IoT and Smart Home Data Breach Risks from the Perspective of Data Protection and Information Security Law

Authors

  • Goran Vojković University of Zagreb, Faculty of Transport and Traffic Sciences
  • Melita Milenković University of Zagreb, Faculty of Transport and Traffic Sciences
  • Tihomir Katulić University of Zagreb, Faculty of Law, Croatia

Keywords:

IoT, smart homes, security, data protection, personal data protection

Abstract

Background: IoT and smart devices have become extremely popular in the last few years. With their capabilities to collect data, it is reasonable to have concerns about the protection of users’ personal information and privacy in general. Objectives: Comparing existing regulations on data protection and information security rules with the new capabilities provided by IoT and smart devices. Methods/approach: This paper will analyse information on data collected by IoT and smart devices and the corresponding legal framework to explore whether the legal framework also covers these new devices and their functionalities. Results: Various IoT and smart devices pose a high risk to an individual's privacy. The General Data Protection Regulation, although a relatively recent law, may not adequately regulate all instances and uses of this technology. Also, due to inadequate technological protection, abuse of such devices by unauthorized persons is possible and even likely. Conclusions: The number of IoT and smart devices is rapidly increasing. The number of IoT and smart home device security incidents is on the rise. The regulatory framework to ensure data controller and processor compliance needs to be improved in order to create a safer environment for new innovative IoT services and products without jeopardizing the rights and freedoms of data subjects. Also, it is important to increase awareness of homeowners about potential security threats when using IoT and smart devices and services.

Downloads

Published

2020-11-21

Issue

Section

Information Systems Research Articles