In his piece for EUobserver “EU e-privacy proposal risks breaking ‘Internet of Things’” Nick Wallace argues that forthcoming ePrivacy Regulation (ePR) could throw sand in the gears of Internet of Things by unnecessary regulation.
In contrast to the General Data Protection Regulation (GDPR), which imposes strict limits on how companies can use personal data in general, the ePR proposes even stricter rules to protect the secrecy of electronic communications, like emails and voice calls.
The ‘Internet of Things’ – smart connected devices that transmit data over a network – offer myriad benefits to society, from helping people keep track of their fitness and providing drivers with live traffic information, to monitoring air quality and automating homes and factories. The ePR would prohibit all data processing not necessary to provide a service and require explicit user consent in all cases, while the GDPR is more flexible. Unfortunately, the ePR doesn’t make distinction between machine-to-machine transmissions that contain human communications, like smartwatches and baby monitors, and those that do not, like internet-connected air and water quality sensors.
To fix the problem, the author advocates that EU policymakers need to clarify that the ePR should not apply to IoT devices that transmit neither personal information nor private communications between people.
Wallace notes that EU policymakers have already created major problems for Europe’s digital economy with the GDPR, which imposes several unnecessary restrictions — particularly on the use of artificial intelligence — that will undermine technological innovation in Europe, often without increasing consumer protection. By adding even tighter restrictions, the ePR is likely to further limit EU digital innovation.