonn
Heshmat S (2015) Addiction: a behavioral economic perspective. Routledge, New York
Hijmans H (2016) The European union as guardian of internet privacy: the story of art. 16 TFEU. Springer, Cham
Ho D (2012) Fudging the nudge: information disclosure and restaurant grading. Yale Law J 122(3):574–688
Hogan J (2017) Lawyers learning to code? To do or not to do, that is the question! https://www.cli.collaw.com/latest-on-legal-innovation/2017/08/16/should-lawyers-learn-to-code. Accessed 10 Oct 2017
Horrigan J (2008) Use of cloud computing applications and services. http://www.pewinternet.org/2008/09/12/use-of-cloud-computing-applications-and-services/. Accessed 10 Oct 2017
Hossain S (2013) Cloud computing terms, definitions and taxonomy. In: Bento A, Aggarwal A (eds) Cloud computing service and deployment models: layers and management. Business Science Reference (IGI Global), Hershey (PA)
Howard A (2012) What is smart disclosure? “Choice engines” are helping consumers make smarter decisions through personal and government data. http://radar.oreilly.com/2012/04/what-is-smart-disclosure.html. Accessed 10 May 2017
Hustinx P (2010) Privacy by design: delivering the promises. Identity Inf Soc 3(2):253–255
ISRD Group (2007) Structured system analysis and design. Tata McGraw-Hill Publishing, New Delhi
ITL Education Solutions (2006) Introduction to information technology. Dorling Kindersley, New Delhi
John P et al (2013) Nudge, nudge, think, think: experimenting with ways to change civic behavior. Bloomsbury, London
Jolls C (2010) Behavioral economics and the law. Found Trends Microecon 6(3):176–263
Kamthane A, Kamal R (2012) Computer programming and IT. ITL Education Solutions Ltd., New Delhi
Kimball G (2010) Outsourcing agreements: a practical guide. Oxford University Press, Oxford
King A, Squillante M (2005) Service level agreements for web hosting systems. In: Labbi A (ed) Handbook of integrated risk management for e-business: measuring, modeling, and managing risk. J. Ross Publishing, Boca Ratón
Kost de Sevres N (2016) The blockchain revolution, smart contracts and financial transactions. https://www.dlapiper.com/en/uk/insights/publications/2016/04/the-blockchain-revolution/. Accessed 10 Oct 2017
Kousiouris G, Vafiadis G, Corrales M (2013) A cloud provider description schema for meeting legal requirements in cloud federation scenarios. In: Douligeris et al (eds) Collaborative, trusted and privacy-aware e/m-services. Proceedings of 12th IFIP WG 6.11 conference on e-business, e-services, and e-society, I3E 2013, Athens, Greece. Springer, Heidelberg
La Fors-Owezynik K (2017) Profiling ‘Anomalies’ and the anomalies of profiling: digitilized risk assessments of Dutch youth and the new European data protection regime. In: Adams S, Purtova N, Leenes N (eds) Under observation: the interplay between ehealth and surveillance. Springer, Cham
Leitzel J (2015) Concepts in law and economics: a guide for the curious. Oxford University Press, Oxford
Lessig (2001) The Future of ideas, 1st edn. Random House, New York
Lessig L (2006) Code. Version 2.0. Basic books, New York
Lindahl T, Stikvoort B (2015) Nudging—The new black in environmental policy? Tryckt hos ScandBooks, Falun
Lindsay D (2014) The right to be forgotten in European data protection law. In: Witzleb N, Lindsay D, Paterson M (eds) Emerging challenges in privacy law. Cambridge University Press, Cambridge
Lindstrom M (2011) Brandwashed: tricks companies use to manipulate our minds and persuade us to buy, 1st edn. Crown Business, New York
Lori A (2012) I know who you are and i saw what you did: social networks and the death of privacy. Free Press, New York
Luzak J (2010) One click could save your soul, recent developments in European consumer law. http://recent-ecl.blogspot.jp/2010/05/one-click-could-save-your-soul.html. Accessed 10 Dec 2016
Lynskey O (2015) The foundations of EU data protection law. Oxford University Press, Oxford
Marc et al. (2015) Indexing publicly available health data with medical subject headings (MeSH): an evaluation of term coverage. In: Sarkar I, Georgiou A, Mazzoncini de Azevedo Marques, P (2015) MEDINFO 2015: eHealth-enabled Health, Proceedings of the 15th World congress on health and biomedical informatics. IOS Press, Amsterdam
Mc Nealy J, Flowers A (2015) Privacy law and regulation: technologies, implications and solutions. In: Zeadally S, Badra M (eds) Privacy in a digital, networked world: technologies, implications and solutions. Springer, Cham
Millham R (2012) Software asset re-use: migration of data-intense legacy system to the cloud computing paradigm. In: Yang H, Liu X (eds) Software reuse in the emerging cloud computing era. Information Science Reference (IGI Global), Hershey
Molinaro V (2016) The leadership contract: the fine print to becoming an accountable leader. Wiley, Hoboken
Morabito V (2017) Business Innovation Through Blockchain: The B3 Perspective. Springer, Cham
Moskowitz S (2017) Cybercrime and business: strategies for global corporate security. Elsevier, Oxford
Mougayar W (2015) Understanding the blockchain: we must be prepared for the blockchain’s promise to become a new development environment. https://www.oreilly.com/ideas/understanding-the-blockchain. Accessed 10 Jan 2019
Muresan G (2009) An integrated approach to interaction design and log analysis. In: Jansen B, Spink A, Taksa I (eds) Handbook of research on web log analysis. Information Science Reference (IGI Global), Hershey
Müthlein T (ed) (2017) Datenschutz-Grundverordnung—general data protection regulation. Datakontext, Frechen
Myler H (1998) Fundamentals of engineering programming with C and Fortram. Cambridge University Press, Cambridge
Naughton J, Dredge S (2011) Cloud computing: the lowdown. https://www.theguardian.com/technology/2011/nov/06/cloud-computing-guide-history-naughton. Accessed 10 Oct 2017
Olislaegers S (2012) Early lessons learned in the ENDORSE project: legal challenges and possibilities in developing data protection compliance software. In: Camenish J et al (eds) Privacy and identity management for life. Springer, Heidelberg
Oveergaard G (1999) A formal approach to collaborations in the unified modeling language. In: France R, Rumpe B (eds) Proceedings of the second international conference on UML’99—The unified modeling language: beyond the standard for collins, CO, USA, 28–30 Oct. Springer, Berlin
Patel N (2005) Critical systems analysis and design: a personal framework approach. Routledge, New York
Pearson S, Charlesworth A (2009) Accountability as a way forward for privacy protection in the cloud. In: Jaatun M, Zhao G and Rong C (eds) Proceedings of 1st international conference on cloud computing, CloudCom 2009, Beijing, China, December 2009. Springer, Berlin
Post D (2009) In search of Jefferson’s Moose: notes on the state of cyberspace. Oxford University Press, Oxford
Quelle C (2016) Not just user control in the general data protection regulation: on the problems with choice and paternalism, and on the point of data protection. In: Lehmann A et al (eds) Privacy and identity management: facing up to next steps. Springer, Cham
Quigley M, Stokes E (2015) Nudging and evidence-based policy in Europe: problems of normative legitimacy and effectiveness. In: Alemanno A, Sibony A-L (eds) Nudge and the law: a European perspective, modern studies in European Law. Hart Publishing, Oxford
Rosenthal E (2012) I Disclose…Nothing. The New York Times. http://www.nytimes.com/2012/01/22/sunday-review/hard-truths-about-disclosure.html?_r=0. Accessed 10 Dec 2016
Schweizer M (2016) Nudging and the principle of proportionality. In: Mathis K, Thor A (eds) Nudging—possibilities, limitations and applications in European law and economics. Springer, Cham
Sobkow B (2016) Forget me, forget me not—redefining the boundaries of the right to be forgotten to address current problems and areas of criticism. In: Schweichhofer E et al (eds) Privacy technologies and policy, 5th Annual Privacy Forum, APF 2017, Vienna, Austria, 7–8 June 2017, Revised selected papers. Springer, Cham
Spindler G, Schmechel P (2016) Personal data and encryption in the European general data protection regulation. JIPITEC 7:163–177
Sunstein C (2000) (ed) behavioral law & economics. Cambridge University Press, Cambridge
Sunstein C (2014a) Simpler: the future of government. Simon & Schuster, New York
Sunstein C (2014b) Why nudge? The politics of libertarian paternalism, Storrs lectures on jurisprudence. Yale University Press, New Haven
Sunstein C (2015) Choosing not to choose: understanding the value of choice. Oxford University Press, Oxford
Svantesson D (2013) Extraterritoriality in data privacy law. Ex Tuto Publishing, Copenhagen
Svirskas B (2004) Dynamic management of business service quality in collaborative commerce systems. In: Mendes M, Suomi R, Passos C (eds) Digital communities in a networked society: e-commerce, e-business and e-government. Kluwer Academic Publishers, New York
Swan M (2015) Blockchain: blueprint for a new economy, 1st edn. O’Reilly, Sebastopol (CA)
Tereszkiewicz P (2016) Neutral third-party counselling as nudge toward safer financial products? In: Mathis K, Tor A (eds) Nudging—possibilities, limitations and applications in European law and economics. Springer, Cham
Thaler R (2009) Opting in vs. Opting out, The New York Times. http://www.nytimes.com/2009/09/27/business/economy/27view.html?_r=0. Accessed 20 Dec 2016
Thaler R, Sunstein C (2009) Nudge: improving decisions about health, wealth, and happiness. Penguin Books Ltd., London
Thouvenin F (2017) Big data of complex networks and data protection law: an introduction to an area of mutual conflict. In: Dehmer M et al (eds) Big Data of Complex Networks. CRC Press, Boca Ratón
Van Alsenoy B et al (2015) From social media service to advertising network: analysis of Facebook’s revised policies and terms, report, draft version 1.2
Varshney A (2017) Types of blockchain—public, private and permissioned. https://blog.darwinlabs.io/types-of-blockchain-public-private-and-permissioned-5b14fbfe38d4. Accessed 10 Jan 2018
Villaronga F (2018) Legal frame of non-social personal care robots. In: Husty M, Hofbaur M (eds) New trends in medical and service robots: design, analysis and control. Springer, Cham
Voigt P, von dem Bussche A (2017) The EU general data protection regulation (GDPR): a practical guide. Springer, Cham
Wattenhofer R (2016) The science of the blockchain. Inverted Forest Publishing, s. l.
Weale D (2001) The smart guide to excel 2000 further skills: a progressive course for more experienced users. Continuum, London
Whyte K et al. (2015) Nudge, nudge or shove, shove—the right way for nudges to increase the supply of donated cadaver organs. In: Caplan A, Mc Cartney J, Reid D (eds) Replacement parts: the ethics of procuring and replacing organs in humans. Georgetown University Press, Washington (DC)
Williams G (2007) Online business security systems. Springer, New York
Willis O (2015) Behavioral economics for better decisions, ABC.net. http://www.abc.net.au/radionational/programs/allinthemind/better-life-decisions-with-behavioural-economics/6798918. Thaler Accessed 25 June 2015
Wisman T (2017) Privacy, data protection and e-commerce. In: Lodder A, Murray A (eds) EU regulation of e-commerce. Edward Elgar Publishing, Cheltenham
Zamir E, Teichman D (2014) (eds) The Oxford handbook of behavioral economics and the law. Oxford University Press, Oxford
Zanfir G (2012) The right to data portability in the context of the EU data protection reform. Int Data Privacy Law 2(3):149–162
Acknowledgements
This work has been partially supported by the EU within the 7th Framework Program under contract ICT-257115—OPTIMIS (Optimized Infrastructure Services) project. The authors would also like to thank all the researchers involved in the certification model of the ARTIST (Advanced Software-based Service Provisioning and Migration of Legacy Software) project. Without their technical explanations and support, this chapter would not contain a practical contribution to the state of the art.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this chapter
Cite this chapter
Corrales, M., Jurčys, P., Kousiouris, G. (2019). Smart Contracts and Smart Disclosure: Coding a GDPR Compliance Framework. In: Corrales, M., Fenwick, M., Haapio, H. (eds) Legal Tech, Smart Contracts and Blockchain. Perspectives in Law, Business and Innovation. Springer, Singapore. https://doi.org/10.1007/978-981-13-6086-2_8
Download citation
DOI: https://doi.org/10.1007/978-981-13-6086-2_8
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-6085-5
Online ISBN: 978-981-13-6086-2
eBook Packages: Law and CriminologyLaw and Criminology (R0)