1. bookVolume 11 (2021): Issue 1 (December 2021)
Journal Details
License
Format
Journal
eISSN
2182-4924
First Published
30 Apr 2016
Publication timeframe
3 times per year
Languages
English
access type Open Access

Data Processing and Legal Protection in Contracts in the Technologically Innovative Tourism Sector

Published Online: 30 Dec 2021
Volume & Issue: Volume 11 (2021) - Issue 1 (December 2021)
Page range: 77 - 90
Received: 13 Sep 2020
Accepted: 26 Apr 2021
Journal Details
License
Format
Journal
eISSN
2182-4924
First Published
30 Apr 2016
Publication timeframe
3 times per year
Languages
English
Abstract

This study aims to demonstrate that technological innovation in tourism represents a paradigm shift in law and is also changing the competition between tourist destinations. Technological innovation in the tourism sector is increasing the volume of data processing and calls for greater and more consistent (detailed) legal protection to combat dangers to private life, such as exclusion from ‘digital life’. The topics covered by the study include data processing in hospitality contracts, the enrichment of guest profiles, newsletter marketing, guest passes or discount cards in travel package contracts, and the question of whether data processing is necessary for fulfilling smart tourism contracts. The theoretical framework is based on contract and data protection law principles relating to purpose, data avoidance and transparency, the privacy rule by design and by default. The methodological approach is based on a careful balancing and weighing of the legal goods and values, and an assessment of the normative parameters. This research is responding to the need to develop appropriate policies on transformative innovations and is addressing different concerns relating to the adoption and diffusion of technological trends in tourism.

Keywords

Introduction

The technological and marketing aspects of smart tourism destinations have been extensively examined over previous years (Kontogianni & Alepis, 2020). Nevertheless, the exploration of their specific context in contract law (Masseno, 2016a) and their legal consequences from the point of view of personal data and privacy protection is still lagging behind (Lee & Cranage, 2011). Research on privacy and security has in the past been a topic of increasing interest for tourism research (Femenia-Serra et al., 2019). This is because tourists as data subjects are the target of smart tourism activities (Gretzel, Reino, et al., 2015): Whereas e-tourism focuses on digital connections such as linking consumers with businesses, smart tourism links the physical world with the digital one by taking advantage of social media, cloud computing, and the Internet of Things (IoT; Buhalis, 2020). The tourism industry claims to benefit customers by creating and enhancing high-value experiences (Wang et al., 2012; Wang et al., 2016); at the same time, apart from exploiting the great potential of smart technologies for the tourist experience, it also endeavors to improve the local inhabitants’ quality of life (Ardito et al., 2019), apart from striving to make the tourism destination an innovative place, accessible to all visitors who can experience improved, more interactive, and higher quality travel (García et al., 2018).

The aim of this paper is to focus on well-known aspects of tourism contracts and tourism experiences to demonstrate to what extent and how the principles of personal data and privacy protection law are applied or could be applied within the tourism industry. Furthermore, the potential consequences for the image and sustainability of (physical and digital) tourism destinations will be evaluated. This is, of course, now a major issue in the current digital tourism ecosystem (Buhalis & Law, 2008). Our approach is based on an analysis of the legal tools offered by the applicable framework of privacy and data protection, in particular by the General Data Protection Regulation (GDPR) of the European Union.

Regulation (EU) 2016/679, of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), applicable from the 25th May 2018, OJ L 119, 4.5.2016, p. 1–88.

New paradigms in tourism, as created by the rapid technology-based developments, cannot afford to overlook the concomitant legal problems (Neuhofer & Ivars-Baidal, 2019).

The first section describes chosen examples of technologically empowered tourism experiences in tourism destinations as cases in which the personal data protection and privacy issues could be easily suspended. I then show that the legal protection of privacy and data protection evaluation is a balancing element in the relationship between customers and tourism destinations, offering the latter an overvalue but also producing negative effects on tourists and a contractual imbalance in the relationship. I then present cases of hospitality and travel package contracts and the ways of complying with the law, and offer various thoughts on the difficulties that affect compliance with the GDPR. Finally, some future reflections are formulated on the difficulties that affect the reformulation of personal data handling in favor of both tourists and tourism destinations.

Tourists’ Privacy and Personal Data Concerns and the Experience Potential of Tourism Destinations
Information and Communication Technology in Tourism: Applications That Benefit Travellers or Destinations

The literature on tourism marketing and tourism innovation has already explored the connection between tourism and information and communications technology (ICT), on the basis of which a new relationship between customers and tourism providers is built (Law et al., 2019; Rasoolimanesh et al., 2019). The interconnection aims at a comprehensive service and full engagement not only pre- and during, but also postpurchase, to keep customers satisfied and loyal (Neuhofer et al., 2015), so that they will want to repeat the experience. Furthermore, tourists as customers need real-time information in situ (Amorim et al., 2018), so they might use connected smart wearable devices, especially smartphones, to interoperate not only with potential providers of goods and services, but even with each other, exchanging experiences and critical opinions for ratings (Figueredo et al., 2018). Travel providers aim at empowering the self-experience result, in that they allow travellers to cocreate the experience (Prahaland & Ramaswamy, 2004) through personalisation and real-time interaction (Buhalis & Amaranganna, 2015). Local authorities and communities gain added value and anticipate profit in travel potential for their tourism destinations (Buhalis & Amaranganna, 2014). Also, travellers themselves expect to gain optimum quality in services and products as well as in their travel experience. Both local authorities and communities in tourism destinations and travellers themselves overlook the challenge of personal data protection and privacy; they are at risk because of the nontransparent, high-tech processing methods and the correlation of data, but also because of the interaction between individuals. Protecting travellers’ rights vis-à-vis the processing of personal data is a basic element of the smart tourist destination framework, offering added value to the destination (Masseno & Santos, 2018a) except for fulfilling the duty of complying with the law by protecting users’ legal rights.

The Travellers’ Active Role in Experiencing the Tourism Destination as a Means of Legitimising Data Collection

Tourists can use smart application services for a host of reasons: to estimate the waiting time for entry to parks or restaurants (Buhalis & Amaranganna, 2014); to order a special meal according to their dietary needs, medical conditions, or religious restrictions; or to change and adapt their plans according to real-time weather information (Jorro-Aragoneses et al., 2017) at their destination or on the traffic situation or flow (Hardy et al., 2017). The same use is provided and the same scope is aimed at when, for example, buying tickets to board a driverless bus (Tussyadiah et al., 2017), which has proven a great success in Trikala, the author's home city in Greece, outshining a similar scheme by Google (Kassimi, 2016);

Between September 2015, when it began to circulate on the streets of Trikala, and March 2016, the bus covered a total of 1,490 routes across 3,580 km and carried 12,138 passengers.

or for waiting at service counters and touch-screen points or for ordering food and drink via the Internet, following every phase from the preparation of the ordered items up to their being served at the table or delivered to your hotel room. The very same situation pertains to hotels when guests upload personal information and individual preferences (e.g., romantic view from the balcony, favorite beverages in the refrigerator, favorite magazines or newspapers reflecting one's political and economic views; Buhalis & Amaranganna, 2015; Philips, 2014).

The inescapable point of this scheme is that the sole purpose is to make the consumers participate actively and enhance their enjoyable experiences so as to encourage them to visit social networks and sites, use mobile apps, and read reviews, comments, and critiques. Without this, travellers cannot become part of this interconnected ‘smart’ experience (Smirnov et al., 2019) and will not experience the destination in an empowered way (Tussyadiah & Fesenmaier, 2009), and thus will not use all these smart technical alternatives that allow them to be active on social media, creating social profiles, writing reviews, giving ratings, and commenting or recommending (Figueredo et al., 2018). The so-called mobiquity (mobility and ubiquity) via WiFi access and interaction via online websites, search engines, and social media not only before and during but also after travel is the ‘new paradigm’ for experiences in tourism destinations: As a result of all such active participation and cocreation on the part of tourists (Buhalis & Leung, 2018), destinations are provided with suggestions after all the data are matched according to the criteria and are compiled according to preferences.

The Attractiveness and Competitiveness of Tourism Destinations

The implementation of smart ICT to promote tourism destinations geared to enhance consumers’ experience through better and high-level customized and personalised products and services, reflecting guests’ needs, wishes, and future desires, is crucial for the attractiveness of destinations. Following this marketing path, tourist service providers stop only when the highest level of customer satisfaction has been attained (Law et al., 2009), while seeing off the competitors (Peceny et al., 2019). At the same time, though, this implementation leads to the processing and collection not of data on tourism or on destinations, but of tourist-related information through personalisation and profiling, which can be reused for autonomous commercial purposes, regardless of whether these data are sourced and stored with the consent of the data subjects: It might well be provided by the subjects unwittingly during the time they are enjoying the tourism experience (Edwards, 2016).

These data have commercial value and provide a competitive advantage (Buhalis & Foerste, 2015), as they refer to the execution of contracts between tourists and the tourist service providers, such as transportation or hospitality contracts. These activities show aspects of how tourists experience the destinations, their preferences, their spending capacities, and their consumer behaviors. The data are, of course, derived from concluding contracts, answering queries or searches, purchases and other exchanges, or geographical location data (Masseno & Santos, 2018a, 2018b). By collecting, processing, compiling, and managing such large amounts of data (Masseno, 2016a; Vecchio et al. 2018), tourism operators and local tourism authorities and enterprises can evaluate important information regarding how tourists experience and enjoy the destination, so that the former can improve the way they interact with customers and exploit their competitive advantage over other tourism destinations (Buhalis, 2020).

However, collecting and processing personal and sensitive information facilitates the building of tourist profiles (e.g., individual preferences) with the concomitant implications for privacy and data protection (Kemp, 2014). This occurs especially when the collected data are connected and matched with data from other sources of publicly available information, such as Facebook or Twitter postings, blog entries, and so on (Masseno & Santos, 2018c; Menk et al., 2017), resulting in the analysis revealing users’ social interactions and activities, as in the case of smart tourism travel cards (Romanou, 2018). So there is a contradiction in that ICT (IoT, big data, blockchain, artificial intelligence, virtual reality, and augmented reality), by establishing a multilateral system involving inhabitants, local authorities, service providers, and tourists (Jovicic, 2019), to cocreate an enriched tourism experience (physical and digital), is actually creating not a shift toward a consumer-centric view, although consumers are becoming central actors, but a shift from a tourist-centric to a tourism-centric view (Neuhofer et al., 2015), and it is also shaping the destination tourism culture (Hunter et al., 2015).

The Negative Effects on the Relationship between Customers and Tourism Destinations
Personal Data Protection Gaps and Privacy Risks

In this technically complex and rather opaque aspect of tourism contracts, at least from the point of view of the data subjects (the tourists), the useful purposes of collecting data prevail and privacy concerns might be ignored (González-Reverté et al., 2018), especially when the traveller is serviced for a short time by contracts with unknown local providers abroad, and thus the privacy risk is underestimated or thought to be minimal (Gretzel, Sigala, et al., 2015). The concept of tourist destinations exploiting modern information technology, presenting themselves as smart tourism destinations (Boletsis & Chasanid, 2018; Jasrotia & Gangotia 2018; Tripathy et al., 2018) and offering clients enhanced touristic experiences presupposes all kinds of technology infrastructures, such as wireless networks and communication systems, interconnectivity for all mobile devices and, most important of all, data mining algorithms and big data technology with data warehouses (Höjer & Wangel, 2015; Russom, 2013).

Information gathering and data analysis in the form of automation and controlling is unavoidable if tourists, as data subjects, are going to ‘live the experience’, because their location needs to be tracked and their consumer behavior needs to be analysed. Thus, for instance, to provide assistance on the road or send out the relevant advertisements, diverse data from a massive number of tourists are processed in a centralised manner, without having installed any application on any mobile device (Masseno & Santos, 2018a, 2018b, 2018c). What is crucial is the need for tourism providers and tourism destination managers to predict tourists’ future behavior and trends as consumers (Pantano et al., 2017).

All these data are personal and sometimes sensitive, including physical appearance, health data and location data, and are collected and processed often without the data subjects being aware of it.

Compare the facts in the case Richard Lloyd v. Google LLC (2018) EWHC 2599 (QB), to which the British Court of Appeal allowed an appeal (Richard Lloyd v. Google LLC [2019], EWCA Civ 1599): Cookies on a device, without the user's knowledge or consent, enabled Google, whenever the user visited a website, to ascertain the date and time users spent on any given website, what pages were visited and for how long, and which advertisements were viewed. The search machine was also able to collect data on the geographical location of the user, known as “browser generated information” (BGI). Of course, the class is based on pre-GDPR rules (section 13(1) DPA 1998), but the Court of Appeal alluded to the GDPR (Article 82 of the GDPR, section 168 of the Data Protection Act 2018). However, the case is more interesting from the point of view of procedural law, as the High Court held that members of the English general representative action did not share the “same interest” required by the Civil Procedure Rules 1998 (CPR 19.6(1)). On the contrary, the Court of Appeal held that the members of Lloyd's represented class had all had their BGI taken without their consent.

Moreover, all the smart devices through which personal data are collected involve, in a nontransparent way for the consumer, third parties apart from the data subject and the contractual counter-party. These parties could include the data controller or the appointed data processors, the manufacturer of the device, the provider of the services, and many other intermediaries. Consequently, and most important, data are often not stored locally, but are forwarded to central services (Jülicher & Delisle, 2018) or are not processed by the traveller's contractor themselves as data controller or their data processors, but by persons authorised to process the data even though they might not be ‘third parties’.

See Article 28 of the GDPR. See also Article 4 from lit. 7) to lit. 10), Article 6 (1)(f), Article 13 (1)(d), Article 14 (2)(b), and compare Recitals 47, 54, 69 of the GDPR.

The use of large numbers of algorithms and data mining techniques has huge and negative implications for privacy and compliance with data protection rules: Algorithms execute correlations and inferences among data, so that the correlations found, as identified in the algorithms, can specify similar new cases.

Art. 29 WP Opinion 03/2013 On purpose limitation. Adopted April the 3rd, 2013, p. 14. Retrieved from https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/index_en.htm.

The same data, after new correlations between the initial data and other, obviously irrelevant data have been found, are reused for other purposes, in violation of the purpose specification principle according to which the purpose of data collection must be specified and lawful (Art. 5 (1)(b) GDPR). Indeed, it would be unlikely for anyone to set a device or the procedure for processing data so as to collect not all available but only relevant data, according to the scope of the processing, which is to service the best experience in tourism destinations. Thus, even if these methods exploit technical innovation to empower experiences, improve tourism services, and promote a tourist destination as a ‘tourism product’, they also at the same time cause a confidentiality gap in the tourism contracts between customer and service provider at the destination in terms of privacy and data protection (Couturier, 2013).

Big Data, Algorithms, and the Profiling Problem

Profiling

See Article 4 of GDPR (lit. 4) on profiling. Compare Article 22(1) and (4) and Recitals 24, 60, 63, 70–73, 91 of the GDPR.

and correlation of data make it difficult for customers to understand in a transparent way and the results remain impenetrable to laymen (Franck, 2017). Therefore, it is impossible for consumer-tourists to track down the systems and methods of automated and individual decision making (Wachter et al., 2017) on the basis of profiles, and occasionally a conscious decision is made to omit the clause on their legal rights (Recital 63, Art. 13[2][f] and Art. 15[1][h] of GDPR) regarding requesting that information (Art. 15 GDPR). Correctly, they find the information on the ‘logic of processing’ meaningless (on ‘smart transparency‘; see Hildebrandt & Koops 2010), especially when it relates to ‘algorithmic logic’ (Edwards & Veale, 2018).

Tourism destinations in particular work almost exclusively with the tool of profiling, as they aim through the personalisation process to offer tailor-made services and maximise the tourist experience (Gavalas et al., 2014). An enriched profile of the consumer based on huge amounts of data, appropriately compiled and parameterised, is the best way for tourism service operators to ‘bombard’ the customer with several segments of advertisements

ENISA (2015) Report. Privacy and data protection by design—From policy to engineering, pp. 11–13. Compare Article 25 of the GDPR.

and marketing strategies (Mavragani et al., 2019) or to price differentiated policies (Shen & Ball, 2009), even if the subject of the data is unaware of the processing and correlation of these data or of the filtering that is taking place, and so the problem will continue to grow (Holone, 2016).

Isolation and Distancing from the Smart Tourism Destination

Another danger for contractual freedom and the exercise of basic constitutional rights is that the situation can even lead to denying essential utilities for those unwilling to share personal data (Schwartz & Solove, 2011), whereby many tourists are either not familiar with new smart technology, especially the elderly (Berg, 2015; Vojvodic, 2015), or are very reluctant to disclose their data and avoid visiting tourist destinations and using the smart tourist possibilities (Ardito et al., 2019; Law et al., 2014). At the same time, through this method of data processing and the creation of profiles, only specific alternatives are offered to the tourists (data subjects) to choose as products and services; that is, only those that match the chosen preferences and patterns, according to the profiling procedure. Therefore, they are, according to specific data, excluded from other alternatives, which they might have already examined and chosen on their own, the so-called ‘filter bubbles’ effect (Pariser, 2011).

Exclusion as the Result of Discrimination at Tourism Destinations

An obvious example of the danger of exclusion is the case of price differentiation after profiling of consumer behavior according to job, wealth, purchasing, and so on. In such a case, the tourism providers offer a consumer only a very high price for some products and services, which the tourist refuses to accept, without being able to ask for an alternative. Furthermore, the data subject is not able to contest the automated individually made decision to exercise their rights (i.e., to restrict or to reject the processing, Art. 18 and 21 GDPR), especially when data are collected from the user's smartphone, implying that there is no user interaction (Kontogianni et al., 2018). Thus, this automation and lack of transparency in making algorithmic decisions according to filtering data and profiling based on needs, preferences, values, and so on promotes—either in a direct or indirect way—discrimination against tourists by excluding them from specific categories of tourist goods or services, such as sales or insurance (Weaver & Moyle, 2019, on tourists’ potential response to smart tourism). This discrimination, which leads to the denial of the freedom to conclude contracts and participate in the market, could be dangerous as such decisions might reflect, among other things, health or creditworthiness.

Contractual Imbalance

In business-to-consumer contracts between consumers and tourism businesses, the counterparty, which is protected by the law because of an asymmetry at all critical levels (e.g., knowledge and information, negotiation and economic power, etc.), consists in tourists generally and not only the elderly or the vulnerable (Koutsouradis, 2020; Luzak, 2016). The contractual imbalance in favor of the consumer's counterparty is further sharpened in the case of the technological and data processing issues of a contract because of the lack of know-how and understanding and also the time factor, whereby short-term contracts are executed before, during, or at least by the end of the trip (Masseno, 2016a). Thus, consumers do not invest time or dedicate all their powers of negotiation or demand pre-contractual information to learn about or exercise their legal rights.

Devices, Cards, and Newsletters in Hospitality and Travel Package Contracts
Hotel Guests’ Cards and Other Devices

In the case of a hospitality contract, hotel guests use a very attractive e-platform accessible via smartphones or touch screens in the hotel by means of a code (e.g., the room number) or the room card to enrich the company's database with personal data and at the same time to interact with the hotel personnel: The employees and the guest cocreate in real time the experience and the service level (Buhalis & Sinarta, 2019). Similarly, hotel guests use diverse types of wearable devices (Atembe, 2015) or guest and traveller (discount) cards; for example, smart watches for notifications and comments or check-in and access to different rooms or levels of the hotel (bar, swimming pool), and so on. Thus, during their stay at the hotel, guests receive, either as hospitality clients or as travel package consumers, announcements, alerts, and even flight information and timetable changes for each individual or for the members of the travel group as a single entity. Further, medical bracelets that the hotel guest wears while sleeping or during the day, monitor his or her health parameters and process health data.

Charge, Purchase, and Discount Cards

Guest cards can also record data about the films that guests choose to view in their hotel room and the price they pay for them. The same applies to ‘charge cards’, which hoteliers give guests as a ‘gift’ to ensure that during their stay various attractions at the tourism destination can be visited without additional costs. Such guest cards offer the guest at the respective tourist destination the opportunity to take advantage of various services at a discount or free of charge. After an attempt to apply to the scope of services offered by such guest cards the legal definitions and basic principles of package travel and linked travel arrangements, it follows that all guest cards that contain only services belonging in the category in point (d) (any other tourist service that is not intrinsically part of a travel service within the meaning of points [a], [b] or [c]), present neither package holidays nor related travel services within the meaning of Article 3(1) of Directive (EU) 2015/2302.

Directive (EU) 2015/2302 of the European Parliament and of the Council of 25 November 2015 on package travel and linked travel arrangements, amending Regulation (EC) No 2006/2004 and Directive 2011/83/EU of the European Parliament and of the Council and repealing Council Directive 90/314/EEC, OJ L 326/11.12.2015.

The same can be said of cards that only grant discounts. This also applies to purchase tickets or discount vouchers, which apart from free services in only one category of travel services, provide exclusive discounts on other types of travel services. The opposite is true of ‘purchase cards’ with free services for different types of travel services: The guest pays a travel price and receives in return different categories of travel services for the purpose of the same journey. According to the wording of the law, there is no clearly appropriate exception relating to why such cards should not represent package holidays in the sense envisaged by the new travel law. Therefore, a purchase card with at least two different categories of included travel services could constitute a package.

It should be pointed out that the processing of personal data must be authorised on legal grounds. It seems to be very difficult to find legal grounds for data processing when it comes to purchase cards without the consent of the data subject. The following cases are considered for possible legal grounds.

Implementation of a Contractual Relationship

If the collection of personal data is required for the fulfillment and performance of a contract, the use and storage of this information is permitted under data protection law. For example, all information proving the purchase contract (information on request, invoice, etc.) must be justified on this legal ground. The problem here is that as charge or discount cards are financed via a surcharge that is paid by the host to the respective card operators, the various services of the card received by the guest do not constitute services provided by the host himself or herself. In this respect, there is a twofold lack of a contractual service exchange relationship: between the guest and the host on the one hand and between the guest and the card issuer on the other.

Balancing of Interests

The storage of data is not always mandatory for the performance of the contract. However, if the processing of personal data is necessary to safeguard the legitimate interests of the card operator, this can also be justified under data protection legislation. The personal evaluation of usage and user data (e.g., user profile) is usually not justified by the balance of interests.

Data without Any Personal Reference Character

We have no application of data protection law in cases where the evaluation of usage data takes place without any personal reference; thus, this processing does not fall under data protection law. For example, it is permissible to evaluate visitor flows or usage time if this evaluation is not user-related. It must be ensured that no reference can be made to individuals, not even through additional information.

Reporting or Registration Data and Usage Data

In terms of data protection, the collection of reporting or registration data is subject to a strict purpose limitation. This also includes information that could arise from the use of a guest card (usage data).

Newsletters

Even in newsletter services, the counterparties of the consumers remind them that more data, apart from those necessary for data processing, are optional but will be used to personalise information and adapt commercial offers to the best interests of the client. However, data protection law prohibits a so-called coupling or correlation in cases where the conclusion or performance of the contract is made dependent on consenting to the processing of data that are not required for this purpose. It is therefore necessary to obtain the data subject's consent for the specific type of use. An example is the sending of a newsletter customer satisfaction survey, stored in a customer database for later advertising and other purposes. Therefore, if a later newsletter or customer survey is carried out, the declaration of consent must cover precisely these purposes.

Applicable Legal Rules and Legal Analysis Approach
The Legal Framework and the Difficulties in Complying with It

Tourism organisations, perhaps under the supervision of local tourism authorities (e.g., municipality bureaus, etc.), have to ensure that the processing of personal data is fair, lawful, and transparent (Art. 5[1][a] of the GDPR). Concerning the privacy and confidentiality of personal data and information, especially when these are stored electronically, tourists and visitors should enjoy the same rights as the citizens of the host country.

See Article 8(3) of the Global Code of Ethics for Tourism, retrieved from https://www.unwto.org/global-code-of-ethics-for-tourism.

Whether the data are collected voluntarily or inferred from other accessible sources, or are correlated with data of other databases, tourists who are not solely customers and consumers but in the legal context also data subjects are entitled to know which personal data are obtained, from where, and from whom. Moreover, in our case, data subjects have the right to ask the data controllers, and learn in a transparent way, how automated decisions are made according to the collected or inferred interconnected or correlated data. Consequently, to avoid the danger of isolation and exclusion, all circumstances and data should be taken into account in the automated decision-making procedure, despite the technical difficulty of processing decontextualised information and correlating differential databases (Recital 71 of the GDPR). These difficulties are often compounded by tourism organisations claiming secrecy over the methods by which data are processed on grounds of commercial confidentiality and protection of software copyright, as well as the trade-secret shield (Ehmann, 2017). However, these overriding interests should be interpreted narrowly.

See Article 15(4) and Recital 63 of the GDPR; compare Art. 29 Data Protection Working Party, Opinion 06/2014 on the Notion of Legitimate Interests of the Data Controller under Article 7 of Directive 95/46/EC, pp. 23, retrieved from http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp217_en.pdf.

Further, it is true that big data algorithms are constructed by default with the capacity to change autonomously, and therefore they are not at all suitable for recording, documenting, or proof (Edwards & Veale, 2017; Rubinstein, 2013).

Circumstances for Obtaining Consent

It is very unlikely that tourists as data subjects give their prior consent to the previously described data collection (Art. 6[1][a] of the GDPR), even if this was in many cases part of the purpose of data processing (Art. 25 of the GDPR on privacy by design). Of course, we must also consider the so-called smart tourists (Femenia-Serra et al., 2019): These tourists accept the sharing of personal information as usual practice because they realise the benefits therein and assume that their privacy and security will be protected. Smart tourists are therefore willing to share their personal and preferences-related data in exchange for information and proposals, although they are conscious of the value of their data and the need to protect them. Nevertheless, the fact that information notices appear and disappear instantly on the consumer devices’ screens and that consent is not consciously given undermines the duty of the data collectors to comply with the law.

Article 29 Working Party, Guidelines on Consent under Regulation 2016/679 (wp259rev.01), Revised and Adopted on 10 April 2018, pp. 13, 18, 20, 23, 30, retrieved from https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=623051.

The law requires unambiguous, informed, specific, explicit, and granular consent (Carolan, 2016), otherwise it is difficult for the controller to prove that consent was given according to the law and for the data subjects to claim withdrawal of their consent (Art. 7[3] of the GDPR) because of lack of these circumstances (Mantelero, 2014).

Article 29 Working Party, Opinion 15/2011 on the definition of consent, pp. 6, 30. Adopted on 13 July 2011, retrieved from https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2011/wp187_en.pdf.

Indeed, devices used by tourists are often, in terms of design, small or screenless (e.g., buying a ticket, using guest or discount cards, Global Positioning System [GPS] devices), without a keyboard or monitor.

Article 29 WP, Opinion 8/2014, Recent developments on the Internet of Things. Adopted on 16 September 2014, pp. 5–8, retrieved from https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf.

At the same time, the data subjects experiencing the tourism destination and its services fail to examine further the issue of data collection and cannot make an active and conscious choice on privacy and data protection settings by reading the policies. In any case, they are likely to be unaware that data collected during the trip are going to be used in the future in correlation with other databases and for other purposes (Habegger et al., 2014).

Public Interest or Other Legitimate Interests

In tourism contracts between consumers and tourism service providers, it seems unlikely that the so-called public interest could be invoked as a legal ground for the processing of personal data without obtaining consent.

European Parliament Study (2015), Big Data and Smart Devices and their Impact on Privacy (pp. 6, 24, 26, 30).

On the contrary, ‘legitimate interests’ (Art. 6[1][f] of the GDPR) are often cited as a legal ground by commercial companies to process data by claiming somehow that the processing of data is ‘necessary’ and so could be construed as legitimate even without consent.

Information Commissioner's Office (2017), Big Data, Artificial Intelligence, Machine Learning and Data Protection (pp. 29), retrieved from https://ico.org.uk/media/for-organisations/documents/2013559/big-data-ai-ml-and-data-protection.pdf.

For example, websites declare their legitimate interest in processing personal data for reasons of tracking, advertising, and analysis services. Websites even claim legitimate interest when continuously sending out online offers.

The Principle of Proportionality

The crucial task of balancing, on the one hand, the commercial interests of the provider or the tourism destination providing the optimum experience and, on the other, the data subjects’ fundamental rights to privacy and protecting their own personal data

Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms, as amended by Protocol Nos. 11 and 14, of 4 November 1950, recognized the right to privacy, and this objective was given effect in Article 23 of the Data Protection Directive 95/46/EC (the “Directive”). See also Article 8 of the EU Charter of Fundamental Rights. Compare European Data Protection Supervisor, Opinion 7/2015, Meeting the challenges of big data, retrieved from https://edps.europa.eu/sites/edp/files/publication/15-11-19_big_data_en.pdf.

is to be executed in the first instance by the controllers themselves (Schwartz & Solove, 2011) and ultimately by the courts according to the law.

Article 29 Data Protection Working Party, Opinion 06/2014 on the Notion of Legitimate Interests of the Data Controller under Article 7 of Directive 95/46/EC (844/14/EN, WP 217), pp. 30, 33, 55, 57.

Performance of the Contract

To suspend the strict prerequisite of obtaining the consent of the data subject, it is possible that the controller might invoke the so-called contractual condition, according to which the execution and performance of a contractual obligation provides the justification to process, collect, and use data without consent. Thus, by users simply visiting a website and being active (comments, news, etc.), the provider begins data processing, claiming the legal ground of Article 6(1)(b) of the GDPR. At this point, the opinion of the judge becomes crucial; the court is called on to finally decide whether the processing was necessary for the performance of the contract or the processing went beyond what was required for the execution of the contract, whether that be selling a product or delivering a service. For example, websites often warn users that providing more data than is necessary for performing the contract is an option and does not influence the use of the site, but they do not assure consumers that the data will not be reused.

The Principle of Purpose Limitation

According to Article 5(1)(b) of the GDPR, the purpose for which the data are collected must be specified and have been considered as lawful (data minimalism or purpose limitation). Consequently, every reuse of that data is to be prevented after an assessment of the new use according to the purpose principle (informed consent for specific and well-defined purposes).

See Article 29 WP Opinion 03/2013 On purpose limitation. Adopted on 3 April 2013, pp. 12, 21. Compare Article 7 and Article 35 of GDPR (on DPIA - data protection impact assessment).

Personal data then should not be further processed in a way (with respect to the data subject) that is unanticipated and inappropriate and therefore unrelated to the execution of the contract.

Council of Europe (2017), Guidelines on the protection of individuals with regard to the processing of personal data in a world of Big Data, pp. 3–6, retrieved from https://rm.coe.int/16806ebe7a.

Should this occur, we have a case of forbidden reuse of the data for purposes other than the initial one, thus exposing the privacy of the data subjects to danger without any legal grounds, which is unanticipated and lacking in transparency. In cases of smart tourism, specific potential perils arise, including the hacking of the central intelligence system, movement monitoring, abusive marketing by companies, or even the blackmailing or stalking of tourists (Saravanan & Ramakrishnan, 2016). It is also a fact, confirmed by experts (Solove, 2017), that controllers can repackage data or create derived data and can profit by selling data packages to the market. The controllers in tourism destinations carry the burden of complying with Recital 50 of the GDPR.

The Principle of inimisation and Retention

According to this principle, organisations should minimise the amount of data they collect and process and also reduce the length of time they keep the data (Art. 5[1][c], Recital 39 and Art. 18 of the GDPR). However, technology permits, if not enhances and favours, the collection, aggregation, and analysis of huge amounts of data, using algorithms and intelligent tools not only to categorise for the purposes of profiling, but also to analyse, interconnect, and correlate. At the same time, the legal obligation to delete data and not to archive and store them for longer than the purpose of collection requires serves the principle of minimisation and necessity (Art. 5[1][e] of the GDPR, on the storage limitation principle).

The ‘Right to be Forgotten’ and the Principle of Accuracy of Data

Article 17 of the GDPR stipulates the right of the data subject to be forgotten, that is to say, the right to have his or her personal data erased when its data are no longer necessary for the purpose for which they were collected or in the case of inaccurate data (Article 16; compare Recital 71 of GDPR). Furthermore, pursuant to Article 5(1) (d) of the GDPR, data always have to be representative or accurate (accuracy principle). Although it could prove to be extremely difficult for the controller to find and erase the tourist's data (Bartolini & Siry, 2016), the inaccuracy of data violates the preceding principle and constitutes a legal ground for strict liability in favor of the data subjects if restitution is to be made for the damage (Hoeren, 2018).

’Necessary’ Data Processing in the Course of Contract Performance

Apart from the clear cases of contract performance and fulfillment, pursuant to Article 6(1)(b) of the GDPR, determining ‘necessity’ is not always easy. For example, is access to data required in the case where a free application allows users to simulate or repeat an experience on the display of their smartphone by means of a graphic visualisation, when the ‘app’ does not have any other functions, and when for users to use this app they must grant access to their location and address book data? In this case, transparent general contract terms and conditions could make the difference, so that it is no longer surprising that the user receives the service of the app only in ‘exchange’ for location and address book data. Here, the crucial question is how necessary is the respective option for the carrying out (performance) of the principal part of the contract? The specific content of the contract lays out a different perspective in determining the necessity of the so-called specific obligation or the principal part of the contract to be performed. In the case where at the time of the conclusion of the contract, sufficiently transparent information is given to the data subjects about what they ‘exchange’ and what they pay for (e.g., data vs. services), then a free decision by the individual is a sufficient legal ground as consent.

Concluding Thoughts and Some Future Reflections

The results so far could be summarised as follows: A tourist's personal data are too valuable and necessary to tourism destination organisations for them to abandon their current advantaged position to maximise and analyse the data, create profiling, and process the data for other purposes than the original one to predict future patterns in consumer behavior. On the other hand, the data subjects, expecting enriched experiences, are continually providing their personal data either unconsciously or without being able to foresee they are being reused for purposes other than the initial one. In other words, they cannot transparently understand the methods and extent of the processing (big data, algorithmic analysis, correlation with social media, image recognition, etc.). In fact, the lack of transparency and the highly complicated technical background places even those data subjects who are aware of the privacy risks entailed in data processing in the position of a weak contract counterparty who cannot in any way pursue their legal rights due to negotiation and information asymmetry (Masseno, 2016b; Masseno & Santos, 2018b).

Consequently, none of the counterparties or third parties (analytics firms, tourism destinations, entrepreneurs, etc.) can or want to give up the current practice focused on commercially valuable data and enhanced experiences (Tallon, 2013) and dedicate more time and space to concerns about privacy (Brown et al., 2007) related to the processing, profiling, and further disclosure of private data (Schwartz & Solove, 2011). In that sense, there is already a discrepancy between the state of the art and the state of practice in this field. The data subject's awareness of this situation—that is, of risking their privacy and not being able to uphold their legal rights, or, in other words, of the data controller's noncompliance with the legal framework—is likely to erode the trust between the counterparties, as trust and perceived risk are basic contractual elements (Bonsón Ponte et al., 2015; Kim et al., 2008). In particular, the previously examined results of isolation or exclusion of tourists affect very negatively the tourism destinations whose aim is to be attractive and worth revisiting (see Benckendorff et al., 2005, p. 38, on the travellers called ‘Luddites’, who view technology as being destructive to the tourism experience).

Conversely, conforming and complying with the legal provisions on transparent and adequate information (Hardy et al., 2017) for the data subjects (Lee & Cranage, 2011) with regard to the methods, procedures, and further consequences of data processing could rebuild trust (Buhalis & Amaranganna, 2015) and fill the void of privacy concerns and personal data protection (Huang et al., 2017; Xiang & Fesenmaier, 2017), the so-called missing issue in the smart tourism destination debate (Anuar & Gretzel, 2011). In such a case, tourism destinations and local authorities and businesses are more likely to regain the younger tourists, the so-called digital natives or millennial tourists, who have grown up with Internet access, mobile devices, and interface screens and are familiar with social media and data or opinion or experience interchanges. Therefore, in the conclusion of tourism contracts (hospitality or travel packages, booked either in the process of linked online booking or in linked travel arrangements) a new trust relationship (Femenia-Serra et al., 2019), on an adequate legal ground and in compliance with the legal framework can be achieved.

This, of course, demands from the smart tourism destinations as well as from the controllers renewed information governance (Hadar et al., 2018);

On “privacy by design” see Article 25 and Articles 6, 24, 32–34 of the GDPR.

that is, a combination of retaining the added value of the information and its commercial use and of omitting profiling for unintended uses (Art. 25 and Art. 6, 24, and 32–34 of the GDPR, on ‘privacy by design’). In other words, it demands a combination of personalising the data only to enhance experience, data protection, and respect for privacy. The future precautionary parameters are unavoidable as technical ones,

Information Commissioner's Office (2017), Big Data, Artificial Intelligence, Machine Learning and Data Protection (p. 4).

such as applying anonymisation (Recital 26 of the GDPR) or pseudonymisation (Art. 25 of the GDPR),

Article 29 WP Opinion 05/2014, On Anonymisation Techniques. Adopted on 10 April 2014, retrieved from https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2014/wp216_en.pdf. For the so-called privacy enhancing tools, see Articles 6, 24, 32–34 of the GDPR.

rewriting in an easy-to-understand, informative way, as well as applying video privacy and data protection policies (Art. 42, 43 and Recital 100 of the GDPR; Wachter, 2018), compliance with the legal obligation of privacy by avoiding nontransparent algorithmic analysis, and exploiting the technical features of electronic seals or signs and certification mechanisms (Art. 12[7] and Recital 60 of the GDPR; Masseno & Santos, 2018a, 2018c).

Finally, the data processors should not overlook the dynamically developing legal framework and follow up on any updated legal requirements.

Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union, OJ L 194, 19.7.2016, pp. 1–30; Proposal of a Regulation of the EP and of the Council concerning the respect for private life and the protection of personal data in electronic communications, COM/2017/010 final - 2017/03 (COD).

On the other hand, tourists have to live with the fact that they have to ‘invest’ more time to take on board these new rewritten privacy policies; they have to learn to be prudent and discerning when providing their data as the price to be paid. Otherwise is by no means fair and equal, even when it comes to enhanced and enriched tourism experiences and travel pleasure. A fundamental reformulation is therefore expected of how data are handled in smart tourism in favor of both tourists and smart tourism destinations.

Amorim, M., Mar, A., Monteiro, F., Sylaiou, S., Pereira, P., & Martins, J. (2018). Smart tourism routes based on real time data and evolutionary algorithms. In Digital heritage: Progress in cultural heritage. Documentation, preservation, and protection—7th international conference, EuroMed 2018, Nicosia, Cyprus, Proceedings, Part I (pp. 417–426). https://doi.org/10.1007/978-3-030-01762-0\__36 AmorimM. MarA. MonteiroF. SylaiouS. PereiraP. MartinsJ. 2018 Smart tourism routes based on real time data and evolutionary algorithms In Digital heritage: Progress in cultural heritage. Documentation, preservation, and protection—7th international conference, EuroMed 2018, Nicosia, Cyprus, Proceedings, Part I 417 426 https://doi.org/10.1007/978-3-030-01762-0\__36 10.1007/978-3-030-01762-0 Search in Google Scholar

Anuar, F. I., & Gretzel, U. (2011). Privacy concerns in the context of location-based services for tourism [Paper presentation]. ENTER 2011 Conference: Accessibility of ICTs and Accessible Travel Information, Innsbruck, Austria. http://ertr.tamu.edu/files/2013/02/13.pdf AnuarF. I. GretzelU. 2011 Privacy concerns in the context of location-based services for tourism [Paper presentation]. ENTER 2011 Conference: Accessibility of ICTs and Accessible Travel Information Innsbruck, Austria http://ertr.tamu.edu/files/2013/02/13.pdf Search in Google Scholar

Ardito, L., Cerchione, R., Del Vecchio, P., & Raguseo, E. (2019). Big data in smart tourism: Challenges, issues and opportunities. Current Issues in Tourism, 22(15), 1805–1809. doi: 10.1080/13683500.2019.1612860 ArditoL. CerchioneR. Del VecchioP. RaguseoE. 2019 Big data in smart tourism: Challenges, issues and opportunities Current Issues in Tourism 22 15 1805 1809 10.1080/13683500.2019.1612860 Open DOISearch in Google Scholar

Atembe, R. (2015). The use of smart technology in tourism: Evidence from wearable devices. Journal of Tourism and Hospitality Management, 3(11–12), 224–234 AtembeR. 2015 The use of smart technology in tourism: Evidence from wearable devices Journal of Tourism and Hospitality Management 3 11–12 224 234 Search in Google Scholar

Bartolini, C., & Siry, L. (2016). The right to be forgotten in the light of the consent of the data subject. Computer Law and Security Review, 32(2), 218–237. BartoliniC. SiryL. 2016 The right to be forgotten in the light of the consent of the data subject Computer Law and Security Review 32 2 218 237 10.1016/j.clsr.2016.01.005 Search in Google Scholar

Benckendorff, P., Moscardo, G., & Murphy, L. (2005). High tech versus high touch: Visitor responses to the use of technology in tourist attractions. Tourism Recreation Research 30(3), 37–47. doi: 10.1080/02508281.2005.11081485 BenckendorffP. MoscardoG. MurphyL. 2005 High tech versus high touch: Visitor responses to the use of technology in tourist attractions Tourism Recreation Research 30 3 37 47 10.1080/02508281.2005.11081485 Open DOISearch in Google Scholar

Berg, L. (2015). Consumer vulnerability: Are older people more vulnerable as consumers than others?. International Journal of Consumer Studies, 39(4), 284–293. BergL. 2015 Consumer vulnerability: Are older people more vulnerable as consumers than others? International Journal of Consumer Studies 39 4 284 293 10.1111/ijcs.12182 Search in Google Scholar

Boletsis, C., & Chasanid, D. (2018). Smart tourism in cities: Exploring urban destinations with audio augmented reality. In Proceedings of the 11th Pervasive Technologies Related to Assistive Environments Conference, PETRA 2018 (pp. 515–521). https://doi.org/10.1145/3197768.3201549 BoletsisC. ChasanidD. 2018 Smart tourism in cities: Exploring urban destinations with audio augmented reality In Proceedings of the 11th Pervasive Technologies Related to Assistive Environments Conference, PETRA 2018 515 521 https://doi.org/10.1145/3197768.3201549 10.1145/3197768.3201549 Search in Google Scholar

Bonsón Ponte, E., Carvajal-Trujillo, E., & Escobar-Rodríguez, T. (2015). Influence of trust and perceived value on the intention to purchase travel online: Integrating the effects of assurance on trust antecedents. Tourism Management, 47(C), 286–302. http://doi.org/10.1016/j.tourman.2014.10.009 Bonsón PonteE. Carvajal-TrujilloE. Escobar-RodríguezT. 2015 Influence of trust and perceived value on the intention to purchase travel online: Integrating the effects of assurance on trust antecedents Tourism Management 47 C 286 302 http://doi.org/10.1016/j.tourman.2014.10.009 10.1016/j.tourman.2014.10.009 Search in Google Scholar

Brown, M. R., Muchira, R., & Gottlieb, U. (2007). Privacy concerns and the purchasing of travel services online. Information Technology & Tourism, 9(1), 15–25. http://doi.org/10.3727/109830507779637620 BrownM. R. MuchiraR. GottliebU. 2007 Privacy concerns and the purchasing of travel services online Information Technology & Tourism 9 1 15 25 http://doi.org/10.3727/109830507779637620 10.3727/109830507779637620 Search in Google Scholar

Buhalis, D. (2020), “Technology in tourism-from information communication technologies to eTourism and smart tourism towards ambient intelligence tourism: a perspective article”, Tourism Review, Vol. 75 No. 1, pp. 267–272. https://doi.org/10.1108/TR-06-2019-0258 BuhalisD. 2020 “Technology in tourism-from information communication technologies to eTourism and smart tourism towards ambient intelligence tourism: a perspective article” Tourism Review 75 1 267 272 https://doi.org/10.1108/TR-06-2019-0258 10.1108/TR-06-2019-0258 Search in Google Scholar

Buhalis, D., & Amaranganna, A. (2014). Smart tourism destinations. In Z. Xiang & I. Tussyadiah (Eds.), Information and communication technologies in tourism 2014—Proceedings of the International Conference in Dublin, Ireland, (pp. 553–564). Springer. BuhalisD. AmarangannaA. 2014 Smart tourism destinations In XiangZ. TussyadiahI. (Eds.), Information and communication technologies in tourism 2014—Proceedings of the International Conference in Dublin Ireland 553 564 Springer Search in Google Scholar

Buhalis, D., & Amaranganna, A. (2015). Smart tourism destinations: Enhancing tourism experience through personalisation of services. In I. Tussyadiah & A. Inversini (Eds.), Information and Communication Technologies in Tourism 2015—Proceedings of the International Conference in Lugano, Switzerland (pp. 377–389). Springer. doi:10.1007/978-3-319-14343-9_28 BuhalisD. AmarangannaA. 2015 Smart tourism destinations: Enhancing tourism experience through personalisation of services In TussyadiahI. InversiniA. (Eds.), Information and Communication Technologies in Tourism 2015—Proceedings of the International Conference in Lugano Switzerland 377 389 Springer 10.1007/978-3-319-14343-9_28 Open DOISearch in Google Scholar

Buhalis, D., & Foerste, M. (2015). SoCoMo marketing for travel and tourism: Empowering co-creation of value. Journal of Destination Marketing & Management, 4(3), 1–11. http://doi.org/10.1016/j.jdmm.2015.04.001 BuhalisD. FoersteM. 2015 SoCoMo marketing for travel and tourism: Empowering co-creation of value Journal of Destination Marketing & Management 4 3 1 11 http://doi.org/10.1016/j.jdmm.2015.04.001 10.1016/j.jdmm.2015.04.001 Search in Google Scholar

Buhalis, D., & Law, R. (2008). Progress in information technology and tourism management: 20 years on and 10 years after the internet: The state of eTourism research. Tourism Management, 29(4), 609–623. BuhalisD. LawR. 2008 Progress in information technology and tourism management: 20 years on and 10 years after the internet: The state of eTourism research Tourism Management 29 4 609 623 10.1016/j.tourman.2008.01.005 Search in Google Scholar

Buhalis, D., & Leung, R. (2018). Smart hospitality—Interconnectivity and interoperability towards an ecosystem. International Journal of Hospitality Management, 71, 41–50. BuhalisD. LeungR. 2018 Smart hospitality—Interconnectivity and interoperability towards an ecosystem International Journal of Hospitality Management 71 41 50 10.1016/j.ijhm.2017.11.011 Search in Google Scholar

Buhalis, D., & Sinarta, Y. (2019). Real-time co-creation and nowness service: Lessons from tourism and hospitality. Journal of Travel & Tourism Marketing, 36(5), 563–582. BuhalisD. SinartaY. 2019 Real-time co-creation and nowness service: Lessons from tourism and hospitality Journal of Travel & Tourism Marketing 36 5 563 582 10.1080/10548408.2019.1592059 Search in Google Scholar

Carolan, E. (2016). The continuing problems with online consent under the EU's emerging data protection principles. Computer Law and Security Review, 32(3), 462–473. CarolanE. 2016 The continuing problems with online consent under the EU's emerging data protection principles Computer Law and Security Review 32 3 462 473 10.1016/j.clsr.2016.02.004 Search in Google Scholar

Couturier, H. (2013). At the big data crossroads: Turning towards a smarter travel experience. Amadeus IT Group. https://amadeus.com/documents/en/blog/pdf/2013/07/amadeus-big-data-report.pdf CouturierH. 2013 At the big data crossroads: Turning towards a smarter travel experience Amadeus IT Group https://amadeus.com/documents/en/blog/pdf/2013/07/amadeus-big-data-report.pdf Search in Google Scholar

Edwards, L. (2016). Privacy, security and data protection in smart cities: A critical EU law perspective. European Data Protection Law Review, 2(1), 28–58. EdwardsL. 2016 Privacy, security and data protection in smart cities: A critical EU law perspective European Data Protection Law Review 2 1 28 58 10.2139/ssrn.2711290 Search in Google Scholar

Edwards, L., & Veale, M. (2017). Slave to the algorithm? Why a “right to an explanation” is probably not the remedy you are looking for. Duke Law & Technology Review, 16(1), 18–84. http://dx.doi.org/10.2139/ssrn.2972855 EdwardsL. VealeM. 2017 Slave to the algorithm? Why a “right to an explanation” is probably not the remedy you are looking for Duke Law & Technology Review 16 1 18 84 http://dx.doi.org/10.2139/ssrn.2972855 10.31228/osf.io/97upg Search in Google Scholar

Edwards, L., & Veale, M. (2018). Enslaving the algorithm—From “right to an explanation” to “right to better decisions.” IEEE Security & Privacy, 16(3), 46–54. EdwardsL. VealeM. 2018 Enslaving the algorithm—From “right to an explanation” to “right to better decisions.” IEEE Security & Privacy 16 3 46 54 10.1109/MSP.2018.2701152 Search in Google Scholar

Ehmann, E. (2017). Art 15 Rechte der betroffenen Person. In E. Ehmann, M. Selmayr, & J. P. Albrecht (Eds.), DS-GVO: Datenschutz-Grundverordnung: Kommentar. C. H. Beck. EhmannE. 2017 Art 15 Rechte der betroffenen Person In EhmannE. SelmayrM. AlbrechtJ. P. (Eds.), DS-GVO: Datenschutz-Grundverordnung: Kommentar C. H. Beck Search in Google Scholar

Femenia-Serra, F., Neuhofer, B., & Ivars-Baidal, J. A. (2019). Towards a conceptualisation of smart tourists and their role within the smart destination scenario. The Service Industries Journal, 39(2), 109–133. https://doi.org/10.1080/02642069.2018.1508458 Femenia-SerraF. NeuhoferB. Ivars-BaidalJ. A. 2019 Towards a conceptualisation of smart tourists and their role within the smart destination scenario The Service Industries Journal 39 2 109 133 https://doi.org/10.1080/02642069.2018.1508458 10.1080/02642069.2018.1508458 Search in Google Scholar

Figueredo, M., Ribeiro, J., Cacho, N., Thome, A., Cacho, A., Lopes, F., & Araujo, V. (2018). From photos to travel itinerary: A tourism recommender system for smart tourism destination. In 2018 IEEE Fourth International Conference on Big Data Computing Service and Applications Big Data Service (pp. 85–92). IEEE. https://doi.ieeecomputersociety.org/10.1109/BigDataService.2018.00021 FigueredoM. RibeiroJ. CachoN. ThomeA. CachoA. LopesF. AraujoV. 2018 From photos to travel itinerary: A tourism recommender system for smart tourism destination In 2018 IEEE Fourth International Conference on Big Data Computing Service and Applications Big Data Service 85 92 IEEE https://doi.ieeecomputersociety.org/10.1109/BigDataService.2018.00021 10.1109/BigDataService.2018.00021 Search in Google Scholar

Franck, L. (2017). Art 12 Transparente Information, Kommunikation. In P. Gola & C. Eichler (Eds.), Datenschutz-Grundverordnung VO (EU) 2016/679: Kommentar. C. H. Beck. FranckL. 2017 Art 12 Transparente Information, Kommunikation In GolaP. EichlerC. (Eds.), Datenschutz-Grundverordnung VO (EU) 2016/679: Kommentar C. H. Beck Search in Google Scholar

García, L. M., Aciar, S., Mendoza, R., & Puello, J. J. (2018). Smart tourism platform based on micro service architecture and recommender services. In Proceedings of Mobile web and intelligent information systems—15th International Conference, MobiWIS 2018 (pp. 167–180). https://doi.org/10.1007/978-3-319-97163-6\__14 GarcíaL. M. AciarS. MendozaR. PuelloJ. J. 2018 Smart tourism platform based on micro service architecture and recommender services In Proceedings of Mobile web and intelligent information systems—15th International Conference, MobiWIS 2018 167 180 https://doi.org/10.1007/978-3-319-97163-6\__14 10.1007/978-3-319-97163-6 Search in Google Scholar

Gavalas, D., Konstantopoulos, C., Mastakas, K., & Pantziou G. (2014). Mobile recommender systems in tourism. Journal of Network and Computer Applications, 39(1), 319–333. doi:10.1016/j.jnca.2013.04.006 GavalasD. KonstantopoulosC. MastakasK. PantziouG. 2014 Mobile recommender systems in tourism Journal of Network and Computer Applications 39 1 319 333 10.1016/j.jnca.2013.04.006 Open DOISearch in Google Scholar

González-Reverté, F., Díaz-Luque, P., Gomis-López, J. M., & Morales-Pérez, S. (2018). Tourists’ risk perception and the use of mobile devices in beach tourism destinations. Sustainability, 10(2), 1–21. http://doi.org/10.3390/su10020413 González-RevertéF. Díaz-LuqueP. Gomis-LópezJ. M. Morales-PérezS. 2018 Tourists’ risk perception and the use of mobile devices in beach tourism destinations Sustainability 10 2 1 21 http://doi.org/10.3390/su10020413 10.3390/su10020413 Search in Google Scholar

Gretzel, U., Reino, S., Kopera, S., & Koo, C. (2015). Smart tourism challenges. Journal of Tourism, 16(1), 41–47. GretzelU. ReinoS. KoperaS. KooC. 2015 Smart tourism challenges Journal of Tourism 16 1 41 47 Search in Google Scholar

Gretzel, U., Sigala, M., Xiang, Z., & Koo, C. (2015). Smart tourism: Foundations and developments. Electronic Markets, 25(3), 179–188. https://doi.org/10.1007/s12525-015-0196-8 GretzelU. SigalaM. XiangZ. KooC. 2015 Smart tourism: Foundations and developments Electronic Markets 25 3 179 188 https://doi.org/10.1007/s12525-015-0196-8 10.1007/s12525-015-0196-8 Search in Google Scholar

Habegger, B., Hasan, O., Brunie, L., Bennani, N., Kosch, H., & Damiani, E. (2014). Personalization vs. privacy in big data analysis. International Journal of Big Data, 2014(1), 25–35. https://hal.archives-ouvertes.fr/hal-01270826 HabeggerB. HasanO. BrunieL. BennaniN. KoschH. DamianiE. 2014 Personalization vs. privacy in big data analysis International Journal of Big Data 2014 1 25 35 https://hal.archives-ouvertes.fr/hal-01270826 Search in Google Scholar

Hadar, I., Hasson, T., Ayalon, O., Toch, E., Birnhack, M., Sherman, S., & Balissa, A. (2018). Privacy by designers: Software developers’ privacy mindset. Empirical Software Engineering, 23(1), 259–289. HadarI. HassonT. AyalonO. TochE. BirnhackM. ShermanS. BalissaA. 2018 Privacy by designers: Software developers’ privacy mindset Empirical Software Engineering 23 1 259 289 10.1145/3180155.3182531 Search in Google Scholar

Hardy, A., Hyslop, S., Booth, K., Robards, B., Aryal, J., Gretzel, U., & Eccleston, R. (2017). Tracking tourists’ travel with smartphone-based GPS technology: A methodological discussion. Information and Communication Technologies in Tourism, 17(3), 255–274. https://doi.org/10.1007/s40558-017-0086-3 HardyA. HyslopS. BoothK. RobardsB. AryalJ. GretzelU. EcclestonR. 2017 Tracking tourists’ travel with smartphone-based GPS technology: A methodological discussion Information and Communication Technologies in Tourism 17 3 255 274 https://doi.org/10.1007/s40558-017-0086-3 10.1007/s40558-017-0086-3 Search in Google Scholar

Hildebrandt, M., & Koops, B.-J. (2010). The challenges of ambient law and legal protection in the profiling era. The Modern Law Review, 73(3), 428–460. HildebrandtM. KoopsB.-J. 2010 The challenges of ambient law and legal protection in the profiling era The Modern Law Review 73 3 428 460 10.1111/j.1468-2230.2010.00806.x Search in Google Scholar

Hoeren, T. (2018). Big data and data quality. In T. Hoeren & B. Kolany-Raiser (Eds.), Big data in context—Legal, social and technological insights (pp. 1–12). Springer. HoerenT. 2018 Big data and data quality In HoerenT. Kolany-RaiserB. (Eds.), Big data in context—Legal, social and technological insights 1 12 Springer 10.1007/978-3-319-62461-7_1 Search in Google Scholar

Holone, H. (2016). The filter bubble and its effect on online personal health information. Croatian Medical Journal, 57(3), 298–301. doi:10.3325/cmj.2016.57.298 HoloneH. 2016 The filter bubble and its effect on online personal health information Croatian Medical Journal 57 3 298 301 10.3325/cmj.2016.57.298493723327374832 Open DOISearch in Google Scholar

Höjer, M., & Wangel, J. (2015). Smart sustainable cities: Definition and challenges. In L. Hilty & B. Aebischer (Eds.), ICT innovations for sustainability, advances in intelligent systems and computing (pp. 333–349). HöjerM. WangelJ. 2015 Smart sustainable cities: Definition and challenges In HiltyL. AebischerB. (Eds.), ICT innovations for sustainability, advances in intelligent systems and computing 333 349 10.1007/978-3-319-09228-7_20 Search in Google Scholar

Huang, C. D., Goo, J., Nam, K., & Yoo, C. W. (2017). Smart tourism technologies in travel planning: The role of exploration and exploitation. Information & Management, 54(6), 683–836. http://doi.org/10.1016/j.im.2016.11.010 HuangC. D. GooJ. NamK. YooC. W. 2017 Smart tourism technologies in travel planning: The role of exploration and exploitation Information & Management 54 6 683 836 http://doi.org/10.1016/j.im.2016.11.010 10.1016/j.im.2016.11.010 Search in Google Scholar

Hunter, W. C., Chung, N., Gretzel, U., & Koo, C. (2015). Constructivist research in smart tourism. Asia Pacific Journal of Information Systems, 25(1), 105–120. http://dx.doi.org/10.14329/apjis.2015.25.1.105 HunterW. C. ChungN. GretzelU. KooC. 2015 Constructivist research in smart tourism Asia Pacific Journal of Information Systems 25 1 105 120 http://dx.doi.org/10.14329/apjis.2015.25.1.105 10.14329/apjis.2015.25.1.105 Search in Google Scholar

Jasrotia, A., & Gangotia, A. D. (2018). Smart cities to smart tourism destinations: A review paper. Journal of Tourism Intelligence and Smartness, 1, 47–56. JasrotiaA. GangotiaA. D. 2018 Smart cities to smart tourism destinations: A review paper Journal of Tourism Intelligence and Smartness 1 47 56 Search in Google Scholar

Jorro-Aragoneses, J. L., Agudo, M. B. D., & García, J. A. R. (2017). Madrid live: A context-aware recomendar system of leisure plans. In 2017 IEEE 29th International Conference on Tools with Artificial Intelligence (pp. 796–801). IEEE. https://doi.org/10.1109/ICTAI.2017.00125. Jorro-AragonesesJ. L. AgudoM. B. D. GarcíaJ. A. R. 2017 Madrid live: A context-aware recomendar system of leisure plans In 2017 IEEE 29th International Conference on Tools with Artificial Intelligence 796 801 IEEE https://doi.org/10.1109/ICTAI.2017.00125. 10.1109/ICTAI.2017.00125 Search in Google Scholar

Jovicic, D. Z. (2019). From the traditional understanding of tourism destination to the smart tourism destination. Current Issues in Tourism, 22(3), 276–282. doi:10.1080/13683500.2017.1313203 JovicicD. Z. 2019 From the traditional understanding of tourism destination to the smart tourism destination Current Issues in Tourism 22 3 276 282 10.1080/13683500.2017.1313203 Open DOISearch in Google Scholar

Jülicher, T., & Delisle, M. (2018). Step into “the circle”—A close look at wearables and quantified self. In T. Hoeren & B. Kolany-Raiser (Eds.), Big data in context—Legal, social and technological insights (pp. 81–91). Springer. JülicherT. DelisleM. 2018 Step into “the circle”—A close look at wearables and quantified self In HoerenT. Kolany-RaiserB. (Eds.), Big data in context—Legal, social and technological insights 81 91 Springer 10.1007/978-3-319-62461-7_10 Search in Google Scholar

Kassimi, A. (2016, March 21). World's most successful driverless bus pilot in Trikala. http://www.greece-is.com/news/worlds-successful-driverless-bus-pilot-trikala/ KassimiA. 2016 March 21 World's most successful driverless bus pilot in Trikala http://www.greece-is.com/news/worlds-successful-driverless-bus-pilot-trikala/ Search in Google Scholar

Kemp, R. (2014). Legal aspects of managing big data. Computer Law and Security Review, 30(5), 482–491. KempR. 2014 Legal aspects of managing big data Computer Law and Security Review 30 5 482 491 10.1016/j.clsr.2014.07.006 Search in Google Scholar

Kim, D. J., Ferrin, D. L., & Rao, H. R. (2008). A trust-based consumer decision-making model in electronic commerce: The role of trust, perceived risk, and their antecedents. Decision Support Systems, 44(2), 544–564. http://doi.org/10.1016/j.dss.2007.07.001 KimD. J. FerrinD. L. RaoH. R. 2008 A trust-based consumer decision-making model in electronic commerce: The role of trust, perceived risk, and their antecedents Decision Support Systems 44 2 544 564 http://doi.org/10.1016/j.dss.2007.07.001 10.1016/j.dss.2007.07.001 Search in Google Scholar

Kontogianni, A., Kabassi, K., & Alepis, E. (2018). Designing a smart tourism mobile application: User modelling through social networks’ user implicit data. In Social informatics—10th International Conference: SocInfo 2018 (pp. 148–158). https://doi.org/10.1007/978-3-030-01159-8\__14.10.1007/978-3-030-01159-8\_14 KontogianniA. KabassiK. AlepisE. 2018 Designing a smart tourism mobile application: User modelling through social networks’ user implicit data In Social informatics—10th International Conference: SocInfo 2018 148 158 https://doi.org/10.1007/978-3-030-01159-8\__14.10.1007/978-3-030-01159-8\_14 10.1007/978-3-030-01159-8 Search in Google Scholar

Kontogianni, A. & Alepis, E. (2020). Smart tourism: State of the art and literature review for the last six years. Array. 6. 100020. 10.1016/j.array.2020.100020. KontogianniA. AlepisE. 2020 Smart tourism: State of the art and literature review for the last six years Array 6. 100020. 10.1016/j.array.2020.100020. 10.1016/j.array.2020.100020 Search in Google Scholar

Koutsouradis, A. (2020). Persons with reduced mobility as co-travelers/co-recipients of touristic services. In D. Papadopoulou-Klamari et al. (Eds.), Essays in honour of P. A. Papanikolaou: Freedom and justice in contract (pp. 489–537). Ant. N. Sakkoulas. KoutsouradisA. 2020 Persons with reduced mobility as co-travelers/co-recipients of touristic services In Papadopoulou-KlamariD. (Eds.), Essays in honour of P. A. Papanikolaou: Freedom and justice in contract 489 537 Ant. N. Sakkoulas Search in Google Scholar

Law, R., Buhalis, D., & Cobanoglu, C. (2014). Progress on information and communication technologies in hospitality and tourism. International Journal of Contemporary Hospitality Management, 26(5), 727–750. LawR. BuhalisD. CobanogluC. 2014 Progress on information and communication technologies in hospitality and tourism International Journal of Contemporary Hospitality Management 26 5 727 750 10.1108/IJCHM-08-2013-0367 Search in Google Scholar

Law, R., Leung, R., & Buhalis, D. (2009). Information technology applications in hospitality and tourism: A review of publications from 2005 to 2007. Journal of Travel & Tourism Marketing, 26(5–6), 599–621. LawR. LeungR. BuhalisD. 2009 Information technology applications in hospitality and tourism: A review of publications from 2005 to 2007 Journal of Travel & Tourism Marketing 26 5–6 599 621 10.1080/10548400903163160 Search in Google Scholar

Law, R., Leung, D., and Chan, I. C. C. (2019). Progression and development of information and communication technology research in hospitality and tourism: A state-of-the-art review. International Journal of Contemporary Hospitality Management, 32(2), 511–534. https://doi.org/10.1108/IJCHM-07-2018-0586 LawR. LeungD. ChanI. C. C. 2019 Progression and development of information and communication technology research in hospitality and tourism: A state-of-the-art review International Journal of Contemporary Hospitality Management 32 2 511 534 https://doi.org/10.1108/IJCHM-07-2018-0586 10.1108/IJCHM-07-2018-0586 Search in Google Scholar

Lee, C. H., & Cranage, D. A. (2011). Personalisation-privacy paradox: The effects of personalisation and privacy assurance on customer responses to travel Web sites. Tourism Management, 32(5), 987–994. http://doi.org/10.1016/j.tourman.2010.08.011 LeeC. H. CranageD. A. 2011 Personalisation-privacy paradox: The effects of personalisation and privacy assurance on customer responses to travel Web sites Tourism Management 32 5 987 994 http://doi.org/10.1016/j.tourman.2010.08.011 10.1016/j.tourman.2010.08.011 Search in Google Scholar

Luzak, J. (2016). Vulnerable travelers in the digital age. EuCML, 5(3), 130–135. LuzakJ. 2016 Vulnerable travelers in the digital age EuCML 5 3 130 135 Search in Google Scholar

Mantelero, A. (2014). The future of consumer data protection in the E.U.: Re-thinking the “notice and consent” paradigm in the new era of predictive analytics. Computer Law and Security Review, 30(6), 643–660. ManteleroA. 2014 The future of consumer data protection in the E.U.: Re-thinking the “notice and consent” paradigm in the new era of predictive analytics Computer Law and Security Review 30 6 643 660 10.1016/j.clsr.2014.09.004 Search in Google Scholar

Masseno, M. D. (2016a). On the relevance of big data for the formation of contracts regarding package tours or linked travel arrangements, according to the New Package Travel Directive. Comparazione e diritto civile, Salerno, 4, 1–14. MassenoM. D. 2016a On the relevance of big data for the formation of contracts regarding package tours or linked travel arrangements, according to the New Package Travel Directive Comparazione e diritto civile, Salerno 4 1 14 Search in Google Scholar

Masseno, M. D. (2016b). Personal data circulation from the EU to USA and now what for the American tourism industry with business in Europe? [Paper presentation]. 23rd International Tourism Safety Conference, Las Vegas, NV, United States. https://www.academia.edu/24412825/Personal_Data_Circulation_from_the_EU_to_the_USA_and_now_what_for_the_American_Tourism_Industry_with_business_in_Europe MassenoM. D. 2016b Personal data circulation from the EU to USA and now what for the American tourism industry with business in Europe? [Paper presentation]. 23rd International Tourism Safety Conference Las Vegas, NV, United States https://www.academia.edu/24412825/Personal_Data_Circulation_from_the_EU_to_the_USA_and_now_what_for_the_American_Tourism_Industry_with_business_in_Europe Search in Google Scholar

Masseno, M. D., & Santos, C. (2018a). Assuring privacy and data protection within the framework of smart tourism destinations. Rivista di diritto dei media, MediaLaws, 2(2), 251–266. MassenoM. D. SantosC. 2018a Assuring privacy and data protection within the framework of smart tourism destinations Rivista di diritto dei media, MediaLaws 2 2 251 266 Search in Google Scholar

Masseno, M. D., & Santos C. (2018b). Privacy and data protection issues on smart tourism destinations. In I. Chatzigiannakis, Y. Tobe, P. Novais, & O. Amft (Eds.), Intelligent Environments 2018: Workshop Proceedings of the 14th International Conference on Intelligent Environments (pp. 298–307). IOS Press. doi:10.3233/978-1-61499-874-7-298 MassenoM. D. SantosC. 2018b Privacy and data protection issues on smart tourism destinations In ChatzigiannakisI. TobeY. NovaisP. AmftO. (Eds.), Intelligent Environments 2018: Workshop Proceedings of the 14th International Conference on Intelligent Environments 298 307 IOS Press 10.3233/978-1-61499-874-7-298 Open DOISearch in Google Scholar

Masseno, M. D., & Santos, C. (2018c). Smart tourism destinations privacy risk on data protection—A first approach, from a European perspective. Revista Eletrônica Sapere Aude, 1(1), 127–149. MassenoM. D. SantosC. 2018c Smart tourism destinations privacy risk on data protection—A first approach, from a European perspective Revista Eletrônica Sapere Aude 1 1 127 149 Search in Google Scholar

Mavragani, E., Nikolaidou, P., & Theodoraki, E. (2019). Traveler segmentation through social media for intercultural marketing purposes: The case of Halkidiki. Journal of Tourism, Heritage & Services Marketing, 5(1), 15–23. MavraganiE. NikolaidouP. TheodorakiE. 2019 Traveler segmentation through social media for intercultural marketing purposes: The case of Halkidiki Journal of Tourism, Heritage & Services Marketing 5 1 15 23 Search in Google Scholar

Menk, A., Sebastia, L., & Ferreira, R. (2017). Curumim: A serendipitous recommender system for tourism based on human curiosity. In 2017 IEEE 29th International Conference on Tools with Artificial Intelligence: ICTAI (pp. 788–795). IEEE. https://doi.org/10.1109/ICTAI.2017.00124 MenkA. SebastiaL. FerreiraR. 2017 Curumim: A serendipitous recommender system for tourism based on human curiosity In 2017 IEEE 29th International Conference on Tools with Artificial Intelligence: ICTAI 788 795 IEEE https://doi.org/10.1109/ICTAI.2017.00124 10.1109/ICTAI.2017.00124 Search in Google Scholar

Neuhofer, B., Buhalis, D., & Ladkin, A. (2015). Smart technologies for personalized experiences: A case study in the hospitality domain. Electronic Markets, 25(3), 243–254. NeuhoferB. BuhalisD. LadkinA. 2015 Smart technologies for personalized experiences: A case study in the hospitality domain Electronic Markets 25 3 243 254 10.1007/s12525-015-0182-1 Search in Google Scholar

Neuhofer, B., & Ivars-Baidal, J. A. (2019). Towards a conceptualisation of smart tourists and their role within the smart destination scenario. The Service Industries Journal, 39(2), 109–133. doi:10.1080/02642069.2018.1508458 NeuhoferB. Ivars-BaidalJ. A. 2019 Towards a conceptualisation of smart tourists and their role within the smart destination scenario The Service Industries Journal 39 2 109 133 10.1080/02642069.2018.1508458 Open DOISearch in Google Scholar

Pantano, E., Priporas, C. V., & Stylos, N. (2017). “You will like it!” Using open data to predict tourists’ responses to a tourist attraction. Tourism Management, 60, 430–438. PantanoE. PriporasC. V. StylosN. 2017 “You will like it!” Using open data to predict tourists’ responses to a tourist attraction Tourism Management 60 430 438 10.1016/j.tourman.2016.12.020 Search in Google Scholar

Pariser, E. (2011). The filter bubble: What the Internet is hiding from you. Penguin. PariserE. 2011 The filter bubble: What the Internet is hiding from you Penguin Search in Google Scholar

Peceny, U. S., Urbančič, J., Kuralt, V., Mokorel, S., & Ilijaš, T. (2019). Tourism 4.0: Challenges in marketing a paradigm shift. In Consumer behavior and marketing. IntechOpen. doi:10.5772/intechopen.84762 PecenyU. S. UrbančičJ. KuraltV. MokorelS. IlijašT. 2019 Tourism 4.0: Challenges in marketing a paradigm shift In Consumer behavior and marketing IntechOpen 10.5772/intechopen.84762 Open DOISearch in Google Scholar

Philips. (2014). Smart hotel smart return. Philips. Philips 2014 Smart hotel smart return Philips Search in Google Scholar

Prahaland, C. K., & Ramaswamy, V. (2004). Co-creation experiences: The next practice in value creation. Journal of Interactive Marketing, 18(3), 5–14. PrahalandC. K. RamaswamyV. 2004 Co-creation experiences: The next practice in value creation Journal of Interactive Marketing 18 3 5 14 10.1002/dir.20015 Search in Google Scholar

Rasoolimanesh, S. M., Law, R., Buhalis, D., & Cobanoglu, C. (2019). Development and trend of information and communication technologies in hospitality and tourism—Guest editorial. Journal of Hospitality and Tourism Technology, 10(4), 481–488. RasoolimaneshS. M. LawR. BuhalisD. CobanogluC. 2019 Development and trend of information and communication technologies in hospitality and tourism—Guest editorial Journal of Hospitality and Tourism Technology 10 4 481 488 10.1108/JHTT-11-2019-143 Search in Google Scholar

Romanou, A. (2018). The necessity of the implementation of privacy by design in sectors where data protection concerns arise. Computer Law and Security Review, 34(1), 99–110. RomanouA. 2018 The necessity of the implementation of privacy by design in sectors where data protection concerns arise Computer Law and Security Review 34 1 99 110 10.1016/j.clsr.2017.05.021 Search in Google Scholar

Rubinstein, I. (2013). Big data: The end of privacy or a new beginning. International Data Privacy Law, 3(2), 74–87. RubinsteinI. 2013 Big data: The end of privacy or a new beginning International Data Privacy Law 3 2 74 87 10.1093/idpl/ips036 Search in Google Scholar

Russom, P. (2013). Managing big data (TDWI Best Practices Report, Fourth Quarter). The Data Warehousing Institute. RussomP. 2013 Managing big data (TDWI Best Practices Report, Fourth Quarter). The Data Warehousing Institute Search in Google Scholar

Saravanan, S., & Ramakrishnan, B. S. (2016). Preserving privacy in the context of location-based services through location hider in mobile-tourism. Information Technology & Tourism, 16(2), 229–248. http://doi.org/10.1007/s40558-016-0056-1 SaravananS. RamakrishnanB. S. 2016 Preserving privacy in the context of location-based services through location hider in mobile-tourism Information Technology & Tourism 16 2 229 248 http://doi.org/10.1007/s40558-016-0056-1 10.1007/s40558-016-0056-1 Search in Google Scholar

Schwartz, P., & Solove, D. (2011). The PII problem: Privacy and a new concept of personally identifiable information. New York University Law Review, 86, 1814–1894. SchwartzP. SoloveD. 2011 The PII problem: Privacy and a new concept of personally identifiable information New York University Law Review 86 1814 1894 Search in Google Scholar

Shen, A., & Ball, A. D. (2009). Is personalization of services always a good thing? Exploring the role of technology-mediated personalization (tmp) in service relationships. Journal of Services Marketing, 23(2), 80–92. ShenA. BallA. D. 2009 Is personalization of services always a good thing? Exploring the role of technology-mediated personalization (tmp) in service relationships Journal of Services Marketing 23 2 80 92 10.1108/08876040910946341 Search in Google Scholar

Smirnov, A. V., Kashevnik, A. M., Shilov, N., Mikhailov, S., Gusikhin, O., & Martinez, H. (2019). Intelligent content management system for tourism smart mobility: Approach and cloud-based android application. In Proceedings of the 5th International Conference on Vehicle Technology and Intelligent Transport Systems, VEHITS 2019 (pp. 426–433). https://doi.org/10.5220/0007715304260433 SmirnovA. V. KashevnikA. M. ShilovN. MikhailovS. GusikhinO. MartinezH. 2019 Intelligent content management system for tourism smart mobility: Approach and cloud-based android application In Proceedings of the 5th International Conference on Vehicle Technology and Intelligent Transport Systems, VEHITS 2019 426 433 https://doi.org/10.5220/0007715304260433 10.5220/0007715304260433 Search in Google Scholar

Solove, D. (2017). I’ve got nothing to hide and other misunderstandings of privacy. San Diego Law Review, 44, 745–772. SoloveD. 2017 I’ve got nothing to hide and other misunderstandings of privacy San Diego Law Review 44 745 772 Search in Google Scholar

Tallon, P. (2013). Corporate governance of big data: Perspectives on value, risk, and cost. Computer 46(6), 32–38. TallonP. 2013 Corporate governance of big data: Perspectives on value, risk, and cost Computer 46 6 32 38 10.1109/MC.2013.155 Search in Google Scholar

Tripathy, A. K., Tripathy, P. K., Ray, N. K., & Mohanty, S. P. (2018). iTour: The future of smart tourism. An IoT framework for the independent mobility of tourists in smart cities. IEEE Consumer Electronics Magazine, 7(3), 32–37. https://doi.org/10.1109/MCE.2018.2797758 TripathyA. K. TripathyP. K. RayN. K. MohantyS. P. 2018 iTour: The future of smart tourism. An IoT framework for the independent mobility of tourists in smart cities IEEE Consumer Electronics Magazine 7 3 32 37 https://doi.org/10.1109/MCE.2018.2797758 10.1109/MCE.2018.2797758 Search in Google Scholar

Tussyadiah, L., & Fesenmaier, D. (2009). Mediating the tourist experiences access to places via shared videos. Annals of Tourism Research 36(1), 24–40. TussyadiahL. FesenmaierD. 2009 Mediating the tourist experiences access to places via shared videos Annals of Tourism Research 36 1 24 40 10.1016/j.annals.2008.10.001 Search in Google Scholar

Tussyadiah, I. P., Zach, F. J., & Wang, J. (2017). Attitudes toward autonomous on demand mobility system: The case of self-driving taxi. In Information and communication technologies in tourism 2017 (755–766). Springer. TussyadiahI. P. ZachF. J. WangJ. 2017 Attitudes toward autonomous on demand mobility system: The case of self-driving taxi In Information and communication technologies in tourism 2017 755 766 Springer 10.1007/978-3-319-51168-9_54 Search in Google Scholar

Vecchio, P. D., Mele, G., Ndou, V., & Secundo, G. (2018). Creating value from social big data: Implications for smart tourism destinations. Information Processing & Management 54(5), 847–860. https://doi.org/10.1016/j.ipm.2017.10.006 VecchioP. D. MeleG. NdouV. SecundoG. 2018 Creating value from social big data: Implications for smart tourism destinations Information Processing & Management 54 5 847 860 https://doi.org/10.1016/j.ipm.2017.10.006 10.1016/j.ipm.2017.10.006 Search in Google Scholar

Vojvodic, K. (2015). Understanding the senior travel market: A review. Tourism in Southern and Eastern Europe, 3, 479–88. VojvodicK. 2015 Understanding the senior travel market: A review Tourism in Southern and Eastern Europe 3 479 88 Search in Google Scholar

Wachter, S. (2018). The GDPR and the Internet of Things: a three-step transparency model. Law, Innovation and Technology, 10(2), 266–294, DOI: 10.1080/17579961.2018.1527479 WachterS. 2018 The GDPR and the Internet of Things: a three-step transparency model. Law Innovation and Technology 10 2 266 294 10.1080/17579961.2018.1527479 Open DOISearch in Google Scholar

Wachter, S., Mittelstadt, B., & Floridi, L. (2017). Why a right to explanation of automated decision-making does not exist in the General Data Protection Regulation. International Data Privacy Law, 7(2), 76–99. WachterS. MittelstadtB. FloridiL. 2017 Why a right to explanation of automated decision-making does not exist in the General Data Protection Regulation International Data Privacy Law 7 2 76 99 10.1093/idpl/ipx005 Search in Google Scholar

Wang, D., Park, S., & Fesenmaier, D. R. (2012). The role of smartphones in mediating the touristic experience. Journal of Travel Research, 51(4), 371–387. WangD. ParkS. FesenmaierD. R. 2012 The role of smartphones in mediating the touristic experience Journal of Travel Research 51 4 371 387 10.1177/0047287511426341 Search in Google Scholar

Wang, D., Xiang, Z., & Fesenmaier, D. R. (2016). Smartphone use in everyday life and travel. Journal of Travel Research, 55(1), 52–63. http://doi.org/10.1177/0047287514535847 WangD. XiangZ. FesenmaierD. R. 2016 Smartphone use in everyday life and travel Journal of Travel Research 55 1 52 63 http://doi.org/10.1177/0047287514535847 10.1177/0047287514535847 Search in Google Scholar

Weaver, D. B., & Moyle, B. D. (2019). “Tourist stupidity” as a basic characteristic of “smart tourism”: Challenges for destination planning and management. Tourism Recreation Research, 44(3), 387–391. doi:10.1080/02508281.2019.1637611 WeaverD. B. MoyleB. D. 2019 “Tourist stupidity” as a basic characteristic of “smart tourism”: Challenges for destination planning and management Tourism Recreation Research 44 3 387 391 10.1080/02508281.2019.1637611 Open DOISearch in Google Scholar

Xiang, Z., & Fesenmaier, D. R. (2017). Big data analytics, tourism design and smart tourism. In Z. Xiang & D. R. Fesenmaier (Eds.), Analytics in smart tourism design (pp. 299–307). Springer. XiangZ. FesenmaierD. R. 2017 Big data analytics, tourism design and smart tourism In XiangZ. FesenmaierD. R. (Eds.), Analytics in smart tourism design 299 307 Springer 10.1007/978-3-319-44263-1_17 Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo