The Internet of Things (IoT) and the Meaning of 'personal data': a Case Study in Regulation of Rights

Megan Richardson, Damien Clifford, Karin Clarke, R. Bosua

Research output: Contribution to journalArticleAcademicpeer-review

Abstract

This article considers the different meanings of "personal data"/"personal information" in modern data protection regimes. It notes that legislative meaning as framed, construed and applied is not necessarily treated as corresponding directly to common lexical meaning. Indeed, it often reflects a policy choice about what should be regulated and covertly what should be treated as beyond regulation. The meaning ascribed to "personal data"/"personal information" as set out in data protection regime and deployed in policy decisions by commissioners and courts offers an example of meaning more or less shaped by considerations of rights. Specifically, the Article considers the meaning of "personal data" with respect to data processing by the Internet of Things (IoT), suggesting that the treatment of such data as "personal data" provides a useful case study on policy decisions to seek to regulate, or not, the processing of data under a modern data protection regime. As to relevant policies, the Article argues that a broad flexible definition of "personal data" fits well with a human rights approach (and need not be inconsistent with an economic approach to rights) but this does not preclude, and ideally should be combined with, a rigorous economic approach to the question of how regulation can be designed to efficiently foster innovation and minimise harm in the most cost-effective way.This article considers the different meanings of "personal data"/"personal information" in modern data protection regimes. It notes that legislative meaning as framed, construed and applied is not necessarily treated as corresponding directly to common lexical meaning. Indeed, it often reflects a policy choice about what should be regulated and covertly what should be treated as beyond regulation. The meaning ascribed to "personal data"/"personal information" as set out in data protection regime and deployed in policy decisions by commissioners and courts offers an example of meaning more or less shaped by considerations of rights. Specifically, the Article considers the meaning of "personal data" with respect to data processing by the Internet of Things (IoT), suggesting that the treatment of such data as "personal data" provides a useful case study on policy decisions to seek to regulate, or not, the processing of data under a modern data protection regime. As to relevant policies, the Article argues that a broad flexible definition of "personal data" fits well with a human rights approach (and need not be inconsistent with an economic approach to rights) but this does not preclude, and ideally should be combined with, a rigorous economic approach to the question of how regulation can be designed to efficiently foster innovation and minimise harm in the most cost-effective way.
Original languageEnglish
Pages (from-to)503-522
Number of pages20
JournalRevue Européenne de Droit de la Consommation / European Journal of Consumer Law
Volume20
Issue number3
Publication statusPublished - Jan 2021

Fingerprint

Dive into the research topics of 'The Internet of Things (IoT) and the Meaning of 'personal data': a Case Study in Regulation of Rights'. Together they form a unique fingerprint.

Cite this