How Does GDPR (General Data Protection Regulation) Affect Persuasive System Design: Design Requirements and Cost Implications

  • Xiuyan ShaoEmail author
  • Harri Oinas-Kukkonen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11433)


In May 2018, GDPR came into effect in the European Union, placing additional requirements for data sensitive companies on data protection. For persuasive systems which deal with users’ data, taking GDPR into consideration in the design phase is necessary. This paper analyzes and summarizes the requirements by GDPR and discusses how they affect persuasive systems design in terms of design requirements and cost implications.


GDPR Data protection Persuasive systems design Cost 


  1. 1.
    Oinas-Kukkonen, H.: A foundation for the study of behavior change support systems. Pers. Ubiquit. Comput. 17(6), 1223–1235 (2013)CrossRefGoogle Scholar
  2. 2.
    EuropeanCommission: Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (directive on privacy and electronic communications). Off. J. L 201, 0037–0047 (2002)Google Scholar
  3. 3.
    European Commission: Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the regions – Safeguarding privacy in a connected world. A European data protection framework for the 21st century. COM (2012). 09 final (2012a)Google Scholar
  4. 4.
    Dix, A.: The commission’s data protection reform after Snowden’s summer. Intereconomics 48(5), 268–271 (2013)CrossRefGoogle Scholar
  5. 5.
    Cavoukian, A.: Privacy by design: the 7 foundational principles. Information and Privacy Commissioner of Ontario, Ontario, Canada (2009). (Revised version published in 2013)Google Scholar
  6. 6.
    European Commission: Proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). COM (2012). 11 final (2012b)Google Scholar
  7. 7.
    Basin, D., Debois, S., Hildebrandt, T.: On purpose and by necessity: compliance under the GDPR. In: 22nd International Conference on Financial Cryptography and Data Security (2018)Google Scholar
  8. 8.
    Oinas-Kukkonen, H., Harjumaa, M.: Persuasive systems design: key issues, process model, and system features. Commun. Assoc. Inf. Syst. 24, 485–500 (2009)Google Scholar
  9. 9.
    Shao, X., Oinas-Kukkonen, H.: Thinking about persuasive technology from the strategic business perspective: a call for research on cost-based competitive advantage. In: Ham, J., Karapanos, E., Morita, P.P., Burns, C.M. (eds.) PERSUASIVE 2018. LNCS, vol. 10809, pp. 3–15. Springer, Cham (2018). Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Oulu Advanced Research on Service and Information SystemsUniversity of OuluOuluFinland

Personalised recommendations