The Article 29 Working Party (WP29) has adopted an opinion (8/2014) on recent developments on the Internet of Things (IoT). It focuses on wearable computing (everyday objects and clothes, like watches and glasses), quantified self (things designed to be regularly carried by individuals who want to record information about their own habits and lifestyles, for example, sleep trackers and devices that measure weight, pulse and other health indicators) and domotics (home automation). The opinion does not, therefore, deal with B2B applications and more global issues like smart cities, smart transportations, or machine to machine (M2M) developments.

The WP29 stresses that the Data Protection Directive is fully applicable to the IoT. However, in view of the IoT's complex ecosystem, the opinion highlights essential data protection obligations, including security issues, and provides a comprehensive set of practical recommendations addressed to stakeholders like device manufacturers, application developers, social platforms, further data recipients, data platforms and standardisation bodies.

The IoT is on the threshold of integration into our daily lives. Already, smart things are being made available which monitor and communicate with our homes, cars, work environment and physical activities. While recognising that the IoT holds significant prospects for growth for a great number of EU companies and benefits for citizens, the WP29 stresses that this should not be to the detriment of addressing the many privacy and security concerns that are associated with it. In order to be successful, stakeholders should enable users to remain in control of the sharing of their personal data and rely as much as possible on their consent.

Source: Opinion (8/2014), 16 September 2014 and Article 29 Working Party press release, 22 September 2014.