EU Parliament would like more privacy and security in relation to the internet of things

Close to dark side thinking I believe and it starts from the wrong point. They question again is why regulate storage of data.  All data should be thrown away. Regulate collection and maybe what can be done with analysis.  My view is that the existing framework is broken and is not suitable for adaptation.

However, I expect it will all happen and have passed by the time the regulator catches up.

Parliament would like more privacy and security in relation to the internet of things

The European Parliament welcomes the development of the internet of things (IoT) but asks the Commission to set up a clear legal framework on the security, safety, privacy and protection of personal data in relation to the IoT. It also points out concerns on other issues not directly related to the IoT, including on the legal uncertainty surrounding cloud computing.

The resolution adopted on June 15, 2010 also proposes that the Commission should carry out a detailed assessment of a number of issues linked to the use of RFID technology, including the protection against cyber attacks, guarantees on the personal data protection and the right to remove or disable tags after purchase (the so-called right to „chip silence‟).

The IoT refers to applications where physical objects become connected through complex networks and provide information about themselves and their surroundings. Examples are for instance fridges able to inform the consumer on any product past its use-by date or cars equipped with chips connected to web-enabled mobile phones to convey information in real time on traffic jams.

1. Background

The resolution follows the adoption exactly one year ago by the European Commission of an action plan, which explains how the Commission will assess and regulate the emergence of the IoT (see EU Ecom Tracker 27). The action plan identifies six main areas of actions to ensure trust and safety for all citizens in the context of the IoT: governance, privacy and protection of personal data, security, standardisation and interoperability, research and development, and awareness-raising and international cooperation.

2. The resolution

The resolution stresses that the IoT requires safe, transparent and multilateral governance as well as a clear legal framework related to data protection and security. It supports the Commission focus on safety, security, governance, privacy and protection of personal data but asks for some complementary measures, including to:

 adapt the current data protection directive to the digital environment (see EU Ecom Tracker 23);

 clarify the concept of „data owner‟ and „data controller‟ related to data automatically collected and processed;

 assess the impact of IoT applications on the current internet network infrastructure in terms of network congestion and data security;

 ensure the development of a transparent system preventing fraud and allowing device identity authentication and traceability;

 strive to establish international standards for IoT applications to facilitate interoperability as well as infrastructure openness, transparency and technology neutrality;

 coordinate the actions on IoT with the work on the Digital Agenda (see EU Ecom Tracker 1);

 give more consideration to the objective of building an inclusive IoT to which all European citizens should have access;

 raise European citizens‟ awareness of new technologies and their applications and promote digital literacy and e-skills.

On the use of RFID technology (e.g. chips and tags), Parliament asks the Commission to:

 give consumers the right to privacy by opt-in and/or by „privacy by design‟ (tag disablement at the point of sale should be automatic unless consumers agree otherwise);

 reflect on the right of citizens to choose products that are not equipped with IoT applications or to be disconnected from their networked environment.

The resolution also asks the Commission to take the following additional actions, which are not directly linked to the IoT:

 to analyse, with the help of operators, aspects related to Wi-Fi security systems;

 to assess the possibility of further lowering data roaming costs.

On cloud computing, Parliament stresses the potential “danger” related to the legal uncertainty surrounding cloud computing, but does not ask the Commission to take any specific measure.

NB. The Commission Digital Agenda foresees the development of a European strategy on cloud computing.

Finally, the Commission is asked to publish by the end of 2010 a timetable with its proposed actions to improve the safety of the internet of things and RFID applications.

the author: Virginie Alloo  (at)  cullen-international  dot com