Towards a Privacy Friendly “Internet of Things ” Rosa Barcelo Legal advisor European Data Protection Supervisor

Overview The Privacy/ Data Protection Concerns Implementing Privacy and Data Protection Safeguards Is Current Legislation Sufficient?

The Privacy/ Data Protection Concerns

Implementing Privacy and Data Protection Safeguards

Is Current Legislation Sufficient?

(1) The Privacy/ Data Protection Concerns Personal Data (PD) Stored in Tags (ID, Biometric, etc) or Connected to PD- Eavesdropping risk Tracking Users Without their Knowledge Profiling?; Influencing Users’ Behaviour?

Personal Data (PD) Stored in Tags (ID, Biometric, etc) or Connected to PD- Eavesdropping risk

Tracking Users Without their Knowledge

Profiling?; Influencing Users’ Behaviour?

(2) Implementing Privacy and Data Protection Safeguards Derive from Existing Data Protection Framework: General Data Protection Directive 95/46 e-Privacy Directive 2002/58

Derive from Existing Data Protection Framework:

General Data Protection Directive 95/46

e-Privacy Directive 2002/58

(2) Implementing Privacy and Data Protection Safeguards Data Protection/Security Impact Assessments Information about the Presence of Tags & Readers. Logos, Privacy Policies, & other ways.

Data Protection/Security Impact Assessments

Information about the Presence of Tags & Readers.

Logos, Privacy Policies, & other ways.

(2) Implementing Privacy and Data Protection Safeguards Legal Grounds For Processing & Security Obligations Explicit Consent Necessary if Tags Remain Active After the Point of Sale. Flexibility (tag not necessarily killed- dormant) Privacy by Design (Best Available Techniques)

Legal Grounds For Processing & Security Obligations

Explicit Consent Necessary if Tags Remain Active After the Point of Sale.

Flexibility (tag not necessarily killed- dormant)

Privacy by Design (Best Available Techniques)

(3) Is Current Legislation Sufficient? In Principle Clear Need for Guidance & Interpretation of the Application of Existing Legislation. Depending on the Effectiveness of the Above it is Not Excluded that Additional Legislation May be Necessary

In Principle Clear Need for Guidance & Interpretation of the Application of Existing Legislation.

Depending on the Effectiveness of the Above it is Not Excluded that Additional Legislation May be Necessary

Thank you! rosa.barcelo @ edps.europa.eu www.edps.europa.eu Tel: 02/2831927 Postal address: Rue Wiertz 60 - B-1047 Brussels

Thank you!

rosa.barcelo @ edps.europa.eu

www.edps.europa.eu

Tel: 02/2831927

Postal address:

Rue Wiertz 60 - B-1047 Brussels