Research Article | | Peer-Reviewed

The Internet of Things and Privacy Concerns: The Applicability of the GDPR Transparency Principle to the Internet of Things

Received: 23 September 2023     Accepted: 1 November 2023     Published: 28 December 2023
Views:       Downloads:
Abstract

The use of the "Internet of Things" (IoT) is rapidly increasing. The European Union (EU) is expected to make major investments in areas such as smart homes, personal health and wearables, smart energy, smart cities and smart mobility. IoT applications are emerging in many areas such as healthcare, transportation and traffic control, public space and environmental monitoring, social interaction, personalized shopping and commerce, home automation and more. These IoT devices are constantly collecting vast amounts of personal data, such as location data and health data, in order to function properly or to optimize and customize their services. IoT is defined by connectivity and linking services, tailored to the specific needs of users. Objects and services must interconnect and share data about specific users in order to provide connected services, not just the direct interaction of users with specific nodes. Networked seamless services are not possible without repeated and consistent user identification. However, the pursuit of user identification and personalization comes with privacy risks. Privacy is a major concern as the Internet of Things develops, especially in regard to information to users and consent. Data collection devices and all necessary information about them should be made available electronically to all data subjects within range of the devices, with the data subjects being able to reply electronically and express their own privacy preferences as well. In this paper, examples of technologies and initiatives are presented and discussed in light of the GDPR and additionally, the WP29 recommendations are discussed.

Published in International Journal on Data Science and Technology (Volume 9, Issue 3)
DOI 10.11648/j.ijdst.20230903.11
Page(s) 35-40
Creative Commons

This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited.

Copyright

Copyright © The Author(s), 2023. Published by Science Publishing Group

Keywords

GDPR, Internet of Things, Transparency, Privacy by Design, Anonymization, Pseudonymization

References
[1] European Commission, ‘Commission Staff Working Document: Advancing the Internet of Things in Europe’ (European Commission 2016) SWD (2016) 110 final 31 http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52016SC0110&from=EN.
[2] Gonçalves, F., Macedo, J., João Nicolau, M. and Santos, A. (2013) ‘Security Architecture for Mobile E-Health Applications in Medication Control’ .
[3] Sicari, S., Rizardi, A., Grieco, L. A. and Coen-Porisini, A. (2015) ‘Security, Privacy and Trust in Internet of Things: The Road Ahead’, Computer Networks, Vol. 76, pp. 146–64.
[4] Eskens, S. J., (2016) ‘Profiling the European Citizen in the Internet of Things: How Will the General Data Protection Regulation Apply to This Form of Personal Data Processing, and How Should It?’ Social Science Research Network .
[5] Barocas, S. and Selbst, A. D. (2016) ‘Big Data’s Disparate Impact’ California Law Review, Vol. 104, pp. 671–732.
[6] Wachter, S. (2017) ‘Privacy: Primus Inter Pares ― Privacy as a Precondition for Self-Development, Personal Fulfilment and the Free Enjoyment of Fundamental Human Rights’ Social Science Research Network .
[7] Ohm, P. (2010) ‘Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization’ https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1450006.
[8] Tene, O. and Polonetsky, J. (2013) ‘Big Data for All: Privacy and User Control in the Age of Analytics’ Northwestern Journal of Technology and Intellectual Property http://heinonlinebackup.com/hol-cgi bin/get_pdf.cgi?handle=hein.journals/nwteintp11§ion=20.
[9] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
[10] Wachter, S. (2018) ‘Normative challenges of identification in the Internet of Things: Privacy, profiling, discrimination, and the GDPR’ Computer Law & Security Review .
[11] GDPR, Article 15.
[12] GDPR, Article 22.
[13] Ananny, M. and Crawford, K. (2018) ‘Seeing without knowing: Limitations of the transparency ideal and its application to algorithmic accountability’, New Media & Society, p. 973–989.
[14] Curran, D. (2018) ‘Are you ready? Here is all the data Facebook and Google have on you’, The Guardian .
[15] Kemper, J. and Kolkman, D. (2018) ‘Transparent to whom? No algorithmic accountability without a critical audience’, Information, Communication & Society.
[16] GDPR, Articles 13(2) (f) and 14(2) (g).
[17] GDPR, Recital 60.
[18] Article 29 Working Party (A29WP), ‘Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679’ (2017), p. 27. The Article 29 Working Party, which was established by Directive 95/46/EC, has been replaced by the European Data Protection Board (EDPB) on 25 May 2018.
[19] Article 29 Working Party (A29WP), ‘Guidelines on consent under Regulation 2016/679’, adopted on 4th May, 2020.
[20] Article 29 Working Party (A29WP), ‘Opinion 8/2014 on the Recent Developments on the Internet of Things’, adopted on 16th September, 2014.
[21] GDPR, Recital 32.
[22] European Commission, ‘Proposal for a Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications)’, adopted in January 2017.
[23] Cavoukian, A. (2009) ‘Privacy by design: The 7 foundational principles’, .
[24] Article 29 Working Party (A29WP), ‘Guidelines on transparency under Regulation 2016/679’, adopted on 29th November, 2017, as last revised and adopted on 11th April, 2018, p. 25.
[25] Article 29 Working Party (A29WP), ‘Opinion 01/2017 on the Proposed Regulation for the ePrivacy Regulation (2002/58/EC)’, adopted on 4th April, 2017, p. 18.
Cite This Article
  • APA Style

    Mougdir, S. (2023). The Internet of Things and Privacy Concerns: The Applicability of the GDPR Transparency Principle to the Internet of Things. International Journal on Data Science and Technology, 9(3), 35-40. https://doi.org/10.11648/j.ijdst.20230903.11

    Copy | Download

    ACS Style

    Mougdir, S. The Internet of Things and Privacy Concerns: The Applicability of the GDPR Transparency Principle to the Internet of Things. Int. J. Data Sci. Technol. 2023, 9(3), 35-40. doi: 10.11648/j.ijdst.20230903.11

    Copy | Download

    AMA Style

    Mougdir S. The Internet of Things and Privacy Concerns: The Applicability of the GDPR Transparency Principle to the Internet of Things. Int J Data Sci Technol. 2023;9(3):35-40. doi: 10.11648/j.ijdst.20230903.11

    Copy | Download

  • @article{10.11648/j.ijdst.20230903.11,
      author = {Senna Mougdir},
      title = {The Internet of Things and Privacy Concerns: The Applicability of the GDPR Transparency Principle to the Internet of Things},
      journal = {International Journal on Data Science and Technology},
      volume = {9},
      number = {3},
      pages = {35-40},
      doi = {10.11648/j.ijdst.20230903.11},
      url = {https://doi.org/10.11648/j.ijdst.20230903.11},
      eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.ijdst.20230903.11},
      abstract = {The use of the "Internet of Things" (IoT) is rapidly increasing. The European Union (EU) is expected to make major investments in areas such as smart homes, personal health and wearables, smart energy, smart cities and smart mobility. IoT applications are emerging in many areas such as healthcare, transportation and traffic control, public space and environmental monitoring, social interaction, personalized shopping and commerce, home automation and more. These IoT devices are constantly collecting vast amounts of personal data, such as location data and health data, in order to function properly or to optimize and customize their services. IoT is defined by connectivity and linking services, tailored to the specific needs of users. Objects and services must interconnect and share data about specific users in order to provide connected services, not just the direct interaction of users with specific nodes. Networked seamless services are not possible without repeated and consistent user identification. However, the pursuit of user identification and personalization comes with privacy risks. Privacy is a major concern as the Internet of Things develops, especially in regard to information to users and consent. Data collection devices and all necessary information about them should be made available electronically to all data subjects within range of the devices, with the data subjects being able to reply electronically and express their own privacy preferences as well. In this paper, examples of technologies and initiatives are presented and discussed in light of the GDPR and additionally, the WP29 recommendations are discussed.
    },
     year = {2023}
    }
    

    Copy | Download

  • TY  - JOUR
    T1  - The Internet of Things and Privacy Concerns: The Applicability of the GDPR Transparency Principle to the Internet of Things
    AU  - Senna Mougdir
    Y1  - 2023/12/28
    PY  - 2023
    N1  - https://doi.org/10.11648/j.ijdst.20230903.11
    DO  - 10.11648/j.ijdst.20230903.11
    T2  - International Journal on Data Science and Technology
    JF  - International Journal on Data Science and Technology
    JO  - International Journal on Data Science and Technology
    SP  - 35
    EP  - 40
    PB  - Science Publishing Group
    SN  - 2472-2235
    UR  - https://doi.org/10.11648/j.ijdst.20230903.11
    AB  - The use of the "Internet of Things" (IoT) is rapidly increasing. The European Union (EU) is expected to make major investments in areas such as smart homes, personal health and wearables, smart energy, smart cities and smart mobility. IoT applications are emerging in many areas such as healthcare, transportation and traffic control, public space and environmental monitoring, social interaction, personalized shopping and commerce, home automation and more. These IoT devices are constantly collecting vast amounts of personal data, such as location data and health data, in order to function properly or to optimize and customize their services. IoT is defined by connectivity and linking services, tailored to the specific needs of users. Objects and services must interconnect and share data about specific users in order to provide connected services, not just the direct interaction of users with specific nodes. Networked seamless services are not possible without repeated and consistent user identification. However, the pursuit of user identification and personalization comes with privacy risks. Privacy is a major concern as the Internet of Things develops, especially in regard to information to users and consent. Data collection devices and all necessary information about them should be made available electronically to all data subjects within range of the devices, with the data subjects being able to reply electronically and express their own privacy preferences as well. In this paper, examples of technologies and initiatives are presented and discussed in light of the GDPR and additionally, the WP29 recommendations are discussed.
    
    VL  - 9
    IS  - 3
    ER  - 

    Copy | Download

Author Information
  • Department Private Law, University of Amsterdam, Amsterdam, The Netherlands

  • Sections