In: Santos C. (2014), Law by Design in ODR. Definition of relevant legal information in consumer law disputes to enhance the decision-making process. Group Decision and Negotiation, Proc. Joint International Conference of the INFORMS GDN Section and the EURO Working Group on DSS, P. Zaraté, G. Camilleri
In: Santos C. (2013), Increasing media richness in Online Dispute Resolution and the need for personal data protection, Proceedings of the First JURIX Doctoral Consortium Workshop in conjunction with the 26th International Conference on Legal Knowledge and Information Systems, JURIX 2013, Bologna, CEUR
In: Johanna Gunawan, Cristiana Santos, and Irene Kamara. 2022. Redress for Dark Patterns Privacy Harms? A Case Study on Consent Interactions. In Proceedings of the 2022 Symposium on Computer Science and Law (CSLAW '22). Association for Computing Machinery, New York, NY, USA, 181–194. https://doi.org/10.
International audience ; In this paper, we describe how cookie banners, as a consent mechanism in web applications, should be designed and implemented to be compliant with the ePrivacy Directive and the GDPR, defining 22 legal requirements. While some are provided by legal sources, others result from the domain expertise of computer scientists. We perform a technical assessment of whether technical (with computer science tools), manual (with a human operator) or user studies verification is needed. We show that it is not possible to assess legal compliance for the majority of requirements because of the current architecture of the web. With this approach, we aim to support policy makers assessing compliance in cookie banners, especially under the current revision of the EU ePrivacy framework.
International audience ; In this paper, we describe how cookie banners, as a consent mechanism in web applications, should be designed and implemented to be compliant with the ePrivacy Directive and the GDPR, defining 22 legal requirements. While some are provided by legal sources, others result from the domain expertise of computer scientists. We perform a technical assessment of whether technical (with computer science tools), manual (with a human operator) or user studies verification is needed. We show that it is not possible to assess legal compliance for the majority of requirements because of the current architecture of the web. With this approach, we aim to support policy makers assessing compliance in cookie banners, especially under the current revision of the EU ePrivacy framework.
International audience ; In this paper, we describe how cookie banners, as a consent mechanism in web applications, should be designed and implemented to be compliant with the ePrivacy Directive and the GDPR, defining 22 legal requirements. While some are provided by legal sources, others result from the domain expertise of computer scientists. We perform a technical assessment of whether technical (with computer science tools), manual (with a human operator) or user studies verification is needed. We show that it is not possible to assess legal compliance for the majority of requirements because of the current architecture of the web. With this approach, we aim to support policy makers assessing compliance in cookie banners, especially under the current revision of the EU ePrivacy framework.
In: Bartolini C., Lenzini G., Santos C., An Agile Approach to Validate a Formal Representation of the GDPR. In: Kojima K., Sakamoto M., Mineshima K., Satoh K. (eds) New Frontiers in Artificial Intelligence. JSAI-isAI 2018. Lecture Notes in Computer Science, vol 11717. Springer, 2019
Data is a modern form of wealth in the digital world, and massive amounts of data circulate in cloud environments. While this enormously facilitates the sharing of information, both for personal and professional purposes, it also introduces some critical problems concerning the ownership of the information. Data is an intangible good that is stored in large data warehouses, where the hardware architectures and software programs running the cloud services coexist with the data of many users. This context calls for a twofold protection: on one side, the cloud is made up of hardware and software that constitute the business assets of the service provider (property of the cloud); on the other side, there is a definite need to ensure that users retain control over their data (property in the cloud). The law grants protection to both sides under several perspectives, but the result is a complex mix of interwoven regimes, further complicated by the intrinsically international nature of cloud computing that clashes with the typical diversity of national laws. As the business model based on cloud computing grows, public bodies, and in particular the European Union, are striving to find solutions to properly regulate the future economy, either by introducing new laws, or by finding the best ways to apply existing principles.
Data lies at the core of all smart tourism activities as tourists engage in different and personalized touristic services whilst the pre/during/post traveling or in holidays. From these interactions, a digital data trail is seamlessly captured in a technology embedded environment, and then mined and harnessed in the context of STD - Smart Tourist Destinations to create enriched, high-value experiences, namely those related to eco-responsibility, as well as granting destinations with competitive advantages. At the same time, these technologies enable tourism destinations for an optimization of the use natural resources and energy, as well as for the preservation of natural spaces, in short, reducing the "ecological footprint" of tourism. However, this comes with a cost, an increased "data footprint". Therefore, the perceived enjoyment of experiences must be considered within the legal framework of Privacy and Data Protection by exposing inherent risks, analysing the available answers given by the GDPR – the General Data Protection Regulation of the European Union. Hence the purpose of this paper is i. to singularize the specificities of Smart Tourism Destinations; ii. to show how the principles of personal data protection, as set forth by the GDPR, are allocated within the STD realm; iii. and, finally, to derive potential legal implications of this ecosystem. Our approach is based on a legal analysis engaged in scholarship research. We have mostly denoted the underestimation of the legal implications of technology-enhanced tourism experiences, and the marginalization of both informed involvement and awareness by the individual in these processes. This study is novel in having undertaken an initial exploration of the legal implications of experiences taking place by STD. ; Los datos están en la base misma de todas las actividades turísticas inteligentes ya que los turistas se quedan inmersos en servicios distintos y personalizados antes/durante/después de los viajes o de las vacaciones. De estas interacciones, un rastro es obtenido de un modo imperceptible a través de un medioambiente embutido en tecnología, el cual es a continuación extraído y almacenado en el contexto de los DTI - Destinos Turísticos Inteligentes para crear experiencias valiosas, señaladamente las relacionadas con la eco-responsabilidad, y bien así proporcionando ventajas competitivas a eses destinos. Asimismo, estas tecnologías permiten a los destinos turísticos una optimización del uso de los recursos naturales y de la energía, además de la preservación de los espacios naturales, en síntesis, reducen la "huella ecológica" del turismo. Sin embargo, esto tiene un coste, el incremento de la "huella de los datos". Por ello, el disfrute apercibido de experiencias tendrá de ser tenido en cuenta en el marco normativo del RGPD – Reglamento General sobre Protección de Datos de la Unión Europea. Por ende, los objetivos de este artículo son los siguientes: i. identificar las especificidades de los Destinos Turísticos Inteligentes; ii. enseñar como los principios de la protección de datos, tal como están en el RGPD, son relevantes para los DTI; iii, en último lugar, evaluar las consecuencias jurídicas potenciales de este ecosistema. Nuestro enfoque se basa en un análisis jurídico de naturaleza académica. En especial, buscamos poner en evidencia como las implicaciones jurídicas de las experiencias turísticas reforzadas por las tecnologías han sido subestimadas, al igual que la participación informada y consciente de las personas en estos procesos. Este estudio es novedoso al haber emprendido una exploración inicial de las implicaciones jurídicas que resultan de experiencias que ocurren en los DTI. ; Os dados estão na base de todas as atividades turísticas inteligentes pois os turistas ficam envolvidos em serviços diferentes e personalizados antes/durante/depois das viagens ou das férias. Para estas interações, um rastro de dados é imperceptivelmente obtido por um meio ambiente embebido em tecnologia, sendo depois minerado e armazenado no contexto de Destinos Turísticos Inteligentes para criar experiências valiosas, designadamente relacionadas com a eco-responsabilidade, assim como facultando vantagens competitivas a tais destinos. Ao mesmo tempo, estas tecnologias permitem aos destinos turísticos uma otimização do uso de recursos naturais e da energia, assim como a preservação dos espaços naturais, em síntese, reduzindo a "pegada ecológica" do turismo. Porém, isto ocorre com um custo, o de uma "pegada de dados" acrescida. Consequentemente, a fruição apercebida de experiências tem de ser considerada no contexto normativo da Privacidade e da Proteção de Dados proteção de dados expondo os riscos potencias relacionados que lhe são inerentes, analisando as respostas das pelo RGPD - Regulamento Geral sobre Proteção de Dados da União Europeia. Assim, os objetivos do artigo são os seguintes: i. identificar as especificidades dos Destinos Turísticos Inteligentes; ii. mostrar como os princípios da proteção de dados, tal como constam do RGPD, são relevantes para os DTI; iii, finalmente, avaliar as consequências jurídicas potenciais deste ecossistema. A nossa perspectiva assenta numa análise jurídica de natureza académica. Sobretudo, procuramos mostrar como as implicações jurídicas das experiências turísticas reforçadas pelas tecnologias têm sido subestimadas, tal como o envolvimento informado e consciente das pessoas nestes processos. Este estudo é novo ao ter empreendido uma exploração inicial das implicações jurídicas que resultam das experiências que têm lugar nos DTI.