The Article 29 Working Party (WP29) adopted an opinion on the Internet of Things (IoT) at its recent plenary meeting (16-17 September 2014). Opinion 8/2014 on the Recent Developments on the Internet of Things draws attention to ‘the privacy and data protection challenges raised by “smart things” which are gradually entering our daily lives’. The stated aim is to provide ‘stakeholders’ with a strong competitive advantage by explaining how to implement a sustainable IoT which complies with the data protection legal framework.
While recognising the significant prospects of growth for a great number of innovating and creative EU companies, the Article 29 Working Party ‘is keen that the expected benefits for businesses and citizens are not to the detriment of addressing the many privacy and security concerns that are also associated with the IoT’.
The Opinion stresses that the EU legal framework is fully applicable to the processing of personal data through devices, applications or services used in the context of the IoT. The Opinion highlights, with specific examples, the essential data protection obligations weighing on stakeholders and the rights granted to data subjects by EU law in that context. Also highlighted are the security issues that have already emerged in the IoT and the practical measures that must be taken by data controllers.
Focusing on recent developments of the IoT – Quantified Self, Wearable Computing and Home Automation – the Opinion provides a comprehensive set of practical recommendations addressed to the various stakeholders involved in the development of the IoT (device manufacturers, application developers, social platforms, further data recipients, data platforms and standardisation bodies). The Article 29 Working Party underlines the competitive advantage there is for stakeholders in the IoT to enable users to remain in complete control of the sharing of their data and to rely as much as possible on their consent.
The Article 29 Working Party intends that this Opinion will contribute to the uniform application of the EU legal framework, help data controllers comply with their obligations under EU law and contribute to the development of the IoT in full conformity with data protection principles.