Salient Use Cases

Domotics: Smart Home Appliances

Several studies analyze the so-called consumer dilemma: how consumers choose and use Smart Home appliances and personalized information services over increased privacy concerns [60] and try to introduce contextual privacy norms in the Smart Home.

Studies show that users of Smart Home devices acknowledge the risks and are able to identify threats in relation to smart infrastructure [76, pp. 444-446]. Nevertheless, due to an observed “trust paradox,” they do not consider those threats as serious or important enough to take concrete measures except for trying to avoid providing more information than they consider necessary [76, pp. 444-446]. They may for instance avoid to download a particular app or use a device if they do not feel comfortable with the requested data sharing, or not consent to particular information flows related to a feature or further sharing with an advertising partner or social media platforms [77, p. 16].

Moreover, even though users are able to recognize general data flows, they are highly uncertain about specific data practices and wish to have greater awareness and control through user-friendly mechanisms and visual indicators which can assist users to understand and further contribute to the security of their smart devices [76, p. 446].

Smart Glasses

The European Data Protection Supervisor has outlined the main concerns regarding smart glasses projects.

Smart glasses are wearable computers with a mobile Internet connection that are worn like glasses or that are mounted on regular glasses. They allow to display information in the user’s view field and to capture information from the physical world using, e.g., camera, microphone and GPS receiver, e.g., for augmented- reality (AR) applications. As Internet-enabled devices, they can belong to the Internet of Things (IoT).

[61. p. 4]

Smart glasses have been piloted or are already in use mainly in the service of law enforcement agencies, whereas companies have launched projects for the production of affordable devices for widespread adoption. For instance, in China, use of Al-powered smart glasses have been reported to be used for combatting coronavirus spread [62]. According to EDPS, the considerations are similar as in the previous A29WP opinion on IoT. Even though the value of such technology in some fields has been recognized, the key concern is the capacity to record video and audio in a way that persons would not be aware of the recording [61], with or without the intention of the actual user [61, p. 11].

Thus, smart glasses like other wearable devices may collect data about a data subject who is not the owner or the user of the device. The A29WP highlighted that the application of the EU data protection law does not depend on ownership or use of a device, but on “the processing of the personal data itself, whoever the individual concerned by this data is” [9, p. 13].

Connected Vehicles and Mobility Related Applications

As one of the largest vehicle technologies exporters, the EU recognizes the driverless mobility benefits and risks in its approach from 2018 toward connected and automated mobility [63, p. 2], foreseeing a revision of the General Safety Regulation for motor vehicles. Connected vehicles have the potential to generate an enormous amount of data, both nonpersonal and personal. Those data will be vehicle generated data but also customer provided data, in other words data provided by the vehicle keepers, drivers, and passengers. Embedded communication devices will create new and personalized services and products, including roadside assistance and vehicle repair [63, p. 13], as well as a need for new ways ensuring liability such as data recorders to identify who was driving the car during an accident. Data will be increasingly and intensively shared in a wireless fashion with several stakeholders.

Connected vehicles can raise higher concerns in relation to data security, because security incidents can compromise road safety and ultimately physical integrity. For example, cyber-attacks could lead to remote taking control of the vehicle [63, p. 12]. This is even more so because there is no sector-specific approach on vehicle protection toward cyberattacks, provided that connected cars are composed of several components [63, p. 12].

Moreover, the processing of location data can lead to intrusiveness into one’s private life and indiscriminate surveillance or misuse of the data [64, p. 10]. The complexity of such systems also lays in the dynamic and multi-actor environments of machine-to-machine (M2M), vehicle-to-vehicle (V2V), and vehicle-to-infra- structure (V2I) communications. The EDPB Opinion prioritizes the legal ground of consent over other legal grounds. This prioritization has been criticized to be a static concept for a very dynamic framework. This concern has been specifically shared by the UNECE World Forum for Harmonization of Vehicle Regulations (WR29) stating that such concept is “not workable” in the context of the interconnected vehicles.

The European Commission Directorate General for Research and Innovation in its independent expert report on Ethics of Connected and Automated Vehicles provides several recommendations on road safety, privacy, fairness, explainability, and responsibility [65].

< Prev   CONTENTS   Source   Next >