News

The Internet of Things – An Era of Total Connectivity

The Internet of Things (IoT) is a new phenomenon of the global digital world, introducing the era of so-called total connectivity. The main aim of the IoT is to maximise the use of information and knowledge (data) by means of their systematic collection, analysis and sharing, leading to higher efficiency, convenience and savings.

The basis for the IoT is use of the web (internet/local wireless web) that enables to interconnect "things" (systems) equipped with detectors or sensors that permit mutual communication of "things", thus making them smart. Thanks to their mutual interaction with other smart devices, the "things" can replace human intervention and decision-making. The IoT is gradually spreading into more and more spheres, such as industrial production, households, agriculture, healthcare and city administration. This means an increasing amount and ever greater interconnection of data, and thus a decrease in the extent to which the data can be controlled.

From the legal point of view, the IoT phenomenon raises many questions and legal risks:

Protection of data, privacy and personal data

In many cases, data processed within the IoT fall under the definition of personal data. The current rise of the IoT is bound to lead to limitless sharing of personal data and to a complete loss of control over such data, which totally contradicts the current EU-wide personal data and privacy protection rules. Nevertheless, it remains the responsibility of each data processor operating within the IoT to ensure compliance with personal data protection rules at all times.

Recently we witnessed more and more leaks of data and personal data. Even though this mostly affects sectors such as banking, insurance, telecoms or the health sector, an increase in data leaks among Tech-companies should be expected, too. This is because the IoT creates large quantities of data for the Tech-companies to handle from numerous sources, calling into question the extent of their control over this data.

Other major challenges that companies will face due to the difficulty of controlling data flow include the requirement to inform individuals about the extent of personal data processing or claims on the right to be "forgotten" (or deleted/disconnected from the IoT), such as Google lately faced in connection with preserving outdated links with personal data[1].

Another risk for companies is sharing of data that qualify for trade secrets or know-how. The uncontrollable sharing of know-how in the IoT can lead to a loss of legal protection, since the legal protection afforded to know-how or trade secrets in the Czech Republic is conditional on the careful concealment of this data.

Responsibility for acts performed by "things"

The interconnection of "things" and their ability to "act" individually and independently based on an analysis of the data obtained raises a crucial question: who is responsible for these acts, if the law recognises only the acts of natural and legal persons. Especially in B2B relationships, where controlled connection and interconnection of devices delivered or administered by different subjects within the IoT occurs (e.g. travel luggage communicates with a mobile phone or factory robots or vehicles communicate with other devices within or outside the business premises), it is important not to underestimate the content of the contractual arrangements with respect to the use of the IoT and the potential liability for damages caused by "things".