Data are the oil of the future and the Internet of Things technologies considerably rely on them, leading to major data protection issues.
It became quite popular some years ago, the cyber attack that caused a fridge to send over 750,000 spam and phishing messages during the Christmas break creating concerns as to the potential data protection issues deriving from the usage of such technologies.
At the Salone del Mobile, the Milan Furniture Fair, it appeared in several editions a satellite event dedicated to the “Technology For the Kitchen.” Such fact shows that with the Internet of Things our house, our car and our garments might quickly change because of sensors that will be able to collect information about the environment where we live as well as our tastes and preferences and often make decisions for us.
Devices such as smart fridges that through barcodes or RFID can recognize products and send notifications on missing products or even send an order to our grocery store for home delivery. Google Latitude Doorbell sends alarm messages when our partner is 10 minutes away from home so that we can arrange dinner and wearable technologies that can, for instance, monitor our body conditions and notify the drugs to be taken show the size of the massive change that is occurring around us.
And such a change is not so far. Such technologies are already quite popular. What immediately appears clear though is that such technologies can collect a large amount of personal data relating to their users, their habits and preferences, their location and what they are doing. Such a scenario increases the number of questions as to the so-called big data on which the Internet of Things relies and the way such data have to be used and stored. Questions are addressed not only to comply with data protection regulations but also to avoid that users are monitored 24×7 to send marketing communications and to prevent hacker attacks.
After the decision of the European Court of Justice that deemed invalid the Data Retention Directive since it has been considered to entail
a serious interference with the fundamental rights to respect for private life and to the protection of personal data, without that interference being limited to what is strictly necessary
what will be the position of data protection regulators on the Internet of Things?
Also, will users be interested in being “protected” from these devices or mainly attracted by the advantages deriving from their usage? Will we find ourselves in an unusual situation where we shall provide the consent to the processing of personal data when we purchase our household appliances?
Furthermore, the mere data protection consent does not allow the data controller to process the collected data for any purpose also communicating them to any third party. But on the contrary data protection laws place on entities processing personal data very stringent obligations as to the processing, storage, and communication of data to third parties, also prescribing appropriate sanctions for the breach of such obligations.
The typical scenario when for instance a US company entering the European market merely translates their US law data protection notice is likely to become less frequent, and entities will understand the need to comply with local data protection laws, also in the light of the much more significant fines provided by the GDPR. You can read on the topic “Are privacy fines massive under the GDPR?“.
Likewise, the need to protect users from cyber attacks will become more and more a priority. If a hacker can control our house and maybe our entire life accessing to our devices the issue is going to be deemed to be very relevant. And the criminal sanctions already prescribed for the illegal access to information systems might need to be updated in the light of new types of attacks and the new kinds of devices that can become victims of attacks.
It will be interesting monitoring the development of the Internet of Things products, but data protection and security will undoubtedly be sectors that also companies manufacturing appliances and pieces of furniture shall learn.
On the topic, you may read “The Internet of Things law issues and cybercrime – what risks?“.