Accountability of platform providers for unlawful personal data processing in their ecosystems:A socio-techno-legal analysis of Facebook and Apple's iOS according to GDPR
Billions of people interact within platform-based ecosystems containing the personal data of their daily lives. Data which have become rigorously creatable, processable, and shareable. Here, platform providers facilitate interactions between three types of relevant actors: users, service providers, and third parties. Research in the information systems field has shown that platform providers influence their platform ecosystems to promote the contributions of service providers and exercise control by utilizing boundary resources. Through a socio-techno-legal analysis of two high-profile cases and their application on the General Data Protection Regulation (GDPR) we show that the boundary resource design, arrangement, and interplay can influence whether and to what extent platform providers are accountable for platform providers unlawful personal data processing in platform ecosystems. The findings can have a huge impact to account actors for personal data misusage in platform ecosystems and, thus, the protection of personal liberty and rights in such socio-technical systems.