Introduction
The subject of Internet of Things and Big Data has extensively discussed recently and became an issue of high importance. Understanding how this technological revolution is being affected by law and, at the same time affecting the law and national and european legislations mainly in addition to the individuals data protection will be the subject matter of this paper. Examination of that subject, in the context of european legislations in the EU, selected countries within the EU and the upcoming novelisation of the laws will provide with a valuable outcome and the forecast for the application of the IoT technological development.
1. Internet of Things and Big Data. The rise of new terms and their meaning in relation to each other.
1.1. The Internet of Things.
The discussion about Internet invading everyday life, outside ‘the computational zone’ dates back to the 1990s. Even than, beliefs in the concept of Internet having a meaningful impact on all areas of life were considered controversial. Although still in its infancy, the Internet of Things (hereinafter referred to as IoT) was implemented into our everyday reality and is there to stay. It began with ‘augmented reality’, ‘geolocation’ or ‘QR codes’ and is constantly emerging. In 2015 various predictions estimated that around five billion devices were connected to the Internet. This amount is expected to rise six times within the next five years. According to Gartner Inc., approximately 5.5 million new devices, on average, are being connected to the Internet daily.
Although there is no officially established definition of the IoT, for the purposes of this paper, the subject matter should be explained in the most adequate way according to the research question. For that reason, the most suitable definition seems to be one which contains the keywords symbolising the legal issues related to the IoT. Having said that, the IoT can be defined as: ‘[…] a network of networks that enables to identify digital entities and physical objects, directly and without ambiguously, via standardised and unified electronic identification systems and wireless mobile devices, and thus makes it possible to retrieve, store, transfer and process data relating to them, without discontinuity between the physical and virtual worlds’.
In his work, cited above, Eric Barbry suggests the symbolic interpretation of the symbolic key words as following:
‘network of networks’ implying topics of ownership and standards;
‘identification system’ implying the subject of traceability and monitoring;
‘physical objects’ stating quality and related matters issue;
‘data’ in relation to subjects such as quality and ownership but also processing, storage and collection;
‘processing of data’ – relevance and liability.
IoT is a concept, in which the main goal is to move the integration between the online and offline worlds forward, in order to commence the new way of living – more convenient, some would say, but at the same time based on sharing personal with different stakeholders. This is possible due to the online presence through chips built into the everyday life objects. Moreover, a survey conducted by Goldman Sachs in 2014 represents five key IoT areas of representation, among which we find wearables, connected cars, connected homes, connected cities and industrial Internet. That proves how IoT blends into everyday life and daily activities.
While discussing basis of the IoT, after mentioning the ‘integration’ between the online environment with the ‘real world’, it needs to be examined how is the integration conducted, in other words, how are the IoT objects connected. Current, well known and common ways of connecting devices to the Internet, such as wires or hotspots, are not sufficient for the IoT. Objects being part of the IoT environment are supposed to be everywhere, accompany the users in everyday life, wherever they are. This is why those objects need to be released from technical constraints, such as sockets or WI-FI hotspots. One of the current approaches towards connecting objects to the Internet are RFID (radio frequency identification) chips. Those are parts of sensors network, using radio frequency to achieve Internet connection between the object and the source of Internet. It is a predicate to computer identification and assimilation of everyday physical objects, enabling the use of these objects to be monitored and analysed by the computers. Although characterised before as ‘one of the current approaches’, the RFID technologies are not new, they were patented 30 years ago. It is only the new way of using them, in the IoT environment that constitutes novelty.
Already existing RFID chips are likely to be implemented everywhere, in all devices and spaces, to collect and process data not only about the users but also about unconscious entities that pass by the installed chip, for instance in a store. Such kind of data, collected by a sensor, will be transmitted to the nearby computer, for the purpose of its processing and analysis. Whoever is the proprietor of the chip could receive a valuable outcome. RFID technology enables computers to observe, identify and analyse the environment – without the limitations of human-entered data. That brings to a conclusion, that soon, with the emergence of RFID sensor equipped devices, the awareness of how much, where and when the data about peoples behaviour (not necessarily personal data) is being captured, under who’s control and for what purpose will be unlikely to exist.
This also leads to one of the crucial legal questions, related to IoT and data being collected, processed and stored by those devices, which is: whether such devices are able to disconnect from the networked environment, achieve the so called “silence of the chips”.
1.2. Big Data
Despite ‘Big Data’ has become and ubiquitous term, at the same time it is an undefinable one. The existing definitions are ambiguous and considered descriptions of the term more than its explanations. Similarly, as with the previous example of IoT, for the purpose of this paper, it is crucial to undertake an attempt to define it in the context of the research questions.
Big Data is about analysis and processing large data repositories, so disproportionately huge that at the same time impossible to be treated and interpreted using currently available and conventional tools of analytical databases. Big Data also requires exceptional technologies to efficiently process large quantities of data and to analyse it in a requested mode. Moreover, the biggest technological challenge in this environment is not where to store Big Data but how to interpret it, so that the outcome, conducted lawfully makes most valuable sense.
The term itself refers to large amounts (the amount, although unmeasurable is crucial to the creation of the ‘Big Data’ term) of different types of data produced from various types of sources, among which humans, machines, sensors can be found. Because human related data is one of the Big Data sources, it can be also considered personal data, as it relates to an individual. Its worth stating at this point, as this paper examines Big data in the context of IoT environment, with the devices using the IP address, which allows profiling the data subjects. Among different kind of personal data, such as photos of individuals, e-mail addresses, personal details etc. there is also IP address considered personal data. A very recent judgement of the European Court of Justice in the Breyer case states that dynamic IP address is an example and constitutes personal data. Moreover, it is a relevant to state that the IoT devices are mostly servers and switches, firewalls and routers, laptops, phones and tablets using the IP to IP connectivity. Thanks to network address translation and private network addressing, a unique IP address is not necessary in the IoT devices and many machines can have the same address.
Although at the term “data” is not a novelty and has been commonly used since decades, the collocation ‘big data’ has become a new one in an everyday vocabulary. This is why it is worth explaining that such term, including the ‘big’ adjective. Big Data is related to a dataset when it meets the “four Vs” requirements: Volume, Variety, Velocity and Value. That is a simple way of exemplifying that Big Data processing is about large volumes of various information collected at high velocity to define it, after analysis with added value.
As it started growing as a mean of managing information nowadays, shaping a Big Data term became a necessity. Looking into the direction of data development while it constitutes plenty of advantages, there are some concerns in relation to individuals in the ‘connected’ spaces. The collected data can be used against individuals freedoms and rights in many ways. On the European Data Protection Supervisors Office website, in the Big Data definition section, we can find such sentence can be found: ‘businesses and governments are more and more using big data to understand, predict and shape human behaviour. Big data is therefore a long term strategic concern for data protection and privacy regulators. It puts strain on not only privacy and data protection, but other fundamental rights including freedom of expression and non-discrimination.’ The most concerning part of it is one stating that Big Data can be used as a mean of shaping human behaviour.
2. Big Data collection, storage and processing the Internet of Things environment. Overview of the selected legal standards in the European Union with a comparative approach to the United Kingdom and Germany.
Making sure, the Big Data subject in the Internet of Things context is treated exhaustively, it needs to be clarified what is the relationship between those two environments. Data aggregated by individual devices, no matter wether ‘smart’, ’intelligent’ or not, does not always provide with sufficient information in order to achieve expected or wanted outcome, suitable for the analysis. Whereas, data aggregated from numerous physical devices, equipped with sensors connected to virtual, Internet reality, can provide a broad scope of knowledge, that can apply to various areas. To exemplify a few of them, it is worth mentioning disaster management, customer sentiment analysis, smart cities, among which all sorts of smart institutions like universities, libraries etc. and surveillance of different kinds (i.e. bio – surveillance, or surveillance in correctional facilities, such as jails). Big Data collection and analysis in the Internet of Things environed undoubtedly has got many objectives. Probably the most self – explanatory example would be the one describing smart cities. In such cases, with sensors built in the city infrastructure, collecting and analysing data about the life of a city organisms would probably lead to