Legal view: How the General Data Protection Regulation will affect IoT firms
FULFORD N., Legal view: How the General Data Protection Regulation will affect IoT firms, v3.co.uk, 27.11.2015
|Topics||Business Model, Competition, Data Usability|
In “the Internet of Things (IoT) [...] many businesses' value lies in their collection, analysis and monetisation of personal data”.
“The aims of the forthcoming European General Data Protection Regulation (GDPR) include driving better security and privacy in the IoT, directly and indirectly through investors and users”.
“Data portability. The GDPR will introduce a new right of data portability (the ability to move data among different application programs, computing environments or cloud services), extending the existing right of data subjects to make a subject access request by obliging data controllers to provide subjects' data in a machine-readable format which can be provided to another controller. Businesses operating in the IoT should consider how this might affect them. The GDPR's aim was to give customers greater control over their data by preventing them from being ‘locked in' to services, so additional customer incentivisation may be necessary. Conversely, though, to the extent that IoT businesses are based on hardware purchased by a customer, businesses may find that retaining customer loyalty is less of an issue than in other sectors, for example utilities”. --> Data portability is only partially useful with regard to businesses with commercialize the hardware and offer contextual services which make the hardware usable (what normally happens in the IoT): in fact, in this case, the data collected through the service provided by the hardware supplier may be used by the customer also in the context of third party service; but, in order to use the hardware, there is still need for the original branded service, because the portability is only the portability of data, not the portability of the good (the lock-in remains for what concerns hardware functioning). If with completely digital services the data portability principle can therefore be effective, it is less effective with regard to IoT, when there always is an hardware basis which is normally linked to a specific service necessary in order to enjoy the good (i.e., data portability does not resolve the problem of the provider ceasing to provide the service part necessary for product functionality: e.g., if the cloud part of the product is no more available).