Chen, J. orcid.org/0000-0002-1970-6762, Edwards, L., Urquhart, L. et al. (1 more author) (2020) Who is responsible for data processing in smart homes? Reconsidering joint controllership and the household exemption. International Data Privacy Law, 10 (4). pp. 279-293. ISSN 2044-4001
Abstract
The growing industrial and research interest in protecting privacy and fighting cyberattacks for smart homes has sparked various innovations in security- and privacy-enhancing technologies (S/PETs) powered by edge computing. The complex technical set-up has however raised a whole series of legal issues surrounding the regulation of smart home with data protection law.
To determine how responsibility and accountability should be fairly assumed by stakeholders, there is a pressing need to first clarify the roles of these parties within the existing data protection legal framework. This article focuses on two legal concepts under the General Data Protection Regulation (GDPR) as the mechanisms to (dis)assign responsibilities to various categories of entities in a domestic Internet of Things (IoT) context: joint controllership and the household exemption.
A close examination of the relevant provisions and case-law shows a widening notion of joint controllership and a narrowing scope for the household exemption. While this interpretative approach may prevent evasion of accountability in specific cases, it may lead to the unintended consequence of imposing disproportionate compliance burdens on developers, contributors, and users of smart home safety technologies. By discouraging users to adopt S/PETs, data protection law may likely lead to a lower level of privacy and security protection.
The differential responsibilities among joint controllers as envisaged in case-law may reconcile the tensions to some degree, but certain limitations remain. The regulatory dilemma in this regard highlights some underlying assumptions of data protection law that are no longer valid with regard to a smart home, and thus calls for further conceptual and empirical studies on fair reassignment of responsibility and accountability in a domestic IoT setting.
Metadata
Item Type: | Article |
---|---|
Authors/Creators: |
|
Copyright, Publisher and Additional Information: | © The Author(s) 2020. Published by Oxford University Press. This is an Open Access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted reuse, distribution, and reproduction in any medium, provided the original work is properly cited. |
Dates: |
|
Institution: | The University of Sheffield |
Academic Units: | The University of Sheffield > Faculty of Social Sciences (Sheffield) > School of Law (Sheffield) |
Depositing User: | Symplectic Sheffield |
Date Deposited: | 10 Mar 2022 15:21 |
Last Modified: | 10 Mar 2022 15:21 |
Status: | Published |
Publisher: | Oxford University Press (OUP) |
Refereed: | Yes |
Identification Number: | 10.1093/idpl/ipaa011 |
Related URLs: | |
Open Archives Initiative ID (OAI ID): | oai:eprints.whiterose.ac.uk:184614 |