Skip to main content

Smart Contracts and Smart Disclosure: Coding a GDPR Compliance Framework

Part of the Perspectives in Law, Business and Innovation book series (PLBI)


This chapter analyses some of the main legal requirements laid down in the new European General Data Protection Regulation (GDPR) with regard to hybrid Cloud Computing transformations. The GDPR imposes several restrictions on the storing, accessing, processing and transferring of personal data. This has generated some concerns with regard to its practicability and flexibility given the dynamic nature of the Internet. The current architecture and technical features of the Cloud do not allow adequate control for end-users. Therefore, in order for the Cloud adopters to be legally compliant, the design of Cloud Computing architectures should include additional automated capabilities and certain nudging techniques to promote better choices. This chapter explains how to fine tune and effectively embed these legal requirements at the earlier stages of the architectural design of the computer code. This automated process focuses on Smart Contracts and Service Level Agreements (SLAs) frameworks, which include selection tools that take an information schema and a pseudo-code that follows a programming logic to process information based on that schema. The pseudo-code is essentially the easiest way to write and design computer code, which can check automatically the legal compliance of the contractual framework. It contains a set of legal questions that have been specifically designed to urge Cloud providers to disclose relevant information and comply with the legal requirements established by the GDPR.


  • Smart contracts
  • European general data protection regulation (GDPR)
  • Smart disclosures
  • Nudges
  • Service level agreements (SLAs)
  • Unified modeling language (UML)
  • Pseudo-code

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-981-13-6086-2_8
  • Chapter length: 32 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
USD   139.00
Price excludes VAT (USA)
  • ISBN: 978-981-13-6086-2
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Hardcover Book
USD   179.99
Price excludes VAT (USA)


  1. 1.

    Carnevale (2017), pp. 64–65; Wattenhofer (2016), p. 88.

  2. 2.

    Kost de Sevres (2016); Wattenhofer (2016), p. 88.

  3. 3.

    Wattenhofer (2016), p. 88; Swan (2015), p. 16.

  4. 4.

    See, e.g., generally, Morabito (2017); Swan (2015).

  5. 5.

    Varshney (2017).

  6. 6.

    Kost de Sevres (2016).

  7. 7.

    Mougayar (2015).

  8. 8.

    Lessig (2006), p. 1.

  9. 9.

    Post (2009), p. 129.

  10. 10.

    Lessig (2001), p. 283.

  11. 11.

    Asharaf and Adarsh (2017), p. 50.

  12. 12.

    Hogan (2017).

  13. 13.

    Myler (1998), p. 37.

  14. 14.

    Kamthane and Kamal (2012), pp. 79–80.

  15. 15.

    Ford (2015), p. 163; ISRD Group (2007), p. 192; ITL Education Solutions (2006), p. 222.

  16. 16.

    Brooks (1997), p. 27.

  17. 17.

    Agarwal et al. (2010), p. 130.

  18. 18.

    Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). While the Regulation entered into force on 24 May 2016, it shall apply to all EU Member States from 25 May 2018. See European Commission, Reform of EU Data Protection Rules. Accessed 10 October 2016.

  19. 19.

    Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

  20. 20.

    See, e.g., Mc Nealy and Flowers (2015), p. 199; Gjermundrød et al. (2016), p. 4.

  21. 21.

    Article 46 GDPR; Voigt and von dem Bussche (2017), p. 120.

  22. 22.

    See Article 4 (1) (c) of the GDPR; Svantesson (2013), p. 89; Hijmans (2016), p. 497.

  23. 23.

    See Recital 43, Article 7 (4) of the GDPR; Wisman (2017), p. 357.

  24. 24.

    See Article 33 of the GDPR; Müthlein (2017), p. 78.

  25. 25.

    See Articles. 12–14 of the GDPR; Quelle (2016), p. 143.

  26. 26.

    See Article 17 of the GDPR; Sobkow (2016), p. 36.

  27. 27.

    See Article 20 of the GDPR; see also Article 29 Data Protection Working Party, Guidelines on the right to data portability. Adopted on 13 December 2016. As last revised and adopted on 5 April 2017; see also Fosch Villaronga (2018), p. 232.

  28. 28.

    Cavoukian (2015), pp. 293 et seq.; see also Information and Privacy Commissioner of Ontario, Accessed 10 October 2017.

  29. 29.

    See Article 5 (1) (c) of the GDPR; Lynskey (2015), p. 206; Thouvenin (2017), p. 218.

  30. 30.

    See Article 25 (1) of the GDPR; see also D’Acquisto et al. (2015); Voigt and von dem Bussche (2017), p. 62.

  31. 31.

    Horrigan (2008).

  32. 32.

    Millham (2012), p. 2.

  33. 33.

    Balasubramanyam (2013), p. 102.

  34. 34.

    See, e.g., IBM Cloud Computing, Cisco Cloud Computing, Microsoft Azure, Rackspace and Amazon Web Services (AWS).

  35. 35.

    Naughton and Dredge (2011).

  36. 36.

    Moskowitz (2017), p. 59.

  37. 37.

    Hossain (2013), p. 14.

  38. 38.

    See, e.g., King and Squillante (2005), pp. 195 et seq.

  39. 39.

    See, e.g., generally, Kimball (2010).

  40. 40.

    Bragg (2006), p. 49; Svirkas (2004), pp. 96 et seq.

  41. 41.

    Carstensen et al. (2012), p. 244.

  42. 42.

    Griggs (2013).

  43. 43.

    Anderson (2015), p. 159.

  44. 44.

    Anderson (2015), p. 159.

  45. 45.

    Anderson (2015), p. 159; see also, letter from the Article 29 Data Protection Working Party to Google on Google Privacy Policy (Appendix: List of Possible Compliance Measures. Ref. Ares (2014) 3113072).

  46. 46.

    Anderson (2015), p. 159; see also Van Alsenoy et al. (2015).

  47. 47.

    See, e.g., Olislaegers (2012), p. 80.

  48. 48.

    See, e.g., Olislaegers (2012), p. 80.

  49. 49.

    See, e.g., generally, Jolls (2010); Diamond and Vartiainen (2007) (eds).

  50. 50.

    See, e.g., generally, Zamir and Teichman (2014) (eds).

  51. 51.

    Sunstein (2000) (ed); Sunstein (2014b).

  52. 52.

    See Thaler and Sunstein (2009).

  53. 53.

    Corrales and Jurčys (2016), p. 533.

  54. 54.

    Briggs et al. (2016), p. 117.

  55. 55.

    Willis (2015).

  56. 56.

    Bernheim et al. (2015), p. 35.

  57. 57.

    Whyte et al. (2015), p. 171.

  58. 58.

    Cwalina et al. (2015), p. 78.

  59. 59.

    Schweizer (2016), p. 111.

  60. 60.

    Corrales and Jurčys (2016), p. 533.

  61. 61.

    Ben-Porath (2010), p. 11.

  62. 62.

    Heshmat (2015), p. 243; Detels and Gulliford (2015), p. 782.

  63. 63.

    Detels and Gulliford (2015), p. 782.

  64. 64.

    Detels and Gulliford (2015), pp. 23 and 108; see also John (2013), p. 104; Quigley and Stokes (2015), p. 64; Thaler (2009); Hamilton and Zufiaurre (2014), p. 18.

  65. 65.

    European Commission (2014), Journalist Workshop on Organ Donation and Transplantation: Recent Facts and Figures. Available at: Accessed 13 April 2017.

  66. 66.

    Leitzel (2015), p. 137.

  67. 67.

    Cahn (2013), p. 148.

  68. 68.

    Corrales and Jurčys (2016), p. 533.

  69. 69.

    Sunstein (2015), p. 26.

  70. 70.

    Lindahl and Stikvoort (2015), p. 45.

  71. 71.

    Lindahl and Stikvoort (2015), pp. 28–30.

  72. 72.

    Lindahl and Stikvoort (2015), pp. 28–30.

  73. 73.

    Lindahl and Stikvoort (2015), pp. 28–30.

  74. 74.

    Tereszkiewicz (2016), p. 177; Bar-Gill (2012), p. 41.

  75. 75.

    Sunstein (2014a), p. 98.

  76. 76.

    Marc et al. (2015), p. 529.

  77. 77.

    Lindahl and Stikvoort (2015), pp. 28–30.

  78. 78.

    See, e.g., generally, Ho (2012), pp. 574–688.

  79. 79.

    Howard (2012).

  80. 80.

    Howard (2012).

  81. 81.

    Howard (2012).

  82. 82.

    Howard (2012); see, e.g.,

  83. 83.

    Howard (2012); see, e.g.,

  84. 84.

    Ho (2012), pp. 574–575.

  85. 85.

    Ho (2012), pp. 574–575.

  86. 86.

    For more details on “behavioral market failures” and default rules as nudging strategies see, e.g., Sunstein (2015), pp. 206 and 218.

  87. 87.

    Busch (2016), p. 231. According to Daniel Ho, however, this grading system contains serious flaws and does not guarantee 100% cleanliness down the road. See Ho (2012), pp. 574–688.

  88. 88.

    Ho (2012), pp. 574–575.

  89. 89.

    Grynbaum and Taylor (2012).

  90. 90.

    Fung et al. (2007), pp. 44, 50–51, 59–62, 68, 82–83, 120, 179.

  91. 91.

    Overgaard (1999), p. 99.

  92. 92.

    Debbabi et al. (2010), p. 37.

  93. 93.

    Debbabi et al. (2010), p. 37.

  94. 94.

    Patel (2005), p. 206.

  95. 95.

    Galis (2000), p. 87.

  96. 96.

    Muresan (2009), p. 233.

  97. 97.

    See, e.g., generally, Hennicher and Koch (2001), pp. 158–172.

  98. 98.

    Advanced Software-based Service Provisioning and Migration of Legacy Software (ARTIST). This project was partially funded by the European Commission under the Seventh (FP7—2007–2013) Framework Program for Research and Technological Development. For more details about the ARTIST project, see: Accessed 18 May 2016.

  99. 99.

    ARTIST R12 Certification Model. Available at: Accessed 10 December 2016.

  100. 100.

    ARTIST R12 Certification Model. Available at: Accessed 10 December 2016.

  101. 101.

    Ford (2015), p. 163; ISRD Group (2007), p. 192; ITL Education Solutions (2006), p. 222.

  102. 102.

    Brooks (1997), p. 27.

  103. 103.

    Agarwal et al. (2010), p. 130.

  104. 104.

    Myler (1998), p. 37.

  105. 105.

    Agarwal et al. (2010), p. 130.

  106. 106.

    Agarwal et al. (2010), p. 130.

  107. 107.

    Gries and Gries (2005), pp. 84–86; Barlow and Barnett (1998), p. 99.

  108. 108.

    Myler (1998), p. 37.

  109. 109.

    Chulani et al. (2012).

  110. 110.

    Weale (2001), p. 6.

  111. 111.

    Blanc and Vento (2007), p. 192.

  112. 112.

    See, e.g., Barnitzke et al. (2011), pp. 51–55.

  113. 113.

    For further details with regard to encryption in the scope of the GDPR, see, e.g., Spindler and Schmechel (2016), pp. 163–177.

  114. 114.

    See Article 32 (1) (a) of the GDPR; regarding these protective measures see also Recitals 74, 75, 76, 77 and 83 of the GDPR.

  115. 115.

    Kousiouris et al. (2013), pp. 61–72.

  116. 116.

    Caelli et al. (1989), p. 144.

  117. 117.

    Williams (2007), p. 12.

  118. 118.

    Hustinx (2010), pp. 253–255; Chulani et al. (2012), pp. 7–10.

  119. 119.

    Kousiouris et al. (2013), pp. 61–72.

  120. 120.

    Forgó et al. (2013), p. 20.

  121. 121.

    See, e.g., Pearson and Charlesworth (2009), p. 137.

  122. 122.

    House of Commons, Great Britain Parliament, 2014, Responsible Use of data, p. 21, House of Commons, Science and Technology Committee, Fourth Report of Session 2014–15.

  123. 123.

    The contract read: “By placing an order via this Web site on the first day of the fourth month of the year 2010 Anno Domini, you agree to grant Us a non transferable option to claim, for now and for ever more, your immortal soul. Should we wish to exercise this option, you agree to surrender your immortal soul, and any claim you may have on it, within 5 (five) working days of receiving written notification from or one of its duly authorized minions.” See: Fox News Tech, 7,500 Online Shoppers Unknowingly Sold Their Souls. Available at: Accessed 10 December 2016.

  124. 124.

    Lori (2012), p. 175.

  125. 125.

    Lindstrom (2011), p. 225.

  126. 126.

    Molinaro (2016), p. 35; Goodman (2015), p. 90.

  127. 127.

    Luzak (2010); Rosenthal (2012).

  128. 128.

    See, e.g., generally, Zanfir (2012), pp. 149–162.

  129. 129.

    See, e.g., Carpenter (2010), pp. 1–14.

  130. 130.

    See also Google Spain SL, Google Inc. v Agencia Española de Protección de Datos (es), Mario Costeja González, number C-131/12.

  131. 131.

    Lindsay (2014), p. 311.

  132. 132.

    See Article 17 of the GDPR; see also Lindsay (2014), p. 311.

  133. 133.

    La Fors-Owezynik (2017), p. 129.

  134. 134.

    See Article 17 (1) (2) (3) of the GDPR.

  135. 135.

    Reform of EU Data Protection Rules. EU Commission. Available at: Accessed 3 July 2014.

  136. 136.

    Kousiouris et al. (2013), p. 63.

  137. 137.

    See also Articles 33, 34, 83 and Recitals 85, 87 and 88 of the GDPR; Article 29 Working Party, Guidelines on Personal data breach notification under Regulation 2016/679 adopted on 3 October 2017; Müthlein (2017), p. 78.

  138. 138.

    See, e.g., generally, ENISA Report on “Data breach notifications in the EU.” Available at: Accessed 30 October 2017.


  • Agarwal B, Tayal M, Gupta S (2010) Software engineering and testing. Jones and Bartlett Publishers, Sudbury (MA)

    Google Scholar 

  • Anderson D (2015) A question of trust. Williams Lea Group, London

    Google Scholar 

  • Asharaf S, Adarsh S (2017) Decentralized computing using blockchain technologies and smart contracts: emerging research and opportunities. IGI Global, Hershey PA

    Google Scholar 

  • Balasubramanyam S (2013) Cloud-based development using classic life cycle model. In: Mahmood Z, Saeed S (eds) Software engineering frameworks for the cloud computing paradigm. Springer, London

    Google Scholar 

  • Bar-Gill O (2012) Seduction by contract: law, economics, and psychology in consumer markets. Oxford University Press, Oxford

    CrossRef  Google Scholar 

  • Barlow R-J, Barnett A-R (1998) Computing for scientists: principles of programming with Fortran 90 and C++. Wiley, Chichester

    Google Scholar 

  • Barnitzke B et al (2011) Legal restraints and security requirements on personal data and their technical implementation in clouds. In: Workshop for E-contracting for clouds. eChallenges. Accessed 1 Sept 2016

  • Ben-Porath S (2010) Tough choices: structural paternalism and the landscape of choice. Princeton University Press, Princeton

    Google Scholar 

  • Bernheim R et al (2015) Essentials of public health ethics. Jones and Bartlett Learning, Burlington (MA)

    Google Scholar 

  • Blanc I, Vento C (2007) Performing with microsoft office 2007: Introductory. Cengage Learning, Boston

    Google Scholar 

  • Bragg S (2006) Outsourcing: A guide to selecting the correct business unit, negotiating the contract, maintaining control of the process, 2nd edn. Wiley, Hoboken

    Google Scholar 

  • Briggs P, Jeske D, Coventry L (2016) Behavior change interventions for cybersecurity. In: Little L, Sillence E, Joinson A (eds) Behavior change research and theory: psychological and technological perspectives. Academic Press, Amsterdam

    Google Scholar 

  • Brooks D (1997) Problem solving with Fortram 90: for scientists and engineers. Springer, New York

    CrossRef  Google Scholar 

  • Busch C (2016) The future of pre-contractual information duties: from behavioral insights to big data. In: Twigg-Flesner C (ed) Research handbook on EU consumer and contract law. Edward Elgar Publishing, Cheltenham

    Google Scholar 

  • Caelli W, Longley D, Shain M (1989) Information security for managers. Stockton Press, New York

    CrossRef  Google Scholar 

  • Cahn N (2013) The new kinship: constructing donor-conceived families. New York University Press, New York

    CrossRef  Google Scholar 

  • Carnevale C (2017) Future of the CIO: towards an enterpreneurial role. In: Bongiorno G, Rizzo D, Vaia G (eds) CIOs and the digital transformation: a new leadership role. Springer, Cham

    Google Scholar 

  • Carpenter R (2010) Walking from cloud to cloud: the portability issue in cloud computing. Wash J Law Technol Arts 6(1):1–14

    Google Scholar 

  • Carstensen J, Morgenthal J, Golden B (2012) Cloud computing: assessing the risks. IT Governance Publishing, Cambridgeshire

    Google Scholar 

  • Cavoukian A (2015) Evolving FIPPs: proactive approaches to privacy, not privacy paternalism. In: Gutwirth S, Leenes R, de Hert P (eds) Reforming European data protection law. Springer, Dordrecht

    Google Scholar 

  • Chulani I et al (2012) Technical implementation of legal requirements, exploitation of the toolkit in use cases and component licenses, p 23, Cloud Legal Guidelines, OPTIMIS Deliverable Accessed 10 Oct 2017.

  • Corrales M, Jurčys P (2016) Cass Sunstein, Why nudge: the politics of libertarian paternalism, New Haven/London: Yale University Press, 2014, 208 pp, pb, £10.99. Modern Law Rev 79(3):533–536

    Google Scholar 

  • Cwalina W, Falkwoski A, Newman B (2015) Persuasion in the political context: opportunities and threats. In: Stewart D (ed) The handbook of persuasion and social marketing, vol 1: Historical and social foundations. Praeger, Santa Barbara (CA)

    Google Scholar 

  • D’Aquisto et al. (2015) Privacy by design in big data: an overview of privacy enhancing technologies in the era of big data analytics. European Union Agency for Network and Information Security (ENISA)

    Google Scholar 

  • Debbabi M et al (2010) Verification and validation in systems engineering: assessing UML/SysML design models. Springer, Berlin

    CrossRef  Google Scholar 

  • Detels R, Gulliford M (2015) Oxford textbook of global public health, 6th edn, vol 1. Oxford University Press, Oxford

    Google Scholar 

  • Diamond P, Vartiainen H (2007) Behavioral economics and its applications. Princeton University Press, Princeton

    Google Scholar 

  • Ford W (2015) Numerical linear algebra with applications: using MARLAB. Elsevier, Amsterdam

    Google Scholar 

  • Forgó N, Nwankwo I, Pfeiffenbring J (2013) Cloud legal guidelines final report, Deliverable OPTIMIS European funded project

    Google Scholar 

  • Fung A, Graham M, Weil D (2007) Full disclosure: the perils and promise of transparency. Cambridge University Press, Cambridge

    CrossRef  Google Scholar 

  • Galis A (2000) Multi-domain communication management systems. CRC Press, Boca Ratón

    Google Scholar 

  • Gjermundrød H, Dionysiou I, Costa K (2016) privacyTracker: A Privacy-by-Design GDPR-compliant framework with verifiable data traceability controls. In: Casteleyn S, Dolog P, Pautasso C (eds) Current trends in web engineering. ICWE 2016 international workshops DUI, TELERISE, SoWeMine, and Liquid Web, Lugano Switzerland, 6–9 June 2016, Revised Selected Papers. Springer, Cham

    CrossRef  Google Scholar 

  • Goodman M (2015) Future crimes: inside the digital underground and the battle for our connected world. Transworld Publishers (Bantam Press), London

    Google Scholar 

  • Gries D, Gries P (2005) Multimedia introduction to programming using Java. Springer, New York

    Google Scholar 

  • Griggs S (2013) 5 Hidden problems with cloud SLAs. Accessed 10 May 2017

  • Grynbaum M, Taylor K (2012) Bloomberg defends grading system derided by restaurateurs, The New York Times. Accessed 10 May 2017

  • Hamilton D, Zufiaurre B (2014) Blackboards and bootstraps: revisioning education and schooling. Sense Publishers, Rotterdam

    CrossRef  Google Scholar 

  • Hennicker R, Koch N (2001) Modeling the user interface of web applications with UML. In: Evans A et al (eds) Practical UML-based rigorous development methods—countering or integrating the eXtremists, Workshop of the pUML-Group held together with UML 2001, Toronto, Canada. GI, Gesselschaft für Informatik, Bonn

    Google Scholar 

  • Heshmat S (2015) Addiction: a behavioral economic perspective. Routledge, New York

    CrossRef  Google Scholar 

  • Hijmans H (2016) The European union as guardian of internet privacy: the story of art. 16 TFEU. Springer, Cham

    Google Scholar 

  • Ho D (2012) Fudging the nudge: information disclosure and restaurant grading. Yale Law J 122(3):574–688

    Google Scholar 

  • Hogan J (2017) Lawyers learning to code? To do or not to do, that is the question! Accessed 10 Oct 2017

  • Horrigan J (2008) Use of cloud computing applications and services. Accessed 10 Oct 2017

  • Hossain S (2013) Cloud computing terms, definitions and taxonomy. In: Bento A, Aggarwal A (eds) Cloud computing service and deployment models: layers and management. Business Science Reference (IGI Global), Hershey (PA)

    Google Scholar 

  • Howard A (2012) What is smart disclosure? “Choice engines” are helping consumers make smarter decisions through personal and government data. Accessed 10 May 2017

  • Hustinx P (2010) Privacy by design: delivering the promises. Identity Inf Soc 3(2):253–255

    CrossRef  Google Scholar 

  • ISRD Group (2007) Structured system analysis and design. Tata McGraw-Hill Publishing, New Delhi

    Google Scholar 

  • ITL Education Solutions (2006) Introduction to information technology. Dorling Kindersley, New Delhi

    Google Scholar 

  • John P et al (2013) Nudge, nudge, think, think: experimenting with ways to change civic behavior. Bloomsbury, London

    Google Scholar 

  • Jolls C (2010) Behavioral economics and the law. Found Trends Microecon 6(3):176–263

    CrossRef  Google Scholar 

  • Kamthane A, Kamal R (2012) Computer programming and IT. ITL Education Solutions Ltd., New Delhi

    Google Scholar 

  • Kimball G (2010) Outsourcing agreements: a practical guide. Oxford University Press, Oxford

    Google Scholar 

  • King A, Squillante M (2005) Service level agreements for web hosting systems. In: Labbi A (ed) Handbook of integrated risk management for e-business: measuring, modeling, and managing risk. J. Ross Publishing, Boca Ratón

    Google Scholar 

  • Kost de Sevres N (2016) The blockchain revolution, smart contracts and financial transactions. Accessed 10 Oct 2017

  • Kousiouris G, Vafiadis G, Corrales M (2013) A cloud provider description schema for meeting legal requirements in cloud federation scenarios. In: Douligeris et al (eds) Collaborative, trusted and privacy-aware e/m-services. Proceedings of 12th IFIP WG 6.11 conference on e-business, e-services, and e-society, I3E 2013, Athens, Greece. Springer, Heidelberg

    Google Scholar 

  • La Fors-Owezynik K (2017) Profiling ‘Anomalies’ and the anomalies of profiling: digitilized risk assessments of Dutch youth and the new European data protection regime. In: Adams S, Purtova N, Leenes N (eds) Under observation: the interplay between ehealth and surveillance. Springer, Cham

    Google Scholar 

  • Leitzel J (2015) Concepts in law and economics: a guide for the curious. Oxford University Press, Oxford

    CrossRef  Google Scholar 

  • Lessig (2001) The Future of ideas, 1st edn. Random House, New York

    Google Scholar 

  • Lessig L (2006) Code. Version 2.0. Basic books, New York

    Google Scholar 

  • Lindahl T, Stikvoort B (2015) Nudging—The new black in environmental policy? Tryckt hos ScandBooks, Falun

    Google Scholar 

  • Lindsay D (2014) The right to be forgotten in European data protection law. In: Witzleb N, Lindsay D, Paterson M (eds) Emerging challenges in privacy law. Cambridge University Press, Cambridge

    Google Scholar 

  • Lindstrom M (2011) Brandwashed: tricks companies use to manipulate our minds and persuade us to buy, 1st edn. Crown Business, New York

    Google Scholar 

  • Lori A (2012) I know who you are and i saw what you did: social networks and the death of privacy. Free Press, New York

    Google Scholar 

  • Luzak J (2010) One click could save your soul, recent developments in European consumer law. Accessed 10 Dec 2016

  • Lynskey O (2015) The foundations of EU data protection law. Oxford University Press, Oxford

    Google Scholar 

  • Marc et al. (2015) Indexing publicly available health data with medical subject headings (MeSH): an evaluation of term coverage. In: Sarkar I, Georgiou A, Mazzoncini de Azevedo Marques, P (2015) MEDINFO 2015: eHealth-enabled Health, Proceedings of the 15th World congress on health and biomedical informatics. IOS Press, Amsterdam

    Google Scholar 

  • Mc Nealy J, Flowers A (2015) Privacy law and regulation: technologies, implications and solutions. In: Zeadally S, Badra M (eds) Privacy in a digital, networked world: technologies, implications and solutions. Springer, Cham

    Google Scholar 

  • Millham R (2012) Software asset re-use: migration of data-intense legacy system to the cloud computing paradigm. In: Yang H, Liu X (eds) Software reuse in the emerging cloud computing era. Information Science Reference (IGI Global), Hershey

    Google Scholar 

  • Molinaro V (2016) The leadership contract: the fine print to becoming an accountable leader. Wiley, Hoboken

    Google Scholar 

  • Morabito V (2017) Business Innovation Through Blockchain: The B3 Perspective. Springer, Cham

    CrossRef  Google Scholar 

  • Moskowitz S (2017) Cybercrime and business: strategies for global corporate security. Elsevier, Oxford

    CrossRef  Google Scholar 

  • Mougayar W (2015) Understanding the blockchain: we must be prepared for the blockchain’s promise to become a new development environment. Accessed 10 Jan 2019

  • Muresan G (2009) An integrated approach to interaction design and log analysis. In: Jansen B, Spink A, Taksa I (eds) Handbook of research on web log analysis. Information Science Reference (IGI Global), Hershey

    Google Scholar 

  • Müthlein T (ed) (2017) Datenschutz-Grundverordnung—general data protection regulation. Datakontext, Frechen

    Google Scholar 

  • Myler H (1998) Fundamentals of engineering programming with C and Fortram. Cambridge University Press, Cambridge

    CrossRef  Google Scholar 

  • Naughton J, Dredge S (2011) Cloud computing: the lowdown. Accessed 10 Oct 2017

  • Olislaegers S (2012) Early lessons learned in the ENDORSE project: legal challenges and possibilities in developing data protection compliance software. In: Camenish J et al (eds) Privacy and identity management for life. Springer, Heidelberg

    Google Scholar 

  • Oveergaard G (1999) A formal approach to collaborations in the unified modeling language. In: France R, Rumpe B (eds) Proceedings of the second international conference on UML’99—The unified modeling language: beyond the standard for collins, CO, USA, 28–30 Oct. Springer, Berlin

    Google Scholar 

  • Patel N (2005) Critical systems analysis and design: a personal framework approach. Routledge, New York

    CrossRef  Google Scholar 

  • Pearson S, Charlesworth A (2009) Accountability as a way forward for privacy protection in the cloud. In: Jaatun M, Zhao G and Rong C (eds) Proceedings of 1st international conference on cloud computing, CloudCom 2009, Beijing, China, December 2009. Springer, Berlin

    Google Scholar 

  • Post D (2009) In search of Jefferson’s Moose: notes on the state of cyberspace. Oxford University Press, Oxford

    Google Scholar 

  • Quelle C (2016) Not just user control in the general data protection regulation: on the problems with choice and paternalism, and on the point of data protection. In: Lehmann A et al (eds) Privacy and identity management: facing up to next steps. Springer, Cham

    Google Scholar 

  • Quigley M, Stokes E (2015) Nudging and evidence-based policy in Europe: problems of normative legitimacy and effectiveness. In: Alemanno A, Sibony A-L (eds) Nudge and the law: a European perspective, modern studies in European Law. Hart Publishing, Oxford

    Google Scholar 

  • Rosenthal E (2012) I Disclose…Nothing. The New York Times. Accessed 10 Dec 2016

  • Schweizer M (2016) Nudging and the principle of proportionality. In: Mathis K, Thor A (eds) Nudging—possibilities, limitations and applications in European law and economics. Springer, Cham

    Google Scholar 

  • Sobkow B (2016) Forget me, forget me not—redefining the boundaries of the right to be forgotten to address current problems and areas of criticism. In: Schweichhofer E et al (eds) Privacy technologies and policy, 5th Annual Privacy Forum, APF 2017, Vienna, Austria, 7–8 June 2017, Revised selected papers. Springer, Cham

    Google Scholar 

  • Spindler G, Schmechel P (2016) Personal data and encryption in the European general data protection regulation. JIPITEC 7:163–177

    Google Scholar 

  • Sunstein C (2000) (ed) behavioral law & economics. Cambridge University Press, Cambridge

    Google Scholar 

  • Sunstein C (2014a) Simpler: the future of government. Simon & Schuster, New York

    Google Scholar 

  • Sunstein C (2014b) Why nudge? The politics of libertarian paternalism, Storrs lectures on jurisprudence. Yale University Press, New Haven

    Google Scholar 

  • Sunstein C (2015) Choosing not to choose: understanding the value of choice. Oxford University Press, Oxford

    Google Scholar 

  • Svantesson D (2013) Extraterritoriality in data privacy law. Ex Tuto Publishing, Copenhagen

    Google Scholar 

  • Svirskas B (2004) Dynamic management of business service quality in collaborative commerce systems. In: Mendes M, Suomi R, Passos C (eds) Digital communities in a networked society: e-commerce, e-business and e-government. Kluwer Academic Publishers, New York

    Google Scholar 

  • Swan M (2015) Blockchain: blueprint for a new economy, 1st edn. O’Reilly, Sebastopol (CA)

    Google Scholar 

  • Tereszkiewicz P (2016) Neutral third-party counselling as nudge toward safer financial products? In: Mathis K, Tor A (eds) Nudging—possibilities, limitations and applications in European law and economics. Springer, Cham

    Google Scholar 

  • Thaler R (2009) Opting in vs. Opting out, The New York Times. Accessed 20 Dec 2016

  • Thaler R, Sunstein C (2009) Nudge: improving decisions about health, wealth, and happiness. Penguin Books Ltd., London

    Google Scholar 

  • Thouvenin F (2017) Big data of complex networks and data protection law: an introduction to an area of mutual conflict. In: Dehmer M et al (eds) Big Data of Complex Networks. CRC Press, Boca Ratón

    Google Scholar 

  • Van Alsenoy B et al (2015) From social media service to advertising network: analysis of Facebook’s revised policies and terms, report, draft version 1.2

    Google Scholar 

  • Varshney A (2017) Types of blockchain—public, private and permissioned. Accessed 10 Jan 2018

  • Villaronga F (2018) Legal frame of non-social personal care robots. In: Husty M, Hofbaur M (eds) New trends in medical and service robots: design, analysis and control. Springer, Cham

    Google Scholar 

  • Voigt P, von dem Bussche A (2017) The EU general data protection regulation (GDPR): a practical guide. Springer, Cham

    CrossRef  Google Scholar 

  • Wattenhofer R (2016) The science of the blockchain. Inverted Forest Publishing, s. l.

    Google Scholar 

  • Weale D (2001) The smart guide to excel 2000 further skills: a progressive course for more experienced users. Continuum, London

    Google Scholar 

  • Whyte K et al. (2015) Nudge, nudge or shove, shove—the right way for nudges to increase the supply of donated cadaver organs. In: Caplan A, Mc Cartney J, Reid D (eds) Replacement parts: the ethics of procuring and replacing organs in humans. Georgetown University Press, Washington (DC)

    Google Scholar 

  • Williams G (2007) Online business security systems. Springer, New York

    CrossRef  Google Scholar 

  • Willis O (2015) Behavioral economics for better decisions, Thaler Accessed 25 June 2015

  • Wisman T (2017) Privacy, data protection and e-commerce. In: Lodder A, Murray A (eds) EU regulation of e-commerce. Edward Elgar Publishing, Cheltenham

    Google Scholar 

  • Zamir E, Teichman D (2014) (eds) The Oxford handbook of behavioral economics and the law. Oxford University Press, Oxford

    Google Scholar 

  • Zanfir G (2012) The right to data portability in the context of the EU data protection reform. Int Data Privacy Law 2(3):149–162

    CrossRef  Google Scholar 

Download references


This work has been partially supported by the EU within the 7th Framework Program under contract ICT-257115—OPTIMIS (Optimized Infrastructure Services) project. The authors would also like to thank all the researchers involved in the certification model of the ARTIST (Advanced Software-based Service Provisioning and Migration of Legacy Software) project. Without their technical explanations and support, this chapter would not contain a practical contribution to the state of the art.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Marcelo Corrales .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this chapter

Verify currency and authenticity via CrossMark

Cite this chapter

Corrales, M., Jurčys, P., Kousiouris, G. (2019). Smart Contracts and Smart Disclosure: Coding a GDPR Compliance Framework. In: Corrales, M., Fenwick, M., Haapio, H. (eds) Legal Tech, Smart Contracts and Blockchain. Perspectives in Law, Business and Innovation. Springer, Singapore.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-13-6085-5

  • Online ISBN: 978-981-13-6086-2

  • eBook Packages: Law and CriminologyLaw and Criminology (R0)