Ownership of Personal Data in the Internet of Things
Computer Law & Security Review, 2018, 34(5), 1039-1052
22 Pages Posted: 18 Dec 2019 Last revised: 30 Sep 2018
Date Written: December 1, 2017
Abstract
This article analyses, defines, and refines the concepts of ownership and personal data. It critically examines the traditional dividing line between personal and non-personal data and argues for a strict conceptual separation of personal data from personal information. The article also considers whether, and to what extent, the concept of ownership can be applied to personal data in the context of the Internet of Things (IoT). This consideration is framed around two main approaches shaping all ownership theories: a bottom-up and top-down approach. Via these dual lenses, the article reviews existing debates relating to four elements supporting introduction of ownership of personal data, namely the elements of control, protection, valuation, and allocation of personal data. It then explores the explanatory advantages and disadvantages of the two approaches in relation to each of these elements as well as to ownership of personal data in IoT at large. Lastly, the article outlines a revised approach to ownership of personal data in IoT that may serve as a blueprint for future regulatory and policy debates in the context of EU law and beyond.
Keywords: personal data, personal information, non-personal data, data, information, ownership, Internet of Things, EU law, property, GDPR, review, rights, control, protection, valuation, allocation, bottom-up, top-down, ELI, token, type, personal information management system, ethics, data ethics
JEL Classification: K10, K11, K12, K13, K21, K23, K29, K39
Suggested Citation: Suggested Citation