What Is New with the Internet of Things in Privacy and Data Protection? Four Legal Challenges on Sharing and Control in IoT

Part of the Law, Governance and Technology Series book series (LGTS, volume 36)


The Internet of Things (IoT) creates an intelligent, invisible network fabric that can be sensed, controlled and programmed, in ways that enable artefacts to communicate, directly or indirectly, with each other and the internet. This network is rapidly and increasingly evolving into the networked connection of people, processes, data and things (i.e., the web of “everything”). While the latter promises to improve our lives, by anticipating our preferences, optimizing our choices and taking care of many daily habits, the evolution of IoT is likely to raise new legal and technological challenges. This paper examines four challenges in the fields of privacy and data protection. Drawing on today’s debate on the architecture, standards, and design of IoT, these challenges concern: (i) the realignment of traditional matters of privacy and data protection brought on by structural data sharing and new levels and layers of connectivity and communication; (ii) collective, rather than individual, data protection; (iii) technological convergence, e.g. robotics and other forms of artificial agency, that may impact some further pillars of the field, such as data controllers; and, (iv) the relation between technological standards and legal standards. Since, properly speaking, we still do not have a universal IoT, current debate represents an opportunity to take these legal challenges seriously, and envisage what new environment we may wish.


Agency Artificial Agents Control Data controllers Data protection Data sharing Group privacy Internet of things Machine-to-machine interaction Privacy Robotics Standards 


  1. Allen, Colin, Varner, Gary, and Jason Zinser (2000) Prolegomena to Any Future Artificial Moral Agent, Journal of Experimental and Theoretical Artificial Intelligence, 12: 251–261;CrossRefGoogle Scholar
  2. Arendt, Hannah (1958) The Human Condition. Chicago: University of Chicago Press;Google Scholar
  3. Art. 29 WP (2014) Opinion 8 on the Recent Developments on the internet of Things, WP 223;Google Scholar
  4. Brian Arthur, William (2009) The Nature of Technology. New York: Free Press;Google Scholar
  5. Bradford, Anu (2012) The Brussels effect, Northwestern University Law Review, 107(1): 1–68;Google Scholar
  6. Busch, Lawrence (2011) Standards: Recipes for Reality, MIT Press;Google Scholar
  7. Chui, Michael, Loeffler, Markus and Roger Roberts (2010) The Internet of Things, McKinsey Quarterly, March;Google Scholar
  8. Cluster of European Research Project on the Internet of Things (CERP-IoT 2009) Internet of Things Research Strategic Roadmap – 15 September 2009. European Commission DG. INFSO-D4 Unit Brussels, online available at: https://www.internet-of-things-research.eu/pdf/IoT_Strategic_Research_Agenda_2009.pdf
  9. Davis, Jim (2011) The (common) Laws of Man over (civilian) Vehicles Unmanned, Journal of Law, Information and Science, 21(2):  10.5778/JLIS.2011.21.Davis.1
  10. Davies, Ron (2016) 5G Network Technology. Putting Europe at the Leading Edge, EDPS Briefing January 2016;Google Scholar
  11. Davis, Ron (2015) The Internet of Things. Opportunities and Challenges, EPRS, Briefing May 2015;Google Scholar
  12. Durante Massimo (2010) What Is the Model of Trust for Multi-agent Systems? Whether or Not E-Trust Applies to Autonomous Agents, Knowledge Technology & Policy, 23(3–4): 347–366;CrossRefGoogle Scholar
  13. Durante Massimo (2011) The Online Construction of Personal Identity through Trust and Privacy, INFORMATION, (2)4: 594–620;Google Scholar
  14. EC (2009) European Commission Communication’s Internet of Things: an action plan for Europe, COM/2009/0278 final, http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:52009DC0278;
  15. EC (2015a) European Commission’s Roadmap for completing the Digital Single Market, https://ec.europa.eu/priorities/publications/roadmap-completing-digital-single-market_enEuropean Commission;
  16. EC (2015b) Press release 15 December 2015, http://europa.eu/rapid/press-release_IP-15-6321_en.htm;
  17. EP (2010) European Parliament, Resolution of 15 June 2010 on Internet of Things http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:52009DC0278;
  18. EU Robotics (2013) Robotics 2020 Strategic Research Agenda for Robotics in Europe, draft 0v42, 11 October;Google Scholar
  19. Floridi, Luciano (ed. by 2015) The Onlife Manifesto. Heidelberg: Springer;Google Scholar
  20. Floridi, Luciano (2014) Open Data, Data Protection, and Group Privacy, Philosophy and Technology, 27: 1–3;Google Scholar
  21. Floridi, Luciano and Jeff Sanders (2004) On the Morality of Artificial Agents, Minds and Machines, 14(3): 349–379;CrossRefGoogle Scholar
  22. Foschini, Luca, Taleb, Tarik, Corradi, Antonio, and Dario Bottazzi (2011) M2 M-based metropolitan platform for IMS-enabled road traffic management in IoT, IEEE Communication Magazine, 49(11): 50–57;CrossRefGoogle Scholar
  23. Gartner (2014) Hype Cycle for Emerging Technologies, online available at: http://www.gartner.com/document/2809728;
  24. Karnow, Curtis E. A. (1996) Liability for Distributed Artificial Intelligence, Berkeley Technology and Law Journal, 11: 147–183;Google Scholar
  25. Latour, Bruno (2005) Reassembling the Social: an Introduction to Actor-Network-Theory. Oxford: Oxford University Press;Google Scholar
  26. Leenes, Ronald and Federica Lucivero (2014) Laws on Robots, Laws by Robots, Laws in Robots: Regulating Robot Behaviour by Design, Law, Innovation and Technology, 6(2): 193–220;CrossRefGoogle Scholar
  27. McFarland, David (2008) Guilty Robots, Happy Dogs: The Question of Alien Minds. New York: Oxford University Press;Google Scholar
  28. Monteleone, Shara (2011) Ambient Intelligence: Legal Challenges and Possible Directions to Privacy Protection, in C. Akrivopoulou (ed.) Personal Data Privacy and Protection in a Surveillance Era, pp. 201–222. Technologies and Practices: IGI Global;CrossRefGoogle Scholar
  29. Ning, Huansheng (2011) Unit and Ubiquitous Internet of Things, New York: CRC Press.Google Scholar
  30. Pagallo, Ugo (2011) Designing Data Protection Safeguards Ethically, Information, 2(2): 247–265;CrossRefGoogle Scholar
  31. Pagallo, Ugo (2013a) The Laws of Robots: Crimes, Contracts, and Torts. Dordrecht: SpringerCrossRefGoogle Scholar
  32. Pagallo, Ugo (2013b) Robots in the Cloud with Privacy: A New Threat to Data Protection?, Computer Law & Security Review, 29(5): 501–508;CrossRefGoogle Scholar
  33. Pagallo, Ugo (2014) Il diritto nell’età dell’informazione. Torino: Giappichelli;Google Scholar
  34. Pagallo, Ugo (2016) The Impact of Domestic Robots on Privacy and Data Protection, and the Troubles with Legal Regulation by Design, in Data Protection on the Move, edited by S. Gutwirth, R. Leenes, and P. de Hert, pp. 387–410. Springer, Dordrecht;CrossRefGoogle Scholar
  35. RoboLaw (2014) Guidelines on Regulating Robotics. EU Project on Regulating Emerging Robotic Technologies in Europe: Robotics facing Law and Ethics, September 22;Google Scholar
  36. Rose, Karen, Eldridge, Scott, and Lyman Chapin (2015) The Internet of Things: An Overview. Understanding the Issues and Challenges of a More Connected World, The Internet Society, available at: https://www.internetsociety.org/sites/default/files/ISOC-IoT-Overview-20151014_0.pdf;Google Scholar
  37. Salgado, Monica (2014) Internet of Things revised, Privacy and Data Protection, 15(1): 12–14;Google Scholar
  38. Taylor, Linnet (2014) “No Place to Hide? The Ethics and Analytics of Tracking Mobility Using African Mobile Phone Data.” Online version available at http://www.academia.edu/4785050/No_place_to_hide_The_ethics_and_analytics_of_tracking_mobility_using_African_mobile_phone_data. (in press);
  39. Thierer, Adam (2015) “The Internet of Things and Wearable Technology: Addressing Privacy and Security Concerns without Derailing Innovation”, 21 RICH. J.L. & TECH. 6. Online version available at http://jolt.richmond.edu/v21i2/article6.pdf;
  40. Wang, Hu (2011) M2 M Communications. Presented at IET International Conference on Communication Technology and Application (ICCTA 2011);Google Scholar
  41. Weiser, Mark (1993) Ubiquitous Computing, Computer, 10: 71–72.CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Ugo Pagallo
    • 1
  • Massimo Durante
    • 1
  • Shara Monteleone
    • 2
  1. 1.Department of LawUniversity of TurinTurinItaly
  2. 2.European Parliamentary Research ServiceBrusselsBelgium

Personalised recommendations