Data Protection and the Right to Privacy in the IoT Era

The objective of this project is to position member companies for the challenges and potential legal pitfalls, as well as benefits, of the IoT era, in the context of a more extensive international regulatory environment.

As the IoT era kicks into gear, businesses face a potential mine-field of international data protection legislation which applies to processing of citizens’ personal data regardless of national boundaries. The European Union (E.U.) data protection requirements are used as the basis for this project because the E.U model is followed (at least in its essence) by most developed and developing nations, the major exception being the U.S. The new General Data Protection Regulation (GDPR) which will replace the current 1995 Data Protection Directive in 2018, updates data protection for the new era of IoT and big data, and is set to significantly broaden the influence of the E.U. requirements, not just to nations that follow the E.U. model but also unilaterally to the U.S. The GDPR applies to all companies, including those incorporated in the U.S., which process personal data of an E.U. subject, regardless of the company’s geographical area of operation and location of data processing. The proposed E.U. e-Privacy Regulation has a similar extraterritorial impact.

The project findings inform corporate understanding and compliance, development of corporate, and where appropriate, industry codes of conduct; and will be used by affiliates companies as part of proposals for law reform to address the legislative challenges that impeding the development and use of IoT technology.