Internet of Things: Right to Data from a European Perspective

  • Christine StorrEmail author
  • Pam Storr
Part of the Perspectives in Law, Business and Innovation book series (PLBI)


The amount of data collected and processed by smart objects has increased exponentially over the last few years. The use of this technology, known as the Internet of Things or IoT, leads to new challenges and applications of existing data protection laws. Data resulting from the use of such technology has wide-ranging consequences for individual privacy as a large amount of the data in question is often personal in nature. However, the Internet of Things has a wider impact and also creates questions within such fields as contract law and intellectual property law, due in part to the lack of a clear property right to data. In addition, issues of data security are of importance when such technology is used, particularly when considering liability for data loss. This chapter will deal with the legal issues connected to the Internet of Things from a European perspective, taking into account existing laws and in light of the new European Data Protection Regulation. The underlying theme of the chapter focuses on the existence of legal rights to data created through the use of the Internet of Things and the various stakeholders that may have an interest in the data, from the service provider and the individual user, to intermediaries and those involved in allowing smart objects to fulfill their potential. The question of whether the legal challenges identified in the chapter can be overcome will also be addressed, along with the future role of law in the use and development of the Internet of Things.


Internet of Things Right to data Data protection Security Copyright 


  1. ABI Research (2013) More than 30 billion devices will wirelessly connect to the internet of everything in 2020. Press Release. 9 May 2013Google Scholar
  2. Article 29 Working Party (2007) Opinion 4/2007 on the concept of personal data. Available via European Commission. Accessed 16 Jul 2017
  3. Article 29 Working Party (2012) Opinion 05/2012 on cloud computing. Available via European Commission. Accessed 16 Jul 2017
  4. Article 29 Working Party (2014a) Opinion 05/2014 on anonymization techniques. Available via European Commission. Accessed 16 Jul 2017
  5. Article 29 Working Party (2014b) Opinion 8/2014 on the recent developments on the internet of things. Available via European Commission. Accessed 16 Jul 2017
  6. Ashton K (2009) That ‘Internet of Things’ Thing. RFID Journal. 22 June 2009. Accessed 10 Jan 2017
  7. Bartolini C et al (2016) Cloud providers viability: how to address it from an IT and legal perspective? Economics of grids, clouds, systems, and services. In: Altmann J et al (eds) International Conference on Grid Economics and Business Models (GECON), Cluj-Napoca, September 2015. Lecture notes in computer science, vol 9512. Springer International Publishing, p 281Google Scholar
  8. Bradley J et al (2013) Embracing the internet of everything to capture your share of $14.4 trillion. Cisco, Accessed 10 Jan 2017
  9. Cisco (2013) The internet of everything and the connected athlete: this changes … everything. Accessed 10 Jan 2017
  10. Clarke A, Kohler P (2005) Property law: commentary and materials. Cambridge University Press, CambridgeCrossRefGoogle Scholar
  11. Custers B, Uršič H (2016) Big data and data reuse: a taxonomy of data reuse for balancing Big Data benefits and personal data protection. International Data Privacy Law 6(1):4–15Google Scholar
  12. De Hert P, Gutwirth S (2009) Data protection in the case law of Strasbourg and Luxemburg: constitutionalisation in action. In: Gutwirth S et al (eds) Reinventing Data Protection?. Springer, DordrechtGoogle Scholar
  13. Dorner M (2014) Big Data und “Dateneigentum.” Computer Und Recht 9:617–628Google Scholar
  14. Drexl J et al (2016) Data ownership and access to data—position statement of the Max Planck Institute for Innovation and Competition of 16 August 2016 on the current European debate. Max Planck Institute for Innovation and Competition Research Paper No. 16-10Google Scholar
  15. DuBravac S (2014) A hundred billion nodes. Five technology trends to watch 2014. Consumer Electronics Association, pp 3–8Google Scholar
  16. Erlank W (2013) Books, apps, movies and music–ownership of virtual property in the digital library. Eur Prop Law J 2(2):194–212Google Scholar
  17. Ernst and Young (2015) Becoming an analytics-driven organisation to create value. Accessed 10 Jan 2017
  18. European Commission (2011) Privacy and data protection impact assessment framework for RFID applications. 12 Jan 2011Google Scholar
  19. European Commission (2014) Data protection impact assessment template for smart grid and smart metering systems (‘DPIA template’). Expert group 2 smart grid task force. 18 Mar 2014Google Scholar
  20. European Commission (2016) Commission staff working document, advancing the internet of things in Europe, SWD(2016) 110 finalGoogle Scholar
  21. European Commission (2017) Building a European data economy, communication from the commission to the European Parliament, the Council, The European Economic and Social Committee and the Committee of the Regions, COM(2017) 9 finalGoogle Scholar
  22. Garcia et al (2016) Lock it and still lose it—on the (In) security of automotive remote keyless entry systems. In: Proceedings of the 25th USENIX security symposium 2016, pp 929–944Google Scholar
  23. Gartner (2016a) Forecast: wearable electronic devices, Worldwide. 19 Jan 2016Google Scholar
  24. Gartner (2016b) Top strategic predictions for 2017 and beyond: surviving the storm winds of digital disruption. 14 Oct 2016Google Scholar
  25. Gerling S, Rossow C (2016) Angreiferjagd Im “Internet Der Dinge.” Datenschutz Und Datensicherheit 8:507–510CrossRefGoogle Scholar
  26. Grützmacher M (2016) Dateneigentum – Ein Flickenteppich. Computer Und Recht 32(8):485–495CrossRefGoogle Scholar
  27. Hoeren T (2014) Big data and the ownership in data: recent developments in Europe. Eur Intellect Prop Rev 12:751–754Google Scholar
  28. IDC and TXT Solutions (2014) SMART 2013/0037 Cloud and IoT combination, study for the European CommissionGoogle Scholar
  29. Kemp R (2014) Legal aspects of managing big data. Comput Law Secur Rev 30(5):482–491CrossRefGoogle Scholar
  30. Kuneva M (2009) Keynote speech of the former European consumer commissioner, roundtable on online data collection, targeting and profiling. SPEECH/09/156. Brussels. 31 Mar 2009Google Scholar
  31. Lehdonvirta V, Virtanen P (2010) A new frontier in digital content policy: case studies in regulation of virtual goods and artificial scarcity. Policy Internet 2(3):7–29CrossRefGoogle Scholar
  32. Lessig L (1999) Code: and other laws of cyberspace. Basic Books, New YorkGoogle Scholar
  33. Lohr S (2011) Google schools its algorithm. New York Times. 5 Mar 2011Google Scholar
  34. Malgieri G (2016a) “Ownership” of customer (big) data in the European Union: quasi-property as comparative solution? J Internet Law 2016:3–18Google Scholar
  35. Malgieri G (2016b) Trade secrets v personal data: a possible solution for balancing rights. Int Data Privacy Law 6(2):102–116CrossRefGoogle Scholar
  36. Manyika J et al (2013) Disruptive technologies: advances that will transform life, business, and the global economy. McKinsey Global InstituteGoogle Scholar
  37. Mattei U (2000) Basic principles of property law: a comparative legal and economic introduction. Greenwood Publishing Group, WestportGoogle Scholar
  38. Organisation for Economic Cooperation and Development (OECD) (2008) Committee for Information, Computer and Communications Policy (ICCP). RFID radio frequency identification OECD policy guidance: a focus on information security and privacy applications, Impacts and Country InitiativesGoogle Scholar
  39. Peppet SR (2014) Regulating the internet of things: first steps toward managing discrimination, privacy, security and consent. Texas Law Rev 93:85–176Google Scholar
  40. Purtova N (2015) The illusion of personal data as no one’s property. Law Innov Technol 7(1):83–111Google Scholar
  41. Rose D (2014) Enchanted objects: design, human desire, and the internet of things. Scribner, New YorkGoogle Scholar
  42. Samuelson P (1999) Privacy as intellectual property? Stanford Law Rev 52:1125–1151CrossRefGoogle Scholar
  43. Schwartz Pa M (2003) Property, privacy and personal data. Harvard Law Rev 117:2056–2128CrossRefGoogle Scholar
  44. Shackelford et al. (2017) When toasters attack: a polycentric approach to enhancing the ‘security of things’. University of Illinois Law Review (forthcoming) Accessed 10 Jan 2017
  45. US Department of Homeland Security (2016) Strategic principles for securing the internet of things (IoT). 15 Nov 2016Google Scholar
  46. Verizon (2015) State of the market: the internet of things 2015. Accessed 16 Jul 2017
  47. Victor JM (2013) The EU general data protection regulation: toward a property regime for protecting data privacy. Yale Law J 123(2):513–528Google Scholar
  48. Volkswagen (2016) Volkswagen enters into cooperation with top Israeli experts to establish an automotive cyber security company. Press Release. 14 Sep 2016Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2017

Authors and Affiliations

  1. 1.Faculty of LawStockholm UniversityStockholmSweden
  2. 2.Legal Consultant and Teacher in IT lawStockholmSweden

Personalised recommendations