IoT Standardization - The Approach in the Field of Data Protection as a Model for Ensuring Compliance of IoT Applications?

Abstract

The IoT applications will have an unprecedented influence on our private and professional lives. IoT promises, next to advanced machine-to-machine interaction, delivery of a next level of man-to-machine communication based on a smart, global communications infrastructure. One of the characteristics setting the IoT apart is a broad range of critical issues that can be associated with the use, and hence development of IoT applications. Next to data protection and security issues, this could include ethics, responsibility, liability, insurance, accountability and autonomy, to issues relating to conditions for market access. To the extent standards play a role, it is of utmost importance to choose the right regulatory model, given the fundamental issues at stake. The existing New Approach, being the dominant regulatory model for applying standards in relation to EU product legislation, has been criticized for lacking legitimacy of standard-setting procedures and lacking judicial review. The global nature of IoT standardization will put further pressure on the role of the European Standardization System and give rise to further concerns regarding these issues. Recently, the General Data Protection Regulation, a legal instrument to regulate the processing of personal data, was adopted in the European Union. The Regulation endorses standardization, both explicitly and implicitly, but in a different way from the New Approach model. One could speak of a 'data protection model' in that respect, given the 'sensitive' nature of data protection on the one hand and ethics, liability, accountability issues in the IoT context on the other, the new model might prove to be appropriate for using standards in regulating those critical issues as well.