Internet of Things (IoT)
The IoT is physical objects ('connected objects') that connect, sense and transmit data - wearables, smart meters, connected vehicles, and VVA-paired devices. Sensor data is often personal data (a smart meter sampling every two seconds can reveal the TV show being watched). Connected objects are terminal equipment, so the ePrivacy Directive applies to storing/accessing info on them; the strictly necessary exemption covers executing a user's voice request, but improvement or advertising needs consent. Transparency is hard on screenless devices. Bases: contract for executing requests, legitimate interest sometimes, often consent. Security is a major challenge.
| Role | Function |
|---|---|
| VVA provider/designer | Develops the VVA technology |
| VVA application developer | Creates applications using the VVA technology |
| Integrator | Manufactures the connected object and integrates the VVA app |
| Owner | Responsible for the physical space where the object is deployed |
| User | Verbally interacts with the VVA service |
Connected objects are terminal equipment. The ePrivacy Directive applies to storing/accessing info on them. Storage/access needed to understand and execute a user's verbal request falls under the strictly necessary exemption - but using data to improve a service or build advertising profiles needs notice and consent.
- Make it apparent the object is collecting data (lights, sounds, icons) - screenless devices are a transparency challenge
- Contract (Art 6(1)(b)) can cover executing registered users' requests, including personalisation that is an intrinsic and expected element
- Legitimate interest often fails for precise location or special category data (WP29)
- Voice data used to uniquely identify a person engages Article 9
- Security is hard: many devices on one network, rarely patched, always 'listening', remote attacks possible