The Unlikely Siblings in the GDPR Family: A Techno-Legal Analysis of Major Platforms in the Diffusion of Personal Data in Service Ecosystems

AbstractThe digital age is characterized by hyper-connected services. Whenever we engage with an app we likely engage with a broader set of actors, often facilitated by a platform. Essentially, we engage with a service ecosystem posing particular challenges for privacy regulation. With GDPR taking effect we seek to understand the implications of it for privacy in such ecosystems. Interconnected services can facilitate the diffusion of personal data and thus impede with individual privacy rights. We apply a novel techno- legal analysis to the flow of personal information in service ecosystems. Based on two cases, we show that novel requirements arise for platforms as key actors in service ecosystems. Using our techno-legal analysis we conclude that two major platform providers, Apple and Facebook, have more in common from a legal perspective than the current rhetoric suggests. Based on the analysis, we discuss where privacy-preserving solutions in service ecosystems need to be positioned.


Return to previous page