Beside team communications, this blog features posts written by community members. If you have a Lift account you can also share your thoughts and ideas by clicking here. Here is food for thought about privacy and the internet of things shared by Italian ICT and privacy law expert Nicola Fabiano.

We are living in a globalized era and the fast process of technologies evolution modify our lifestyles. In fact, with reference to the Internet of Things (IOT hereafter), there are issues related to privacy, with security and responsibility.

IOT system leads to the transfer of information over the Internet, using for instance RFID technology. Personal Information may be transmitted only when the subject where is installed the microchip is linked to a person.

Obviously, there are two possibilities regarding the connection to the person: (1) We could have a direct link when the user is aware of the possible transmission of personal data and lend consent to this. (2) Alternatively, the connection may be indirect when the object is not linked explicitly with the user but only through the use of information that belong to the person. Imagine if the person buys a object with RFID or similar technology, but it isn’t linked to the object. In the purchase process, if the person can be identified through payment with credit cards or loyalty cards that indicate the type product purchased, you could have an indirect connections.

In fact, the person may have previously provided his or her consent for the dissemination of data relating to purchases (the simplest example concerns the supermarkets or big chains) for advertising purposes. In this way, a connection could be achieved with the indirect result of the person connecting to those purchased.

In terms of privacy, may a person be protected? Who manages personal data? Where will this data be stored? Hence the responsibility to set and adopt appropriate security measures. Regarding the legal framework, IoT hence generate a privacy system sui generis, because we will have a system with a sum of single privacy right. Which is why we should talk about privacies instead of privacy.