The Article 29 Working Party (WP29) has adopted an opinion on recent developments on the Internet of Things (IoT). It is intended to contribute to the uniform application of the legal data protection framework in the IoT as well as to the development of a high level of protection with regard to personal data in the EU.
The opinion emphasises the full application of the EU data protection framework to the IoT and specifies the obligations of stakeholders and rights conferred on data subjects as well as a variety of security measures to implement a successful IoT which complies with data protection laws.
Wearable computing, quantified self and home automation are discussed in particular detail and the WP29 expresses concern regarding:
• the data subject’s lack of control over their data and the interaction of a combination of technologies;
• the quality of user consent and new ways to obtain such consent;
• potential misuse of secondary data incidentally collected with the raw data;
• limitations on the possibility to remain anonymous and the difficulties preserving one’s privacy in the IoT; and
• the risk of turning everyday objects into a privacy and security target.
The opinion details a number of practical steps for stakeholders to take in order to prioritise data protection, benefitting both the data subjects’ rights and creating a competitive advantage for the stakeholder in question.