Privacy matters:issues within mechatronics

As mechatronic devices and components become increasingly integrated with and within wider systems concepts such as Cyber-Physical Systems and the Internet of Things, designer engineers are faced with new sets of challenges in areas such as privacy. The paper looks at the current, and potential future, of privacy legislation, regulations and standards and considers how these are likely to impact on the way in which mechatronics is perceived and viewed. The emphasis is not therefore on technical issues, though these are brought into consideration where relevant, but on the soft, or human centred, issues associated with achieving user privacy

After the Gold Rush: The Boom of the Internet of Things, and the Busts of Data-Security and Privacy

This Article addresses the impact that the lack of oversight of the Internet of Things has on digital privacy. While the Internet of Things is but one vehicle for technological innovation, it has created a broad glimpse into domestic life, thus triggering several privacy issues that the law is attempting to keep pace with. What the Internet of Things can reveal is beyond the control of the individual, as it collects information about every practical aspect of an individual’s life, and provides essentially unfettered access into the mind of its users. This Article proposes that the federal government and the state governments bend toward consumer protection while creating a cogent and predictable body of law surrounding the Internet of Things. Through privacy-by-design or self-help, it is imperative that the Internet of Things—and any of its unforeseen progeny—develop with an eye toward safeguarding individual privacy while allowing technological development

Regulating intersectional activity : privacy and energy efficiency, laws and technology

Funding The London workshop upon which this article builds was kindly funded by the British and Irish LawEducation and Technology Association (BILETA) 2015–2016.Peer reviewedPostprin

Regulating the Internet of Things: Protecting the Smart Home

The Internet of Things (IoT)—the internetworking of “smart” devices for the purpose of collecting and exchanging data—is developing rapidly. Estimates of the number of IoT devices currently in circulation range from 6.4 to 17.6 billion. By 2020, those numbers could reach upward of 30 billion. While the technology encourages innovation and promotes data-driven policymaking, it also compromises consumer privacy, security, and safety. Consumers are generally unaware that IoT devices transmit scores of personally-identifiable information with only rudimentary security protections in place. For some devices, inadequate security measures unnecessarily risk consumer safety by leaving the devices vulnerable to remote manipulation by third parties. ISSUE Whether IoT-connected devices found in a “smart” home should be regulated to ensure appropriate protections for consumers and their data. BRIEF ANSWER The IoT should be regulated but not yet. The industry is still in its infancy and the current political climate is too unstable. Over the next decade, the industry should be closely studied and regulation should be revisited once all of the main risks are assessed. Directed to the Washington State Office of Privacy and Data Security.https://digitalcommons.law.uw.edu/techclinic/1011/thumbnail.jp

Clouds of Things. Data protection and consumer law at the intersection of cloud computing and the Internet of Things in the United Kingdom

The article critically analyses the Internet of Things (IoT) and its intersection with cloud computing, the so-called Clouds of Things (CoT). ‘Things’ are understood as any physical entity capable of connectivity that has a direct interface to the physical world (i.e. a sensing and/or actuating capability). From another perspective (especially product liability), Things can be seen as an inextricable mixture of hardware, software, and services. Alongside a clarification of the essentials, the six factors of the CoT complexity are described and light is shed on the regulatory options (regulation, co-regulation, self-regulation, holistic approach, fragmentation). Focussing on the British legal systems, the article reports on the state of the art of CoT deployment in the United Kingdom and deals with some of the main technical and legal issues emerging from CoT. Particularly, the core will be data protection, privacy, and consumer law. Indeed, these themes are considered the most relevant by the regulators. By mastering the relevant legal issues and following the example of the United Kingdom, the Republic of Korea will be able to unleash its extraordinary potential as to the IoT, thus retaining its position as the smartest country in the world

Privacy, security and data protection in smart cities : a critical EU law perspective

"Smart cities" are a buzzword of the moment. Although legal interest is growing, most academic responses at least in the EU, are still from the technological, urban studies, environmental and sociological rather than legal, sectors and have primarily laid emphasis on the social, urban, policing and environmental benefits of smart cities, rather than their challenges, in often a rather uncritical fashion . However a growing backlash from the privacy and surveillance sectors warns of the potential threat to personal privacy posed by smart cities . A key issue is the lack of opportunity in an ambient or smart city environment for the giving of meaningful consent to processing of personal data; other crucial issues include the degree to which smart cities collect private data from inevitable public interactions, the "privatisation" of ownership of both infrastructure and data, the repurposing of “big data” drawn from IoT in smart cities and the storage of that data in the Cloud. This paper, drawing on author engagement with smart city development in Glasgow as well as the results of an international conference in the area curated by the author, argues that smart cities combine the three greatest current threats to personal privacy, with which regulation has so far failed to deal effectively; the Internet of Things(IoT) or "ubiquitous computing"; "Big Data" ; and the Cloud. It seeks solutions both from legal institutions such as data protection law and from "code", proposing in particular from the ethos of Privacy by Design, a new "social impact assessment" and new human:computer interactions to promote user autonomy in ambient environments

Internet of Things-aided Smart Grid: Technologies, Architectures, Applications, Prototypes, and Future Research Directions

Traditional power grids are being transformed into Smart Grids (SGs) to address the issues in existing power system due to uni-directional information flow, energy wastage, growing energy demand, reliability and security. SGs offer bi-directional energy flow between service providers and consumers, involving power generation, transmission, distribution and utilization systems. SGs employ various devices for the monitoring, analysis and control of the grid, deployed at power plants, distribution centers and in consumers' premises in a very large number. Hence, an SG requires connectivity, automation and the tracking of such devices. This is achieved with the help of Internet of Things (IoT). IoT helps SG systems to support various network functions throughout the generation, transmission, distribution and consumption of energy by incorporating IoT devices (such as sensors, actuators and smart meters), as well as by providing the connectivity, automation and tracking for such devices. In this paper, we provide a comprehensive survey on IoT-aided SG systems, which includes the existing architectures, applications and prototypes of IoT-aided SG systems. This survey also highlights the open issues, challenges and future research directions for IoT-aided SG systems

Has the 2016 General Data Protection Regulation really given consumers more control over their personal data?

The General Data Protection Regulation (GDPR) - which came into force in May 2018 - introduced a complete change to data privacy law. Arguably one of the most comprehensive pieces of European Union legislation, the GDPR appears to put data subjects in charge, with new and improved subject rights, wider territorial scope and increased accountability and enforcement mechanisms, all of which aim to strengthen their individual rights. The digital revolution presented the existing data protection legislation, namely the Data Protection Directive (DPD) (1995), with significant challenges. New means of processing personal information have led to increasingly acute consumer concerns over how personal data is gathered, handled, and stored. Modern - and largely intangible - processing methods may result in data subjects lacking control over their personal data. Control is in itself an essential aspect of data protection, not only in terms of privacy, but to uphold informational autonomy. As their own data is affected, a consumer should be able to ‘…predict with sufficient certainty which information about himself in certain areas is known to his social milieu…’ in order to have control over it. This may be done by having the right to choose how data is dealt with and where it will eventually end up. This article analyses what the Regulation has achieved in relation to giving consumers more control over their personal data. The wording and principles of the GDPR appear to prioritise consumer control, more so than any other European legal instrument. The issue of how GDPR has affected consumers has however received far less attention than the repercussions of the legislation upon organisations. Much academic commentary has focused upon commending, comparing or criticising the European initiative: this article will look to these to gauge whether this ‘gold standard’ reform really ‘does what it says on the tin.’ It compares GDPR with DPD to set out the rationale for reform, having regard to the increased influence and advance of modern technologies in a globalised market; it then argues that the breakdown of technological boundaries means that the DPD had perhaps lost touch, in terms of territorial scope, definitions, and terminologies. It therefore then examines those rights and principles that give rise to greater consumer control over personal data, not least transparency, fairness, lawfulness and accountability. Arguably, changes were not truly ground breaking, given that these principles are similar to those set out in the earlier Directive. The rights contained in the 2016 Regulation clearly reinforce these core principles however, not least the rights to be forgotten, to have data access, and portability.  An enforcement mechanism is a crucial aspect of consumer control. The conclusion argues that, despite clearly improving individual control, the Regulation may still not provide adequate protection when it comes to the most advanced areas in the technological field, namely, where mechanisms automatically or unknowingly process personal data. With this area of law constantly developing, however, it may be premature to critique certain obscure methods of processing: UK citizens similarly face a perhaps unknowable future post-Brexit. The concept of  data protection remains a fundamental right however, given how the Charter of Fundamental Rights of the European Union works alongside the GDPR to uphold individual rights. In other words, both the Regulation – and the concept of a right to data protection  - may be redundant if existing in isolation; they must rely upon each other to operate effectively.   &nbsp