Skip to main content
SpringerLink
Log in

Implanting Implications: Data Protection Challenges Arising from the Use of Human ICT Implants

  • Chapter
  • First Online:
Human ICT Implants: Technical, Legal and Ethical Considerations

Part of the book series: Information Technology and Law Series ((ITLS,volume 23))

Abstract

The increasing commercialisation of human Information and Communication Technology (ICT) implants has generated heated debate over the ethical, legal and social implications of their use. Despite stakeholders calling for greater policy and legal certainty within this area, gaps have already begun to emerge between the commercial reality and the current legal frameworks designed to regulate it. The aim of this chapter is to examine the effectiveness of the European Union current data protection regulatory framework for regulating ICT implants. By focusing on current and future applications of human ICT implants, the research presented here highlights the potential regulatory challenges posed by the applications, and makes a series of recommendations as to how such issues may be best avoided by jurisdictions grappling with similar emerging issues. In doing so, the chapter draws together the notions of innovation, risk and data protection within the context of a broader governance framework.

This chapter is an updated and reworked version of the paper: Kosta Eleni & Bowman Diana, Treating or Tracking? Regulatory Challenges of Nano-Enabled ICT Implants, Law & Policy, 2011, Vol.33(2), pp. 256–275.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 54.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Anton et al. 2001; Kabene 2010; see also Chaps. 2–6 of this book.

  2. 2.

    Maynard 2006; Weckert 2007.

  3. 3.

    A ‘data controller’ is defined in Article 2(d) of the Data Protection Directive as ‘the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by national or Community laws or regulations, the controller or the specific criteria for his nomination may be designated by national or Community law’.

  4. 4.

    Weber 2006; Rotter et al. 2008.

  5. 5.

    Elliot 2006.

  6. 6.

    Gosset 2004; Gamboa 2007; McHugh 2004.

  7. 7.

    Wolinsky 2007.

  8. 8.

    Gamboa 2007.

  9. 9.

    Hitachi 2007.

  10. 10.

    The Verichip Corporation is now called PositiveID: http://www.positiveidcorp.com. Accessed 19 August 2011.

  11. 11.

    Wolinksky 2006.

  12. 12.

    VeriChip 2007a.

  13. 13.

    VeriChip 2007a.

  14. 14.

    VeriChip 2007a.

  15. 15.

    VeriChip 2006, p 1.

  16. 16.

    Wolinksy 2006.

  17. 17.

    VeriChip 2007b.

  18. 18.

    Halperin et al. 2008.

  19. 19.

    Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, hereinafter the ‘data protection directive’, O.J. L 281, 23.11.1995, pp 31–50.

  20. 20.

    European Commission 2009.

  21. 21.

    European Commission 2009.

  22. 22.

    Pitkänen and Niemelä 2007.

  23. 23.

    Article 29 WP136 2007.

  24. 24.

    Article 29 WP126 2007, p 15.

  25. 25.

    See Zwenne and Schermer 2005, where they applied the same reasoning to RFID tags.

  26. 26.

    Kuner 2007.

  27. 27.

    Kuner 2007.

  28. 28.

    Kuner 2007.

  29. 29.

    Zwenne and Schermer 2005.

  30. 30.

    Buchta et al. 2005.

  31. 31.

    European Group on Ethics 2005.

  32. 32.

    Directive 2002/58/EC of the European Parliament and of the Council concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), O. J. L 201, 12.07.2002, pp 37–47.

  33. 33.

    Cuijpers et al. 2007.

  34. 34.

    Cuijpers and Koops 2008, p 884.

  35. 35.

    Cuijpers and Koops 2008, p 891. The term electronic communications network is defined in Article 2(a) of the Framework Directive (Directive 2002/21/EC, as amended).

  36. 36.

    Cuijpers and Koops 2008, p 891. The term electronic communications service is defined in Article 2(c) of the Framework Directive (Directive 2002/21/EC, as amended).

  37. 37.

    van der Hof et al. 2006, pp 152–153.

  38. 38.

    Article 3 ePrivacy Directive.

  39. 39.

    European Commission 2007, p 5.

  40. 40.

    Recital 56 ePrivacy Directive.

  41. 41.

    See, for example, European Commission 2007; 2009.

  42. 42.

    Henning et al. 2004; European Commission 2009.

  43. 43.

    OECD 2008, p 51.

  44. 44.

    OECD 2008.

References

  • van der Hof S et al (2006) Openbaarheid in het internettijdperk—De invloed van ICT op juridische concepten van openbaarheid (Sdu Uitgevers, Den Haag), pp 152–153

    Google Scholar 

  • Anton PS, Silberglitt R, Schneider J (2001) The global technology revolution: bio/nano/material trends and their synergies with information technology by 2015. RAND National Defense Research Institute, Arlington

    Google Scholar 

  • Buchta A, Dumortier J, Krasemann H (2005) The legal and regulatory framework for PRIME. In: Fischer-Hübner S, Andersson C (ed) D14.0.a: Framework V0. Brussels: Privacy and Identity Management for Europe Project

    Google Scholar 

  • Commission European (2007) Communication on radio frequency identification (RFID) in Europe: steps towards a policy framework. EC, Brussels

    Google Scholar 

  • Cuijpers C, Koops BJ (2008) How fragmentation in European law undermines consumer protection: the case of location-based services. Eur Law Rev 6:880–897

    Google Scholar 

  • Cuijpers C, Roosendaal A, Koops BJ (eds) (2007) D11.5: the legal framework for location based services in Europe, FIDIS (Future of Identity in the Information Society) Project, 12 June 2007

    Google Scholar 

  • Elliot V (2006) Speed through the check out with just a wave of your arm, The Times, 10 October. http://technology.timesonline.co.uk/tol/news/tech_and_web/personal_tech/article666972.ece

  • European Commission (2009) Commission recommendation of 12.5.2009 on the implementation of privacy and data protection principles in applications supported by radio-frequency identification. EC, Brussels

    Google Scholar 

  • European Group on Ethics and Science in New Technologies (2005) Ethical aspects of ICT implants in the human body. EC, Brussels

    Google Scholar 

  • Gamboa, JP (2007) Micro RFID chips raise some privacy concerns, The Daily Aztec, 22 February. http://www.thedailyaztec.com/2.7446/micro-rfid-chips-raise-some-privacy-concerns-1.798488

  • Halperin D, Heydt-Benjamin TS, Fu K, Kohno T, Maisel WH (2008) Security and privacy for implantable medical devices. IEEE Pervasive Comput (special issue on implantable electronics) 7(1):30–39

    Google Scholar 

  • Henning JE, Peter BL, Bernd S (2004) Privacy enhancing technology concepts for RFID technology scrutinised. RVS Group, Bieldefeld

    Google Scholar 

  • Hitachi (2007) Hitachi RFID Solutions. http://www.hitachi-eu.com/mu/

  • Kabene SM (ed) (2010) Healthcare and the effect of technology: developments, challenges and advancements. IGI Global, London

    Google Scholar 

  • Kuner Christopher (2007) European data protection law—corporate compliance and regulation. Oxford University Press, Oxford

    Google Scholar 

  • Maynard AD (2006) Nanotechnology: a research strategy for addressing risk. Project on Emerging Nanotechnologies, Washington, DC

    Google Scholar 

  • McHugh J (2004) A chip in your shoulder: should i get an RFID implant? Slate Magazine, 10 November. http://slate.msn.com/id/2109477/

  • Organisation for Economic Co-operation and Development (2008) Radio frequency identification (RFID): a focus on information security and privacy. Working Party of Information Security and Privacy, Paris

    Google Scholar 

  • Pitkänen O and Niemelä M (2007) Privacy and data protection in Emerging RFID-Applications. Paper presented at the EU RFID Forum 2007, RFID Academic Convocation, 14 March. http://aalto-fi.academia.edu/OPitk%C3%A4nen/Papers/494866/Privacy_and_data_protection_in_emerging_RFID-applications

  • Rotter P, Daskala B, Compaño R (2008) RFID implants: opportunities and challenges for identifying people. IEEE Technol Soc Mag 27(2):24

    Article  Google Scholar 

  • VeriChip (2006) VeriMed patient identification Delray Beach, Florida

    Google Scholar 

  • VeriChip (2007a) Company: our RFID tags. www.verichipcorp.com

  • VeriChip (2007b) News release: VeriChip corporation to unveil plans for self-contained implantable RFID glucose-sensing microchip at Grand Hyatt in New York on December 4, 28 November. http://www.verichipcorp.com/news/1196258532

  • Weber K (2006) Privacy invasions. EMBO Rep 7:s36–s39

    Article  Google Scholar 

  • Weckert J (2007) An approach to nanoethics. In: Hodge GA, Bowman DM, Ludlow K (eds) New global regulatory frontiers in regulation: the age of nanotechnology. Edward Elgar, Cheltenham, pp 49–66

    Google Scholar 

  • Wolinksky H (2006) Tagging products and people. EMBO Rep 7(10):965–968

    Article  Google Scholar 

  • Zwenne GJ, Schermer B (2005), Privacy en andere juridische aspecten van RFID: unieke identificatie op afstand van producten en personen [Privacy and other legal aspects of RFID: unique identification from a distance of products and people], ‘s-Gravenhage. Elsevier Juridisch, The Hague. http://www.nvvir.nl/doc/rfid-tekst.pdf

Download references

Author information

Authors and Affiliations

  1. Interdisciplinary Centre for Law & ICT (ICRI), KU Leuven, Leuven, Belgium

    Eleni Kosta

  2. Department of Health Management and Policy, School of Public Health and the Risk Science Centre, The University of Michigan, Ann Arbor, MI, USA

    Diana M. Bowman

Authors
  1. Eleni Kosta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Diana M. Bowman
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Eleni Kosta .

Editor information

Editors and Affiliations

  1. , School of Systems Engineering, University of Reading, Redhatch Dr, Earley, Reading, RG6 6AY, Berkshire, United Kingdom

    Mark N. Gasson

  2. , ICRI, KU Leuven, St. Michielsstraat 6, Leuven, B-3000, Belgium

    Eleni Kosta

  3. , Risk Science Centre, University of Michigan, Washington Heights 1420, Ann Arbor, 48109-2029, Michigan, USA

    Diana M. Bowman

Rights and permissions

Reprints and permissions

Copyright information

© 2012 T.M.C. ASSER PRESS, The Hague, The Netherlands, and the author(s)

About this chapter

Cite this chapter

Kosta, E., Bowman, D.M. (2012). Implanting Implications: Data Protection Challenges Arising from the Use of Human ICT Implants. In: Gasson, M., Kosta, E., Bowman, D. (eds) Human ICT Implants: Technical, Legal and Ethical Considerations. Information Technology and Law Series, vol 23. T.M.C. Asser Press, The Hague, The Netherlands. https://doi.org/10.1007/978-90-6704-870-5_9

Download citation

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation