View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 23, 2014

IoT data deemed ‘personal’ by data watchdogs

Argue data from connected devices should be governed by data protection laws.

By Amy-Jo Crowley

Data protection authorities have agreed that data generated by Internet of Things (IoT) devices should be "regarded and treated as personal data".

At the 36th International Privacy Conference in Mauritius, the data watchdogs said as data from sensors is high "in quantity, quality and sensitivity", it is "more likely than not" that that such data can be attributed to individuals.

"Considering that the identifiability and protection of big data already is a major challenge, it is clear that big data derived from IoT devices makes this challenge many times larger. Therefore, such data should be regarded and treated as personal data," regulators said in a two-page declaration.

The conference, which included regulators from across Europe and Asia Pacific, made clear that IoT businesses ought to consider data from connected devices as subject to data protection laws.

Data protection law specialist Marc Dautlich of Pinsent Masons, the law firm behind Out-Law.com, said: "Assuming that all data generated by IoT devices is personal data is too simplistic and unhelpful insofar as it transfers the burden of proof onto data controllers to demonstrate otherwise.

"A better approach for all would be to undertake a considered analysis of the data generated by IoT devices, including analytics derived from their output, and use that as the basis for the organisation’s privacy strategy."

The declaration also called for transparency about the data collected, the purpose of the data and how long the data is retained.

Content from our partners
Sherif Tawfik: The Middle East and Africa are ready to lead on the climate
What to look for in a modern ERP system
How tech leaders can keep energy costs down and meet efficiency goals

"Data processing starts from the moment the data are collected. All protective measures should be in place from the outset," it said.

"We encourage the development of technologies that facilitate new ways to incorporate data protection and consumer privacy from the outset. Privacy by design and default should no longer be regarded as something peculiar. They should become a key selling point of innovative technologies."

The watchdogs also encouraged end-to-end encryption of data if local processing is not possible in efforts to minimise data security risks.

The news comes not too long after the EU data protection regulator warned manufacturers of the IoT that they may have to form new ways of gaining consumers’ consent to use their personal data.

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU