IoT and Smart Home Data Breach Risks from the Perspective of Data Protection and Information Security Law

BackgroundIoT and smart devices have become extremely popular in the last few years. With their capabilities to collect data, it is reasonable to have concerns about the protection of users’ personal information and privacy in general. ObjectivesComparing existing regulations on data protection and information security rules with the new capabilities provided by IoT and smart devices. Methods/approachThis paper will analyse information on data collected by IoT and smart devices and the corresponding legal framework to explore whether the legal framework also covers these new devices and their functionalities. ResultsVarious IoT and smart devices pose a high risk to an individual's privacy. The General Data Protection Regulation, although a relatively recent law, may not adequately regulate all instances and uses of this technology. Also, due to inadequate technological protection, abuse of such devices by unauthorized persons is possible and even likely. ConclusionsThe number of IoT and smart devices is rapidly increasing. The number of IoT and smart home device security incidents is on the rise. The regulatory framework to ensure data controller and processor compliance needs to be improved in order to create a safer environment for new innovative IoT services and products without jeopardizing the rights and freedoms of data subjects. Also, it is important to increase awareness of homeowners about potential security threats when using IoT and smart devices and services.