当前位置:
X-MOL 学术
›
Int. Data Priv. Law
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Who is responsible for data processing in smart homes? Reconsidering joint controllership and the household exemption
International Data Privacy Law ( IF 2.6 ) Pub Date : 2020-09-02 , DOI: 10.1093/idpl/ipaa011 Jiahong Chen 1 , Lilian Edwards 2 , Lachlan Urquhart 3 , Derek McAuley 4
International Data Privacy Law ( IF 2.6 ) Pub Date : 2020-09-02 , DOI: 10.1093/idpl/ipaa011 Jiahong Chen 1 , Lilian Edwards 2 , Lachlan Urquhart 3 , Derek McAuley 4
Affiliation
The growing industrial and research interest in protecting privacy and fighting cyberattacks for smart homes has sparked various innovations in security- and privacy-enhancing technologies (S/PETs) powered by edge computing. The complex technical set-up has however raised a whole series of legal issues surrounding the regulation of smart home with data protection law. To determine how responsibility and accountability should be fairly assumed by stakeholders, there is a pressing need to first clarify the roles of these parties within the existing data protection data protection legal framework. This article focuses on two legal concepts under the GDPR as the mechanisms to (dis)assign responsibilities to various categories of entities in a domestic IoT context: joint controllership and the household exemption. A close examination of the relevant provisions and case-law shows a widening notion of joint controllership and a narrowing scope for the household exemption. While this interpretative approach may prevent evasion of accountability in specific cases, it may lead to the unintended consequence of imposing disproportionate compliance burdens on developers, contributors, and users of smart home safety technologies. By discouraging users to adopt S/PETs, data protection law may likely lead to a lower level of privacy and security protection. The differential responsibilities among joint controllers as envisaged in case-law may reconcile the tensions to some degree, but certain limitations remain. The regulatory dilemma in this regard highlights some underlying assumptions of data protection law that are no longer valid with regard to a smart home, and thus calls for further conceptual and empirical studies on fair reassignment of responsibility and accountability in a domestic IoT setting.
中文翻译:
谁负责智能家居中的数据处理?重新考虑共同控制和家庭豁免
工业和研究对保护隐私和对抗智能家居网络攻击的兴趣日益浓厚,引发了由边缘计算驱动的安全和隐私增强技术 (S/PET) 的各种创新。然而,复杂的技术设置引发了一系列围绕数据保护法监管智能家居的法律问题。为了确定利益相关者应如何公平承担责任和问责制,迫切需要首先明确这些各方在现有数据保护数据保护法律框架内的作用。本文重点介绍 GDPR 下的两个法律概念,即在国内物联网环境中将责任分配给各类实体的机制:联合控制权和家庭豁免权。对相关规定和判例法的仔细研究表明,共同控制的概念不断扩大,而家庭豁免的范围也在缩小。虽然这种解释方法可以防止在特定情况下逃避责任,但它可能会导致意想不到的后果,即对智能家居安全技术的开发人员、贡献者和用户施加不成比例的合规负担。通过阻止用户采用 S/PET,数据保护法可能会导致隐私和安全保护水平较低。判例法中设想的联合控制人之间的不同责任可能会在一定程度上调和紧张局势,但仍然存在某些限制。这方面的监管困境凸显了数据保护法的一些基本假设,这些假设对于智能家居不再有效,
更新日期:2020-09-02
中文翻译:
谁负责智能家居中的数据处理?重新考虑共同控制和家庭豁免
工业和研究对保护隐私和对抗智能家居网络攻击的兴趣日益浓厚,引发了由边缘计算驱动的安全和隐私增强技术 (S/PET) 的各种创新。然而,复杂的技术设置引发了一系列围绕数据保护法监管智能家居的法律问题。为了确定利益相关者应如何公平承担责任和问责制,迫切需要首先明确这些各方在现有数据保护数据保护法律框架内的作用。本文重点介绍 GDPR 下的两个法律概念,即在国内物联网环境中将责任分配给各类实体的机制:联合控制权和家庭豁免权。对相关规定和判例法的仔细研究表明,共同控制的概念不断扩大,而家庭豁免的范围也在缩小。虽然这种解释方法可以防止在特定情况下逃避责任,但它可能会导致意想不到的后果,即对智能家居安全技术的开发人员、贡献者和用户施加不成比例的合规负担。通过阻止用户采用 S/PET,数据保护法可能会导致隐私和安全保护水平较低。判例法中设想的联合控制人之间的不同责任可能会在一定程度上调和紧张局势,但仍然存在某些限制。这方面的监管困境凸显了数据保护法的一些基本假设,这些假设对于智能家居不再有效,
京公网安备 11010802027423号