IOT Privacy, Data Protection, Security – European thoughts on how to manage IOT
Page 9 of this European report on the “Internet of Things” states:
Do nothing: “Personal data today may be processed more easily and on an unprecedented scale by both private companies and public authorities, which increases the risks for individuals’ rights and challenges their capacity of keeping control over their own data (…). Moreover, there are wide divergences in the way Member States have transposed and enforced the Directive, so that in reality the protection of personal data across the EU cannot be considered as equivalent today.” IoT technology will lead to an by far increased amount of personal data being processed. The very nature of IoT technology, to autonomously process and communicate data without human intervention increases the need for not only harmonised technical standards but also legal requirements. Doing nothing might reinforce the adverse effects and seems to be the least preferable option.
Binding law: Binding law in combination with increased level of data protection enforcement seem to be the most promising option to achieve the goals to ensure a fundamental rights compliant and trustworthy development of IoT technology. As IoT technologies are in a very early stage of development, it also seems to be economically preferable to provide clear binding requirements already at this stage of the development. This allows for designing technology according to these requirements, rather than having to change already existing technology later on.
My thoughts on these options are that the American system is the “do nothing” option; which has adverse effects on privacy. It is reassuring to note the comment from Europe, that this is the least preferable option.
Europe seems to support binding laws to curtail the impact of IOT on civilians. The impact of IOT cannot be overestimated. It needs to be tightly regulated, as the effects, on balance will be generally negative for most civilians.