Abstract
This chapter explores the impact of the European General Data Protection Regulation (GDPR) on future Digital Business Models (DBM). It starts by reviewing the legal framework brought by the GDPR. It continues by analyzing its impact on companies and concludes by presenting the foundations of a new paradigm for GDPR-compliant DBMs. We finish by anticipating a stimulating effect of the GDPR that may also help to save costs for companies and develop innovative business models.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) Official Journal L. 2016;119(1).
- 3.
Chrabonszczewski Maciej, Prywatnosc Teoria i Praktyka, Warsaw, ASPRA JR 2012, p. 32.
- 4.
Warren S.; Brandeis L., The Right to Privacy, Harvard Law Review, Boston, Vol. 4, No. 5. (Dec. 15, 1890), pp. 193–220. https://www.jstor.org/stable/1321160?seq=1#page_scan_tab_contents.
- 5.
Art. 29 Data Protection Working Party, Opinion 15/2011 on the definition of consent, WP 187, Brussels, 2011.
- 6.
Art. 4 clause (11) GDPR.
- 7.
Art. 6 GDPR.
- 8.
Recital 32 GDPR.
- 9.
Art. 7 clause (1) GDPR
- 10.
Formal requirements stated in Art. 7 GDPR and enhanced by Recital 42 GDPR.
- 11.
Recital 42 GDPR.
- 12.
Bensoussan Alain, Henrotte Jean-François, Gallardo Marc, Fanti Sébastien, General Data Protection Regulation: Texts, commentaries, and practical guidelines, Wolters Kluwer, Belgium, 2017, p. 23.
- 13.
Recital 43 GDPR.
- 14.
Recital 75 GDPR.
- 15.
Art. 8 clause (2) GDPR. With regard to description of legal capacity of a child the member state’s law applies – art. 8 clause (1) GDPR.
- 16.
Art. 12 GDPR and Recital 58.
- 17.
Art. 9 clause (2) (a) GDPR, enhanced by the Recital 51 GDPR on explicit consent.
- 18.
Art. 9 clause (1) GDPR.
- 19.
Art. 9 clause (2) letter (a) GDPR.
- 20.
Art. 5 clause (1) letter (c) GDPR.
- 21.
Art. 5 clause (1) letter (b) GDPR.
- 22.
Art. 25 GDPR and Recital 78 GDPR.
- 23.
Art. 13–14 GDPR and Recital 60–62 GDPR.
- 24.
Art. 15 GDPR and Recital 63–64 GDPR.
- 25.
Art. 16 and 19 GDPR and Recital 63–64 GDPR.
- 26.
Art. 17 and 19 GDPR and Recital 65–66 GDPR.
- 27.
Art. 18 and 19 GDPR and Recital 67 GDPR.
- 28.
Art. 20 GDPR and Recital 68 GDPR.
- 29.
Art. 7 GDPR and Recital 42 GDPR.
- 30.
Art. 21 GDPR and Recital 69–70 GDPR.
- 31.
Art. 22 GDPR and Recital 71–72 GDPR.
- 32.
Art. 23 GDPR in connection with the Recital 8 and 72 GDPR.
- 33.
Art. 13, 14, 15 to 22 and 34 GDPR.
- 34.
Art. 12 GDPR and Recital 58 and 61.
- 35.
Art. 14 (1) (d) GDPR.
- 36.
Art. 14 (2) (f) GDPR.
- 37.
Art. 14 (3) GDPR.
- 38.
CJUE Smaranda Bara and Others v. Preşedintele Casei Naţionale de Asigurări de Sănătate, Casa Naţională de Asigurări de Sănătate, Agenţia Naţională de Administrare Fiscală (ANAF), C-201/14, October 1, 2015.
- 39.
Art. 34 GDPR and Recital 85 and 87.
- 40.
CJUE College van burgemeester en wethouders van Rotterdam versus M.E.E. Rijkeboer, C-553/07, May 7, 2009 http://eur-lex.europa.eu/legal-content/EN/ALL/?uri=ecli:ECLI:EU:C:2009:293.
- 41.
Recital 64 GDPR.
- 42.
Ibidem. (CJUE College van burgemeester en wethouders van Rotterdam versus M.E.E. Rijkeboer, C-553/07, 7th of May 2009 http://eur-lex.europa.eu/legal-content/EN/ALL/?uri=ecli:ECLI:EU:C:2009:293).
- 43.
Art. 15 GDPR.
- 44.
Recital 63 GDPR.
- 45.
CJEU – Joined cases Y.S v Minister voor Immigratie, Integratie en Asiel, C-141/12; Minister voor Immigratie, Integratie en Asiel v M. and S., C-372/12, July 17, 2014.
- 46.
Art. 16 GDPR and Recital 59 GDPR.
- 47.
Art. 19 GDPR.
- 48.
CJEU, Google Spain SL v. Costeja, C-131/12, May 13, 2014.
- 49.
Art. 17 (1) (a) GDPR.
- 50.
Further on this: P. Litwinski editor in P. Litwinski, P. Barta, M. Kawecki, Rozporzadzenie UE w sprawie ochrony osob fizycznych w związku z przetwarzaniem danych osobowych i swobodnym przepływem takich danych. Komentarz, Warsaw, C.H. Beck 2018, p. 402.
- 51.
Art. 17 (1) (f) in relation to art. 8 (1) GDPR and recital 65 GDPR.
- 52.
Art. 17 (1) and 17 (2) and recital 66 GDPR.
- 53.
Art. 19 GDPR.
- 54.
Art. 17 (3) GDPR.
- 55.
Art. 18 GDPR and recital 67 GDPR.
- 56.
Art. 19 GDPR.
- 57.
Art. 9 GDPR.
- 58.
Art. 11 (2) GDPR.
- 59.
Article 29 Working Party Guidelines on the right to portability, 12.13.2016, p. 3.
- 60.
Article 29 Working Party Guidelines on the right to portability, 12.13.2016, p. 6 ss.
- 61.
Art. 5 GDPR.
- 62.
Art. 13 and 14 GDPR.
- 63.
Art. 20 (4) GDPR and 6 (1) (f) GDPR.
- 64.
Art. 21 (1) and Recital 69 GDRP.
- 65.
Art. 21 (6) and 89 (1) GDPR.
- 66.
Art. 22 (2) GDPR and recital 71 GDPR.
- 67.
Recommendation CM/Rec(2010)13 of the Committee of Ministers to member states on the protection of individuals with regard to automatic processing of personal data in the context of profiling; 11.23.2010; http://194.242.234.211/documents/10160/10704/Recommendation+2010+13+Profiling.pdf.
- 68.
Art. 22 (4) Recital 71 GDPR.
- 69.
Sandra Wachter, Brent Mittelstadt, Luciano Floridi; Why a Right to Explanation of Automated Decision-Making Does Not Exist in the General Data Protection Regulation, International Data Privacy Law, Volume 7, Issue 2, May 1, 2017, pp. 76–99, https://doi.org/10.1093/idpl/ipx005.
- 70.
Christopher Kuner, Dan Jerker B. Svantesson, Fred H. Cate, Orla Lynskey, Christopher Millard; The language of data privacy law (and how it differs from reality), International Data Privacy Law, Volume 6, Issue 4, November 1, 2016, pp. 259–260, https://doi.org/10.1093/idpl/ipw022.
- 71.
Recital 13 GDPR.
- 72.
Art. 32 (1) and 32 (3) in relation to Art. 40 and 42 GDPR.
- 73.
Art. 32 (2) GDPR emphasized by Recital 83 GDPR.
- 74.
Wiewiorowski Wojchiech, ‘Privacy by Design’ as a paradigm for privacy protection, in Internet, Prawno – Informatyczne problemy sieci, portal I e-uslug, edited by Wiewiorowski Wojciech and Szpor Grazyna, CH Beck, Warsaw, 2012, p. 13.
- 75.
- 76.
Art. 4 clause (10) GDPR.
- 77.
Art. 44 GDPR and Recital 6.
- 78.
Recital 159 GDPR.
- 79.
Art. 89 clause (1) GDPR.
- 80.
Art. 89 clause (1) GDPR.
- 81.
Art. 89 clause (2) GDPR.
- 82.
Art. 15 GDPR.
- 83.
Art. 16 GDPR.
- 84.
Art. 18 GDPR.
- 85.
Art. 21 GDPR.
- 86.
Recital 10 GDPR.
- 87.
Art. 9 clause (2) letter (j) GDPR.
- 88.
Recital 10 GDPR.
- 89.
Recital 26 GDPR.
- 90.
Art. 29 Data Protection Working Party Opinion 05/2014 on Anonymisation Techniques.
Acknowledgement
This chapter has been written on the basis of several H2020 research projects, including Privacy Flag and Synchronicity. Both projects have been cofinanced by the European Commission and the Swiss State Secretariat for Education, Research and Innovation. The content of the article is shared on a non-exclusive basis.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 The Author(s)
About this chapter
Cite this chapter
Ziegler, S., Evequoz, E., Huamani, A.M.P. (2019). The Impact of the European General Data Protection Regulation (GDPR) on Future Data Business Models: Toward a New Paradigm and Business Opportunities. In: Aagaard, A. (eds) Digital Business Models. Palgrave Macmillan, Cham. https://doi.org/10.1007/978-3-319-96902-2_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-96902-2_8
Published:
Publisher Name: Palgrave Macmillan, Cham
Print ISBN: 978-3-319-96901-5
Online ISBN: 978-3-319-96902-2
eBook Packages: Business and ManagementBusiness and Management (R0)