=Paper=
{{Paper
|id=Vol-2051/invited1
|storemode=property
|title=None
|pdfUrl=https://ceur-ws.org/Vol-2051/invited1.pdf
|volume=Vol-2051
}}
==None==
https://ceur-ws.org/Vol-2051/invited1.pdf
Accountability by Dialogue: A New Approach to
Data Protection
Joris Hulstijn
Tilburg School of Economics and Management
Department of Management
Abstract. Current legal frameworks for data protection have a number
of flaws. The notion of informed consent does not work in practice. Leg-
islation only covers personal data, but it doesnt cover data about groups
and it doesn’t cover conditions on usage of data for certain purposes.
Supervision is largely based on self-regulation. Regulatory agencies have
little capacity. On the other hand, we observe that many business models
are based on data about users. Users pay with their data. Access to data
should therefore be seen as a counteroffer in a contract. In this paper
we will therefore suggest a different approach to data protection, based
on the idea of accountability. In this short paper, we propose a dialogue
framework to facilitate such accountability, in the application domain
of data protection. The idea is to empower users to negotiate better
terms and conditions in their contracts, monitor compliance, and chal-
lenge the organization in case of breaches of contract. That means that
in addition to the current legal framework for data protection, which is
generally based on public law, we suggest to make more use of private law
as the legal framework of preference. To enable accountability over data
protection, we foresee two kinds of functionality. Tools that may help
users negotiate sensible contracts that take data protection aspects into
account. An infrastructure that monitors actual usage of data, detects
possible breaches of contract and allows users to challenge the organi-
zation. In addition, we discuss the necessary elements of a governance
structure to enable effective enforcement.
�