Data Protection and Privacy: (In)visibilities and Infrastructures

Volume 36 of the series Law, Governance and Technology Series pp 59-78


What Is New with the Internet of Things in Privacy and Data Protection? Four Legal Challenges on Sharing and Control in IoT

  • Ugo PagalloAffiliated withDepartment of Law, University of Turin Email author 
  • , Massimo DuranteAffiliated withDepartment of Law, University of Turin
  • , Shara MonteleoneAffiliated withEuropean Parliamentary Research Service

* Final gross prices may vary according to local VAT.

Get Access


The Internet of Things (IoT) creates an intelligent, invisible network fabric that can be sensed, controlled and programmed, in ways that enable artefacts to communicate, directly or indirectly, with each other and the internet. This network is rapidly and increasingly evolving into the networked connection of people, processes, data and things (i.e., the web of “everything”). While the latter promises to improve our lives, by anticipating our preferences, optimizing our choices and taking care of many daily habits, the evolution of IoT is likely to raise new legal and technological challenges. This paper examines four challenges in the fields of privacy and data protection. Drawing on today’s debate on the architecture, standards, and design of IoT, these challenges concern: (i) the realignment of traditional matters of privacy and data protection brought on by structural data sharing and new levels and layers of connectivity and communication; (ii) collective, rather than individual, data protection; (iii) technological convergence, e.g. robotics and other forms of artificial agency, that may impact some further pillars of the field, such as data controllers; and, (iv) the relation between technological standards and legal standards. Since, properly speaking, we still do not have a universal IoT, current debate represents an opportunity to take these legal challenges seriously, and envisage what new environment we may wish.


Agency Artificial Agents Control Data controllers Data protection Data sharing Group privacy Internet of things Machine-to-machine interaction Privacy Robotics Standards