Smart Contracts and Smart Disclosure: Coding a GDPR Compliance Framework

This chapter analyses some of the main legal requirements laid down in the new European General Data Protection Regulation (GDPR) with regard to hybrid Cloud Computing transformations. The GDPR imposes several restrictions on the storing, accessing, processing and transferring of personal data. This has generated some concerns with regard to its practicability and flexibility given the dynamic nature of the Internet. The current architecture and technical features of the Cloud do not allow adequate control for end-users. Therefore, in order for the Cloud adopters to be legally compliant, the design of Cloud Computing architectures should include additional automated capabilities and certain nudging techniques to promote better choices. This chapter explains how to fine tune and effectively embed these legal requirements at the earlier stages of the architectural design of the computer code. This automated process focuses on Smart Contracts and Service Level Agreements (SLAs) frameworks, which include selection tools that take an information schema and a pseudo-code that follows a programming logic to process information based on that schema. The pseudo-code is essentially the easiest way to write and design computer code, which can check automatically the legal compliance of the contractual framework. It contains a set of legal questions that have been specifically designed to urge Cloud providers to disclose relevant information and comply with the legal requirements established by the GDPR.

[1]  Bernhard Rumpe 《UML》 '99 - the unified modeling language : beyond the standard : Second International Conference, Fort Collins, Co, USA, October 28-30, 1999 : proceedings , 1999 .

[2]  Gabriela Zanfir,et al.  The right to Data portability in the context of the EU data protection reform , 2012 .

[3]  S. Adarsh,et al.  Decentralized Computing Using Blockchain Technologies and Smart Contracts: Emerging Research and Opportunities , 2017 .

[4]  Naomi R. Cahn The New Kinship , 2012 .

[5]  W. Caelli,et al.  Information Security for Managers , 1989, Palgrave Macmillan UK.

[6]  Oren Bar-Gill,et al.  Seduction by Contract: Law, Economics and Psychology in Consumer Markets - Introduction , 2012 .

[7]  David Gries,et al.  Multimedia Introduction To Programming Using Java , 2004 .

[8]  R. Thaler,et al.  Nudge: Improving Decisions About Health, Wealth, and Happiness , 2008 .

[9]  Shahram Heshmat Addiction: A Behavioral Economic Perspective , 2015 .

[10]  R. J. Barlow,et al.  Computing for Scientists: Principles of Programming with Fortran 90 and C++ , 1998 .

[11]  Mourad Debbabi,et al.  Verification and Validation in Systems Engineering - Assessing UML / SysML Design Models , 2010 .

[12]  O. O’neill,et al.  A question of trust. , 2000, Nursing standard (Royal College of Nursing (Great Britain) : 1987).

[13]  Godfried B. Williams Online Business Security Systems , 2007 .

[14]  J. P. Morgenthal,et al.  Cloud Computing: Assessing the Risks , 2016 .

[15]  E. Zamir,et al.  The Oxford handbook of behavioral economics and the law , 2014 .

[16]  Paul Voigt,et al.  The EU General Data Protection Regulation (GDPR) , 2017 .

[17]  Cass R. Sunstein Choosing Not to Choose: Understanding the Value of Choice , 2015 .

[18]  Steven M. Bragg Outsourcing: A Guide to...Selecting the Correct Business Unit...Negotiating the Contract...Maintaining Control of the Process , 1998 .

[19]  Tomasz Nieborak,et al.  BEHAVIORAL LAW AND ECONOMICS , 2012 .

[20]  Marcie Goodman Future Crimes: Inside the Digital Underground and the Battle for Our Connected World , 2001 .

[21]  Daniel E. Ho Fudging the Nudge: Information Disclosure and Restaurant Grading , 2012 .

[22]  Efraim Turban,et al.  Introduction to Information Technology , 2000 .

[23]  David Hamilton,et al.  Blackboards and Bootstraps , 2014 .

[24]  David R. Brooks Problem Solving with Fortran 90 , 1997, Undergraduate Texts in Computer Science.

[25]  D. Weil,et al.  Full disclosure : the perils and promise of transparency , 2007 .

[26]  Roger Wattenhofer,et al.  The Science of the Blockchain , 2016 .

[27]  Florent Thouvenin Big data of complex networks and data protection law: An introduction to an area of mutual conflicts , 2016 .

[28]  H. Hijmans The European Union as Guardian of Internet Privacy , 2016 .

[29]  M. Gulliford,et al.  Oxford Textbook of Global Public Health , 2015 .

[30]  Sandra Olislaegers Early Lessons Learned in the ENDORSE Project: Legal Challenges and Possibilities in Developing Data Protection Compliance Software , 2011, PrimeLife.

[31]  P. Van Damme,et al.  Chronic hepatitis and other liver disease , 2009 .

[32]  Dan Jerker B. Svantesson Extraterritoriality in Data Privacy Law , 2013 .

[33]  O. Lynskey The Foundations of EU Data Protection Law , 2016 .

[34]  Harley R. Myler Fundamentals of Engineering Programming with C and Fortran , 1998 .

[35]  Nandish Patel Critical Systems Analysis and Design: A Personal Framework Approach , 2004 .

[36]  Iris Blanc,et al.  Performing with Microsoft Office 2007: Introductory , 2007 .

[37]  Colin F. Camerer,et al.  Behavioral economics and its applications , 2011 .

[38]  Gerald Spindler,et al.  Personal Data and Encryption in the European General Data Protection Regulation , 2016 .

[39]  Vince Molinaro The Leadership Contract: The Fine Print to Becoming an Accountable Leader , 2015 .

[40]  Ruth Gaare Bernheim,et al.  Essentials of Public Health Ethics , 2013 .

[41]  Naomi Cahn,et al.  The New Kinship: Constructing Donor-Conceived Families , 2013 .

[42]  Vincenzo Morabito,et al.  Business Innovation Through Blockchain: The B³ Perspective , 2017 .

[43]  P. Hustinx Privacy by design: delivering the promises , 2010 .

[44]  Paul Voigt,et al.  The Eu General Data Protection Regulation (Gdpr): A Practical Guide , 2017 .

[45]  Alex Galis,et al.  Multi-Domain Communication Management Systems , 2000, The CRC Press Advanced and emerging communications technologies series.

[46]  Marcelo Corrales,et al.  Cass Sunstein, Why Nudge: The Politics of Libertarian Paternalism, New Haven/London: Yale University Press, 2014, 208 pp, pb £10.99. , 2016 .

[47]  Martin Lindström Brandwashed: Tricks Companies Use to Manipulate Our Minds and Persuade Us to Buy , 2011 .

[48]  Valerie Verdoodt,et al.  From social media service to advertising network: a critical analysis of Facebook’s Revised Policies and Terms , 2015 .

[49]  Christine Jolls,et al.  Behavioral Economics and the Law , 2011, Found. Trends Microeconomics.

[50]  Et Al Gupta Vp Structured System Analysis And Design , 2007 .

[51]  Jim Leitzel Concepts in Law and Economics: A Guide for the Curious , 2015 .

[52]  Sanford L. Moskowitz Cybercrime and Business: Strategies for Global Corporate Security , 2017 .

[53]  Vincenzo Morabito,et al.  Business Innovation Through Blockchain , 2017 .

[54]  George Kimball Outsourcing Agreements: A Practical Guide , 2010 .

[55]  David G. Post In Search of Jefferson's Moose: Notes on the State of Cyberspace , 2008 .

[56]  S. Ben‐Porath Tough Choices: Structured Paternalism and the Landscape of Choice , 2010 .

[57]  Gerry Stoker,et al.  Nudge, Nudge, Think, Think: Experimenting with Ways to Change Civic Behaviour , 2011 .

[58]  K. Harald Gjermundrød,et al.  privacyTracker: A Privacy-by-Design GDPR-Compliant Framework with Verifiable Data Traceability Controls , 2016, ICWE Workshops.

[59]  Diana Sancho Book Review: The European Union as Guardian of Internet Privacy. The Story of Art. 16 TFEU , by Hielke Hijmans. (Vienna: Springer, 2016) , 2017 .

[60]  Lori B. Andrews,et al.  I Know Who You Are and I Saw What You Did: Social Networks and the Death of Privacy , 2012 .