This article analyses, defines, and refines the concepts of ownership and personal data. It critically examines the traditional dividing line between personal and non-personal data and argues for a strict conceptual separation of personal data from personal information. The article also considers whether, and to what extent, the concept of ownership can be applied to personal data in the context of the Internet of Things (IoT).
This consideration is framed around two main approaches shaping all ownership theories: bottom-up and top-down approach. Via these dual lenses the article reviews existing debates relating to four elements supporting introduction of ownership of personal data, namely the elements of control, protection, valuation, and allocation of personal data. It then explores the explanatory advantages and disadvantages of the two approaches in relation to each of these elements as well as to ownership of personal data in IoT at large. Lastly, the article outlines a revised approach to ownership of personal data in IoT that may serve as a blueprint for future regulatory and policy debates in the context of EU law and beyond.'Your Smart Coffee Machine Knows What You Did Last Summer: A Legal Analysis of the Limitations of Traditional Privacy of the Home under Dutch Law in the Era of Smart Technology' by Lisa van Dongen and Tjerk Timan in (2017) 14(2) SCRIPT-ed 208 comments
Today, the Internet has become one of our prime platforms for communication and consumption. Moving beyond the personal computer or smartphones only, increasingly other devices are being connected to the Internet, from coffee machines and watches to beds and toys. Our homes and our activities in the home are thus becoming more and more transparent, due to such objects entering our homes. Through these objects, new forms of spying can be conducted, both qualitatively and quantitatively, that are more invasive than any spying taking place by physically entering and searching the home today. While the rapidly advancing development of the smart(er) home is both undeniably exciting and promising, it is accompanied by a great deal of inadequately answered or otherwise unanswered questions that seem unable to slow its development down enough for us to properly address them. Potential problems arise from many uncertainties regarding these technologies. For instance, where do the digital perimeters of the protected home end? How will privacy be protected, and from whom? Or, in light of the rise of autonomous technological objects, should we start asking from what? Even though it is not possible to properly address and find an answer to these questions in the limited size of this paper, if at all at the present time, these questions are important to raise and consider for the protection of privacy in an increasingly smart(er) world”.
Instead, this paper will address the question: are the existing definitions of privacy of the home adequate to deal with today’s challenges posed by ‘smart home’ technologies? The focus of this analysis will be on the legal landscape of the Netherlands. As will be argued throughout this paper, this question is answered in the negative. To demonstrate that some of the privacy-related problems are more pressing than most people seem to realise, this paper will first elaborate on developments and implications of smart technologies for the home environment in the second section. This will be followed by a breakdown of some of the elements of the Dutch “home right” in the third section of this paper, for which the focus will be on the meaning and ramifications of the limited legal definitions used for both the “home” and “entering”. In addition, the potential and limits of data protection to account for these weaknesses will be explored in the fourth section. Furthermore, two smart objects will be analysed in the fifth section, namely the smart thermostat and the smart toy ‘Hello Barbie’. These analyses will be used to illustrate the weaknesses under the existing scope of data protection and the “home right”.
This paper aims to convey two messages. First, that the traditional understanding of privacy of the home in the Netherlands is in need of reconsideration in the era of smart technology. Second, that the ramifications of smart technologies in the home environment require a (stronger) protection of privacy, not just against the state, but increasingly also in horizontal relations.