Internet of Things & Personal Data Protection: A Critical EU Law Perspective

  • Arusmita Acharya and Bharath Chandran P S
  • Show Author Details
  • Arusmita Acharya

    Student at O P Jindal Global Law School, India

  • Bharath Chandran P S

    Student at O P Jindal Global Law School, India

  • img Save PDF


Technology has advanced dramatically since the late twentieth century. The emergence of technology has been one of the most important technological landmarks as far as the modern day is concerned. Technology that was just limited to computers has progressed on to mobile devices and other smart devices leading to a new area of autonomous data communication devices known as Internet of Things also known as IoT . Several experts see the Internet of Things as the next industrial revolution. The Internet of Things ('IoT') has become an integral component of major metropolitan infrastructure, for example, increasing quality of life through connected healthcare, transportation, and security. The Internet of Things is also present in homes where the technology is used for home automation, such as automatic lighting, heating, and other smart devices. People use these smart devices to track their well-being and daily activities. Huge volumes of personal data are often collected and recorded as a result of the rising use of contemporary technology, and they may be used to identify the location of a person's home or office, to track habits and lifestyle, or to target advertising depending on the data subject's objectives. As technology has improved, there has been an on-going need to enact regulations that keep pace with these developments. The main aim of our research paper is to analyse the challenges that have been put forward by the IoT in the data protection sphere and how the data protection rules in the EU mainly the E-Privacy directive and the GDPR has been able to cope up with the challenges that has been put forward by the IoT. We would also look into the challenges that the data subjects would have to face in this regard and what could be the appropriate solution for these key issues. The Internet of Things (IoT) phenomena must examine legal problems with data protection regulations. Even with the use of technologies that cannot always ensure an adequate degree of security, the Internet of Things is not immune to data protection threats. The biggest threat to privacy in the Internet of Things is profiling, which allows natural individuals to be identified using confidential information. However, there are certain concerns with possible repercussions for data security and responsibility in terms of privacy and security threats. The Internet of Things system enables the flow of data, including personal data, through the Internet. The research would be divided into four main chapters. Firstly what is Internet of things and its evolution. The second chapter would deal with the EU Data Protection mainly The GDPR and E-Privacy Directive and its implications with respect to IoT. The third chapter would be focused on the Personal data Processing by IoT and Data Subjects. The final chapter would be concluding remarks and suggestion that we have put forward.


Research Paper


International Journal of Legal Science and Innovation, Volume 3, Issue 4, Page 124 - 133


Creative Commons

This is an Open Access article, distributed under the terms of the Creative Commons Attribution -NonCommercial 4.0 International (CC BY-NC 4.0) (, which permits remixing, adapting, and building upon the work for non-commercial use, provided the original work is properly cited.


Copyright © IJLSI 2021