The GDPR and the Internet of Things: A Three-Step Transparency Model

Law, Innovation and Technology doi.org/10.1080/17579961.2018.1527479

32 Pages Posted: 6 Mar 2018 Last revised: 9 Oct 2018

See all articles by Sandra Wachter

Sandra Wachter

University of Oxford - Oxford Internet Institute

Date Written: February 5, 2018

Abstract

The Internet of Things (IoT) requires pervasive collection and linkage of user data to provide personalised experiences based on potentially invasive inferences. Consistent identification of users and devices is necessary for this functionality, which poses risks to user privacy. The General Data Protection Regulation (GDPR) contains numerous provisions relevant to these risks, which may nonetheless be insufficient to ensure a fair balance between users’ and developers’ interests. A three-step transparency model is described based on known privacy risks of the IoT, the GDPR’s governing principles, and weaknesses in its relevant provisions. Eleven ethical guidelines are proposed for IoT developers and data controllers on how information about the functionality of the IoT should be shared with users above the GDPR’s legally binding requirements. Two use cases demonstrate how the guidelines apply in practice: IoT in public spaces and connected cities, and connected cars.

Keywords: Data protection, Ethics, Privacy, Internet of things, Profiling

Suggested Citation

Wachter, Sandra, The GDPR and the Internet of Things: A Three-Step Transparency Model (February 5, 2018). Law, Innovation and Technology doi.org/10.1080/17579961.2018.1527479. Available at SSRN: https://ssrn.com/abstract=3130392 or http://dx.doi.org/10.2139/ssrn.3130392

Sandra Wachter (Contact Author)

University of Oxford - Oxford Internet Institute ( email )

1 St. Giles
University of Oxford
Oxford OX1 3PG Oxfordshire, Oxfordshire OX1 3JS
United Kingdom

Register to save articles to
your library

Register

Paper statistics

Downloads
611
rank
41,985
Abstract Views
1,760
PlumX Metrics
!

Under construction: SSRN citations will be offline until July when we will launch a brand new and improved citations service, check here for more details.

For more information