An important topic in the first two work modules is to examine how changes in the legal environment affect the innovative activities of companies. For major technological innovations, which undoubtedly represent smart products, the opposite question is also very interesting: how does the legal system adapt to technological changes? In this working module, the research group will explore the mechanisms that foster feedback between technological changes and adjustments to the legal system over time, with a particular focus on a proactive legal approach to innovation. The form and drivers of these adaptation processes are not yet well understood. In this working module, the research group studies the relevant regulatory “ecosystem” and the role of new approaches to regulating innovations, such as regulatory sandboxes, in the context of smart products. Data subject. In the context of the GDPR, home automation users are treated as data subjects. Until their personal data is collected only for domestic purposes, it falls under this designatum. However, the smart home business model requires that data be sent to manufacturers. Therefore, the possibility of applying this exclusion is rather minimal. Contract.
Another legal basis for the processing of personal data is a contract. Article 7b of the GDPR states that the processing is lawful if it is necessary for the performance of a contract to which the data subject is a party. Operations with data are legitimized after the signing of the contract and only affect the data subject, who is a party. The second limitation is the need to process the data in order to perform a contract. According to this provision, the collection of data from persons who are not parties is prohibited. [3] [1] C. McGoonan Why your smart TV is the perfect way to spy on you [Website], 2017, www.telegraph.co.uk/technology/2017/03/08/smart-tv-perfect-way-spy It may seem that the basis of a contract is unlikely to be widely used in smart homes. It is difficult to imagine that each member of the family will be a contracting party. This is impossible because many smart home residents are not legally capable. In addition, a smart home is always a home. Friendliness is part of human nature and it`s hard to imagine welcoming customers by forcing them to sign a contract will be a new tradition.
Moreover, this type of consent cannot be considered voluntary. Finally, smart home dwellers also need to make the effort and ask themselves an essential question: how much of my privacy am I willing to sacrifice to eat crispy toast in front of Vizio TV? [1] J. Kastrenakes Most smart TVs follow you – Vizio just got caught [Website], 2017, It should be borne in mind that smart home devices are always listening to you. It is true that they are activated after using a hint word, but they must first hear it. Having a smart device is like allowing someone to install bugs in your home. [17] It should be noted that smart devices also record ambient noise. In everyday conversations, we transmit a large amount of information. Therefore, it is not surprising that an advertisement that has just appeared on the computer screen is related to a conversation we had with our loved ones the day before. The processing of personal data involves the activities of many companies. These actors are: the data subject, the processor and the controller.
Defining who plays what role in a smart home is important for many legal reasons. Processors and controllers are responsible for personal data breaches, while data subjects have, among other things, the right to data portability and withdrawal of consent. One of the methods of data extraction is the smart home. The amount of information collected there is immense. Unfortunately, few people know this. To make their lives easier, they decide to live in smart homes. And the price paid for living there is not money, but the privacy, personal data and safety of residents. It should also be added that the concept of data subject cannot be limited to residents alone. The devices also record visitors` movements, collect and process data about them. This means that it is necessary to have a legal basis for the processing of visitor data.
[8] This is another legal challenge. Both methods represent a proactive approach as they focus on preventing data breaches rather than eliminating their consequences. This is a risk-based approach. Each controller assesses the risk of the technology and selects the best way to protect the data.