32
ISSUES: Privacy
Chapter 3: ‘The Internet of Things’
organisations. There have been recent
developments in respect of EU data
protection law and the newGeneral Data
Protection Regulation (GDPR) will come
into force on 25 May 2018. Regardless
of the UK’s EU membership status, any
company which holds or uses personal
data of EU citizens will still be required to
comply with the GDPR. In addition, there
is also the likelihood that in preparation
to leave the EU, the UK will reform its
current data protection law to bring it in
line with the GDPR.
With the tightening up of the data
protection regime, this will impact on the
obligations and responsibilities imposed
on those businesses involved in the
collection and processing of data from
IoT devices – including a requirement to
carry out privacy impact assessments,
increased scrutiny as to obtaining the
consent of the user to process their
personal information and enhanced data
subject rights, to name but a few.
Adopting a privacy by design approach
and incorporating privacy impact
assessments into the design stage of the
IoT devices should put data privacy at the
forefront of the minds of the designers
andmanufacturers of IoT devices.
Data sovereignty
Linked with data protection is data
sovereignty – the principle whereby
digital data stored in a country will be
subject to the laws of that country. The
data from IoT devices may be held in the
“cloud” or in a data centre and it is vital
to understand where that data resides.
For example, if this is in the US, that data
would also be subject to the laws of the
US. This is particularly relevant given
the developments in respect of the Safe
Harbour Agreement and the EU-US
Privacy Shield. IoT device providers will
need to be clued up on where the data is
to be located so it is clear which laws and
regulations will apply in respect of that
data.
Product liability
With the potential for IoT devices to
transform the way in which we conduct
our daily lives, we have to question what
happens in the event these devices get it
wrong? Where does the liability sit?
Take for example smart, driverless cars.
The potential is for these vehicles to
radicalise the way in which we get from
A to B. However, what happens in the
event the car, whilst in driverless mode,
is caught speeding or worst still, what
happens if the car causes an accident?
Who takes responsibility for this?
Recently, therehasbeenasituationwhere
autopilot driverless technology resulted
in thedeathof thedriver – the first known
fatality resulting from such technology.
That particular car manufacturer has
stated that the computer program used
in the car is still in a “beta testing phase”,
this is something which the driver is
required to acknowledge prior to using
the technology, and that drivers are
warned to keep their hands on the wheel
at all times and be “prepared to take over
at any time”. Other car manufacturers
have taken the stance that they will take
full responsibility for their driverless
technology – giving the driver certainty
as to how liability would be allocated in
the event of an accident. This approach
sees a shift on responsibility from the
driver to the car manufacturer. However,
this approach is not currently the norm.
In support of the progressionof driverless
technology,theDepartmentforTransport
has initiated a consultation in respect of
proposed changes to the laws and rules
surroundingdriverless cars and insurance
cover for such technology. Under the
proposed newmeasures, the rules would
change, allowing for driverless cars to
be insured and the Highway Code and
associated regulations will be updated to
support the use of driverless car features.
No doubt steps such as this will pave the
way for new regulations and provide
drivers with the added confidence
needed when deciding whether to
purchase and use such technology.
The future of the ‘Internet of
Things’
With much investment in the industry,
the IoT’s market will no doubt continue
to grow. Some of the gimmicks may fall
by theway side but there is considered to
be real benefit to a number of the smart
products available today and envisaged
for the future.
However, key to the success of the IoT is
consumer confidence. Manufacturers will
need to convince consumers that the use
of IoT devices is safe and secure and to do
this, much work is still needed.
30 August 2016
Ö
Ö
The above information is reprinted
with
kind
permission
from
Wright Hassall. Please visit www.
wrighthassall.co.uk
for
further
information.
©Wright Hassall 2017
