ABSTRACT

This chapter analyzes the applicable data protection and privacy framework in the European Union (EU) in relation to the Internet of Things. In an era of hyper-connectivity, more and more devices become smart by being able to connect to the Internet. The so-called Internet of Things has been characterized as the next major breakthrough for the Information and Telecommunication Technologies and is composed of applications, technologies, and ecosystems, which lead to a complex landscape of relations among several stakeholders with different interests. The Internet of Things and its enabling technologies both depend upon and at the same time generate a vast amount of information. When this information can lead to the identification of a unique individual, it is considered personal data and the EU data protection law will be applicable, also given the territoriality requirements. The Internet of Things can pose several risks for data protection and privacy rights and produce challenges for data controllers to keep their processing operations compliant. This chapter, therefore, will outline the primary challenges and provide a set of recommendations and best practices, which can be useful for technologists and engineering students.