With the term Internet of Things (IoT) we make references to infrastructures in which many sensors are projected to register, process and store, locally or by interacting by each other in the medium range, by the use of radio frequencies technologies (for example RFID, bluetooth etc.), or by using an electronic communication network. The interested devices are not only the traditional one like computer or smartphones, but also those one integrated in the everyday use (“things”), like wearable devices, those ones for the home automation and geo refrigeration and navigation satellite.
In other words for the Internet of Things we intend an additional development of the Internet caused by the network connection of material objects. Objects that could have a unique identification code (for example a serial number), which is recognitionable also by the radio frequency. But the identification of objects could happen also without using the radio targets, but by mixing sensors and automatic detection (think, for example, about to the recognition of a barcode done with a phone connected to internet)
We entered a historic/economic phase in which for keeping the competitive advantage companies should switch from the traditional process “I produce and I sell the product” to another innovative process “I produce a product and I sell a product-service”.
This is possible thanks to the ability of devices of the Internet of Things (IoT) to recollect, process and interpret an increasing number of data which, rightly inserted in a context of business can generate competitive advantages for companies, due to the possibility to provide services more and more innovative and better.
It’s about an additional network evolution. In a short time we switch from a traditional concept of interneto to the so called web 2.0 understood as web rewritable in which contents are determined by users which fill literally empty boxes (blog, wikipedia, social network, etc.)
The beginning of the web 2.0 like the evolution of network and internet websites is characterized by an increasing interactivity which put the user in the center of the network by underling an important concept that is that internet is not anymore a simple “network of networks”, neither a mix of isolated websites which are independent each others, but the sum of technology abilities reached by men in the field of information spreading and the sharing of knowledge.
But the beginning of the IoT makes us understand the idea that we are faced with the web 3.0 and the possibility of communication thanks to the network. As everyone knows the aspect of the communications between machines and men has already been thoroughly by an expert, Norbert Wiener, who has created a science called “cibernetic” whose objective is the “scientific study of the control and the human communication in the machine”.
The term “cibernetic” comes from the greek κυβερνητική (kybernetiké), which means the art of “rule”, “conduct” and which comes from the verb κυβερνάω (kybernáo), referred to the action of who is driving a boat by being at the conn position.
In a not too far future it will be possible to suggest the communication not only between men and machines, but also among machines with inevitable consequences from the juridical point of view, because it will be necessary to regulate the relationship which has no human being like the point of reference.
But obviously the rapid evolution of technological progress can lead to not always positive consequences and the phenomenon that the same Wiener defines “entropy” like a disorder.
In this evolutionary framework, which is not always ideal, the Supervisory Authority, faced with the development of the IoT, had decided to take a rigorous stance by launching a public consultation on 26 March 2015 with a view to acquiring comments and proposals on the personal data protection aspects related to the new technologies classifiable as Internet of Things, but then concluded with nothing, at least at present, also due to the advent of the EU Regulation on the protection of personal data.
IoT technology raises several issues in terms of personal data protection. First of all, particular attention must be paid to the risks relating to the quality of the data that might derive from their degree of reliability, especially in view of their use in the medical-health field, as well as to the risks that might be realised, such as invasive monitoring of users’ behaviour, even without their knowledge, or conditioning of individuals in such a way as to limit even significantly their freedom and capacity for self-determination.
Similarly, it is necessary to consider the additional security risks arising, in particular, from communication operations to third parties, from the improper use and loss of processed information, especially in view of the number of persons involved, the volumes and types of data processed, and the extensive use of radio interfaces, which are structurally particularly vulnerable.
Undoubtedly, it would be advisable for objects and services intended to interact in the Internet of things to be inspired by the well-known principles of privacy by design and privacy by default right from the design phase.
However, particular attention should also be paid to the collection and management of data on the behaviour, habits, preferences and state of health of users, who are often unaware of this, with the effect of enabling their direct or indirect identification through the creation of even detailed profiles. This aspect will have to be resolved through the identification of correct and clear information, with particular regard to the data collected, the purposes for which this is done and the duration of data retention for the purposes of the possible provision of a valid consent to data processing, which is an essential condition of lawfulness. This information will have to satisfy another of the fundamental principles of the GDPR, namely transparency.
The same security measures to be adopted must be able to protect processed data from the risks of unjustified interference and/or tampering and, before that, to minimise the risks, where possible, sometimes even resorting to encryption in the presence of particularly sensitive data.
SOURCE: FEDERPRIVACY