Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Legal and privacy implications of IoT

680 Aufrufe

Veröffentlicht am

Presentation at the IoT Brighton Forum, 23/03/2016

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

Legal and privacy implications of IoT

  1. 1. L E G A L A N D P R I VA C Y I M P L I C AT I O N S O F I O T D R A N D R E S G U A D A M U Z , U N I V E R S I T Y O F S U S S E X
  2. 2. A P O L O G I E S
  3. 3. A N D S O M E T O I L E T H U M O U R
  4. 4. L E G A L I S S U E S • Cybercrime • Liability • Security • Intellectual property (patents, database and data mining) • Standards • Data protection / privacy
  5. 5. E X I S T I N G L E G A L F R A M E W O R K • Mostly unregulated at the moment. • IoT covered by traditional aspects of the law: Tort, contract, Terms of Use, database rights. • Hacking an IoT device is a criminal offence (Computer Misuse Act). • The most regulated area is data protection.
  6. 6. T H E U K 1 9 9 8 D ATA P R O T E C T I O N A C T • Principles for data controllers, rights for data subjects. • Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing. • Restriction on transferring personal data to countries that do not provide adequate data protection.
  7. 7. D ATA S E C U R I T Y E N F O R C E M E N T • Crown Prosecution Service fined £200,000 for data security breach. • Most enforcement orders involve minor incidents (sending email to wrong recipient). • Major incidents on the increase (loss or theft of unencrypted devices).
  8. 8. S A F E H A R B O U R • System enacted to allow enterprises to send data to the United States, which does not provide as a country adequate levels of protection. • Was working until…
  9. 9. M A X I M I L L I A N S C H R E M S V D ATA P R O T E C T I O N C O M M I S S I O N E R ( C - 3 6 2 / 1 4 ) • Austrian law student and privacy advocate Maximilian Schrems initiated legal proceedings against the Irish Data Protection Commissioner (DPC) because he is a European Facebook user, and as such he signed up to the terms of use set by Facebook Ireland, the European subsidiary of the US company. • He claimed that Snowden’s revelations of mass surveillance mean that US does not adequately protect European citizen’s personal data. • Court agreed, and they declare safe harbour agreement invalid.
  10. 10. P R I VA C Y S H I E L D • New system that replaces safe harbour, just signed. • “…effective supervision mechanisms to ensure that companies respect their obligations including sanctions or exclusion if they do not comply”. • Companies with bad security could be excluded and/or fined.
  11. 11. G E N E R A L D ATA P R O T E C T I O N R E G U L AT I O N ( G D P R ) • Will come into effect later this year (July most probably). • Overhauls the existing DP regime, bringing several directives and rights under one roof (cookies, right to be forgotten, etc). • Creates a few new rights, principles and concepts that could apply to IoT. • Existing principles regarding export and security remain.
  12. 12. P R I VA C Y B Y D E S I G N • Art 23 enacts data protection by design and default. • “The controller shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed…”
  13. 13. F O R T H C O M I N G I O T E U A C T I O N • Commission has agreed to consult industry on next steps. Possible action includes: • Open data • Standardisation and interoperability • Data protection • Telecoms: roaming, spectrum, numbering, etc. • Authentication of objects.
  14. 14. C O N C L U D I N G …
  15. 15. B E WA R E O F G E E K S B E A R I N G G I F T S @ T E C H N O L L A M A