Current legal frameworks for data protection have a number of flaws. The notion of informed consent does not work in practice. Leg- islation only covers personal data, but it doesnt cover data about groups and it doesn’t cover conditions on usage of data for certain purposes. Supervision is largely based on self-regulation. Regulatory agencies have little capacity. On the other hand, we observe that many business models are based on data about users. Users pay with their data. Access to data should therefore be seen as a counteroffer in a contract. In this paper we will therefore suggest a different approach to data protection, based on the idea of accountability. In this short paper, we propose a dialogue framework to facilitate such accountability, in the application domain of data protection. The idea is to empower users to negotiate better terms and conditions in their contracts, monitor compliance, and chal- lenge the organization in case of breaches of contract. That means that in addition to the current legal framework for data protection, which is generally based on public law, we suggest to make more use of private law as the legal framework of preference. To enable accountability over data protection, we foresee two kinds of functionality. Tools that may help users negotiate sensible contracts that take data protection aspects into account. An infrastructure that monitors actual usage of data, detects possible breaches of contract and allows users to challenge the organi- zation. In addition, we discuss the necessary elements of a governance structure to enable effective enforcement.
|Title of host publication||Computational Accountability and Responsibility in Multiagent Systems (CAReMAS 2017)|
|Editors||Matteo Baldoni, Cristina Baroglio , Roberto Micalizio|
|Publisher||CEUR Workshop Proceedings|
|Publication status||Published - 2017|
- accountability, data protection