Ensuring data protection by private law contract monitoring: A legal and value-based approach

Research output: Contribution to journalArticleScientificpeer-review

Abstract

Current legal frameworks for data protection are based on public law. They have a number of flaws. The notion of informed consent does not work in practice. Public legislation only covers the protection of personal data, but it doesn’t cover data about groups and it doesn’t cover conditions on usage of data for certain purposes. Moreover, in order to function in practice, businesses need to adopt these conditions as part of privacy policies and processes such as audits and impact assessments. Supervision by means of public entities is limited as regulatory agencies have little capacity. This gives private actors room for designing tools to protect their personal data. In this paper, we will therefore suggest to utilize private law instruments for data protection. By incorporating conditions on usage of sensitive data in contracts and by setting up platforms for monitoring contract fulfillment, end users can be empowered to take enforcement into their own hands. We will propose a platform for assisting users in drafting contracts that take data protection into account, and for monitoring contract fulfillment. Feasibility of the proposal is illustrated by an application scenario, the sports tracker app.
Original languageEnglish
Pages (from-to)635-659
JournalEuropean Review of Private Law
Volume26
Issue number5
Publication statusPublished - Oct 2018

Fingerprint

Data privacy
Monitoring
Sports
Application programs
Defects
Industry

Keywords

  • Data Protection
  • GDPR
  • Contract Law
  • Privacy
  • Consumer Protection

Cite this

@article{89ee8c3b84974cfb82907b66bfd26ea8,
title = "Ensuring data protection by private law contract monitoring: A legal and value-based approach",
abstract = "Current legal frameworks for data protection are based on public law. They have a number of flaws. The notion of informed consent does not work in practice. Public legislation only covers the protection of personal data, but it doesn’t cover data about groups and it doesn’t cover conditions on usage of data for certain purposes. Moreover, in order to function in practice, businesses need to adopt these conditions as part of privacy policies and processes such as audits and impact assessments. Supervision by means of public entities is limited as regulatory agencies have little capacity. This gives private actors room for designing tools to protect their personal data. In this paper, we will therefore suggest to utilize private law instruments for data protection. By incorporating conditions on usage of sensitive data in contracts and by setting up platforms for monitoring contract fulfillment, end users can be empowered to take enforcement into their own hands. We will propose a platform for assisting users in drafting contracts that take data protection into account, and for monitoring contract fulfillment. Feasibility of the proposal is illustrated by an application scenario, the sports tracker app.",
keywords = "Data Protection, GDPR, Contract Law, Privacy, Consumer Protection",
author = "{van Gulijk}, St{\'e}phanie and Joris Hulstijn",
year = "2018",
month = "10",
language = "English",
volume = "26",
pages = "635--659",
journal = "European Review of Private Law",
issn = "0928-9801",
publisher = "KLUWER LAW INT",
number = "5",

}

Ensuring data protection by private law contract monitoring : A legal and value-based approach. / van Gulijk, Stéphanie; Hulstijn, Joris.

In: European Review of Private Law, Vol. 26, No. 5, 10.2018, p. 635-659.

Research output: Contribution to journalArticleScientificpeer-review

TY - JOUR

T1 - Ensuring data protection by private law contract monitoring

T2 - A legal and value-based approach

AU - van Gulijk, Stéphanie

AU - Hulstijn, Joris

PY - 2018/10

Y1 - 2018/10

N2 - Current legal frameworks for data protection are based on public law. They have a number of flaws. The notion of informed consent does not work in practice. Public legislation only covers the protection of personal data, but it doesn’t cover data about groups and it doesn’t cover conditions on usage of data for certain purposes. Moreover, in order to function in practice, businesses need to adopt these conditions as part of privacy policies and processes such as audits and impact assessments. Supervision by means of public entities is limited as regulatory agencies have little capacity. This gives private actors room for designing tools to protect their personal data. In this paper, we will therefore suggest to utilize private law instruments for data protection. By incorporating conditions on usage of sensitive data in contracts and by setting up platforms for monitoring contract fulfillment, end users can be empowered to take enforcement into their own hands. We will propose a platform for assisting users in drafting contracts that take data protection into account, and for monitoring contract fulfillment. Feasibility of the proposal is illustrated by an application scenario, the sports tracker app.

AB - Current legal frameworks for data protection are based on public law. They have a number of flaws. The notion of informed consent does not work in practice. Public legislation only covers the protection of personal data, but it doesn’t cover data about groups and it doesn’t cover conditions on usage of data for certain purposes. Moreover, in order to function in practice, businesses need to adopt these conditions as part of privacy policies and processes such as audits and impact assessments. Supervision by means of public entities is limited as regulatory agencies have little capacity. This gives private actors room for designing tools to protect their personal data. In this paper, we will therefore suggest to utilize private law instruments for data protection. By incorporating conditions on usage of sensitive data in contracts and by setting up platforms for monitoring contract fulfillment, end users can be empowered to take enforcement into their own hands. We will propose a platform for assisting users in drafting contracts that take data protection into account, and for monitoring contract fulfillment. Feasibility of the proposal is illustrated by an application scenario, the sports tracker app.

KW - Data Protection

KW - GDPR

KW - Contract Law

KW - Privacy

KW - Consumer Protection

M3 - Article

VL - 26

SP - 635

EP - 659

JO - European Review of Private Law

JF - European Review of Private Law

SN - 0928-9801

IS - 5

ER -