Normative Challenges of Identification in the Internet of Things: Privacy, Profiling, Discrimination, and the GDPR

Computer Law & Security Review, 34 (3), 436-449, 2018

22 Pages Posted: 7 Dec 2017 Last revised: 16 Jun 2018

See all articles by Sandra Wachter

Sandra Wachter

University of Oxford - Oxford Internet Institute

Date Written: December 6, 2017

Abstract

In the Internet of Things (IoT), identification and access control technologies provide essential infrastructure to link data between a user’s devices with unique identities, and provide seamless and linked up services. At the same time, profiling methods based on linked records can reveal unexpected details about users’ identity and private life, which can conflict with privacy rights and lead to economic, social, and other forms of discriminatory treatment. A balance must be struck between identification and access control required for the IoT to function and user rights to privacy and identity. Striking this balance is not an easy task because of weaknesses in cybersecurity and anonymisation techniques. The EU General Data Protection Regulation (GDPR), set to come into force in May 2018, may provide essential guidance to achieve a fair balance between the interests of IoT providers and users. Through a review of academic and policy literature, this paper maps the inherit tension between privacy and identifiability in the IoT. It focuses on four challenges: (1) profiling, inference, and discrimination; (2) control and context-sensitive sharing of identity; (3) consent and uncertainty; and (4) honesty, trust, and transparency. The paper will then examine the extent to which several standards defined in the GDPR will provide meaningful protection for privacy and control over identity for users of IoT. The paper concludes that in order to minimise the privacy impact of the conflicts between data protection principles and identification in the IoT, GDPR standards urgently require further specification and implementation into the design and deployment of IoT technologies.

Keywords: Data Protection, Digital Ethics, Identity, Identification, Internet of Things, Privacy, Profiling, Discrimination, GDPR, Review

Suggested Citation

Wachter, Sandra, Normative Challenges of Identification in the Internet of Things: Privacy, Profiling, Discrimination, and the GDPR (December 6, 2017). Computer Law & Security Review, 34 (3), 436-449, 2018, Available at SSRN: https://ssrn.com/abstract=3083554 or http://dx.doi.org/10.2139/ssrn.3083554

Sandra Wachter (Contact Author)

University of Oxford - Oxford Internet Institute ( email )

1 St. Giles
University of Oxford
Oxford OX1 3PG Oxfordshire, Oxfordshire OX1 3JS
United Kingdom

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
1,658
Abstract Views
6,434
Rank
22,675
PlumX Metrics