Not Hardcoding but Softcoding Data Protection


  • Aurelia Tamò-Larrieux University of Zurich
  • Simon Mayer University of St. Gallen
  • Zaïra Zihlmann University of Lucerne



GDPR, privacy by design, data protection by design and default, security by design, privacy engineering, techno-regulation, compliance by design, legal protection by design, softcode


The delegation of decisions to machines has revived the debate on whether and how technology should and can embed fundamental legal values within its design. While these debates have predominantly been occurring within the philosophical and legal communities, the computer science community has been eager to provide tools to overcome some challenges that arise from ‘hardwiring’ law into code. What emerged is the formation of different approaches to code that adapts to legal parameters. Within this article, we discuss the translational, system-related, and moral issues raised by implementing legal principles in software. While our findings focus on data protection law, they apply to the interlinking of code and law across legal domains. These issues point towards the need to rethink our current approach to design-oriented regulation and to prefer ‘soft’ implementations, where decision parameters are decoupled from program code and can be inspected and modified by users, over ‘hard’ approaches, where decisions are taken by opaque pieces of program code.


Download data is not yet available.




How to Cite

Tamò-Larrieux, A., Mayer, S., & Zihlmann, Z. (2021). Not Hardcoding but Softcoding Data Protection. Technology and Regulation, 2021, 17–34.



Received 2021-09-03
Published 2021-05-06