Ensuring data protection by private law contract monitoring: A legal and value-based approach

Stéphanie van Gulijk, Joris Hulstijn

Research output: Contribution to journalArticleScientificpeer-review


Current legal frameworks for data protection are based on public law. They have a number of flaws. The notion of informed consent does not work in practice. Public legislation only covers the protection of personal data, but it doesn’t cover data about groups and it doesn’t cover conditions on usage of data for certain purposes. Moreover, in order to function in practice, businesses need to adopt these conditions as part of privacy policies and processes such as audits and impact assessments. Supervision by means of public entities is limited as regulatory agencies have little capacity. This gives private actors room for designing tools to protect their personal data. In this paper, we will therefore suggest to utilize private law instruments for data protection. By incorporating conditions on usage of sensitive data in contracts and by setting up platforms for monitoring contract fulfillment, end users can be empowered to take enforcement into their own hands. We will propose a platform for assisting users in drafting contracts that take data protection into account, and for monitoring contract fulfillment. Feasibility of the proposal is illustrated by an application scenario, the sports tracker app.
Original languageEnglish
Pages (from-to)635-659
JournalEuropean Review of Private Law
Issue number5
Publication statusPublished - Oct 2018


  • Data Protection
  • GDPR
  • Contract Law
  • Privacy
  • Consumer Protection


Dive into the research topics of 'Ensuring data protection by private law contract monitoring: A legal and value-based approach'. Together they form a unique fingerprint.

Cite this