Year-end Sale % OFF 
Abstract
There is an increasing role for the IT design community to play in regulation of emerging IT. Article 25 of the EU General Data Protection Regulation (GDPR) 2016 puts this on a strict legal basis by establishing the need for information privacy by design and default (PbD) for personal data-driven technologies. Against this backdrop, we examine legal, commercial and technical perspectives around the newly created legal right to data portability (RTDP) in GDPR. We are motivated by a pressing need to address regulatory challenges stemming from the Internet of Things (IoT). We need to find channels to support the protection of these new legal rights for users in practice. In Part I we introduce the internet of things and information PbD in more detail. We briefly consider regulatory challenges posed by the IoT and the nature and practical challenges surrounding the regulatory response of information privacy by design. In Part II, we look in depth at the legal nature of the RTDP, determining what it requires from IT designers in practice but also limitations on the right and how it relates to IoT. In Part III we focus on technical approaches that can support the realisation of the right. We consider the state of the art in data management architectures, tools and platforms that can provide portability, increased transparency and user control over the data flows. In Part IV, we bring our perspectives together to reflect on the technical, legal and business barriers and opportunities that will shape the implementation of the RTDP in practice, and how the relationships may shape emerging IoT innovation and business models. We finish with brief conclusions about the future for the RTDP and PbD in the IoT.
Highlights
Bringing the new right to data portability (RTDP) from an abstract legal provision in Article 20 of the EU General Data Protection Regulation (GDPR) 2016 into practice requires a greater role for the IT design community
We focus on how IT designers can use Privacy by Design (PbD) approaches to respond to these RTDP obligations
We are interested in how the RTDP plays out for the technological context of the domestic Internet of things (IoT)
Summary
Bringing the new right to data portability (RTDP) from an abstract legal provision in Article 20 of the EU General Data Protection Regulation (GDPR) 2016 into practice requires a greater role for the IT design community. IT designers are increasingly being called upon to engage with regulatory compliance through Article 25 of the GDPR This provision establishes the legal obligation to do information privacy by design and default for personal data-driven technologies. Mundane design decisions around supported interactions and how a system handles data (e.g. cloud or local storage) can limit control and transparency around the personal data flows This can impact user comprehension about how their data are being used (e.g. for profiling, targeted behavioural advertising, law enforcement investigations), and . PIMS support realisation of legal rights by giving users greater control over their personal data. They provide a route to rebalancing power asymmetries between users and service providers, by disrupting emergent commercial practices of IoT services. We finish with brief conclusions about the ongoing relationship between RTDP and PbD for the IoT
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
