A study of the nature of private data in the performance mechanism of IoT technology tools
Subject Areas : Policy-making and implementation of sustainable development in all areashosein sadeghi 1 , Mahdi Naser 2
1 - University of Tehran
2 -
Keywords: Personal data, IoT technology, Processing, Blockchain technology, Identification Criteria, EU Law,
Abstract :
The invention of Internet of Things technology and its application has led to the development of industry and trade in countries. Tools that include Internet of Things technology are tools that enable simulation of human performance by tools by embedding multiple stimuli and sensors. But the mechanism of action of these tools has challenges in maintaining the security of private information. The first issue in this regard is the necessity of nature and separation of private data of the non-private type. In the Iranian legal system, the only legal document in this field is Article 58 of Electronic Commerce Law, and the ambiguous text of this article has challenged the identification of this type of data. In this article, for an unknown reason, by separating the types of private data, not only has nature of this data been disrupted, but only a specific category of this data has been subject to the terms of the article for processing and no other provisions have been established. Is. However, in European Union, there are relatively comprehensive regulations in field of identifying the nature of private data, four criteria of identification based on the nature of the data processed, the purposes of using the processed data, concept of nicknamed data and Encrypted data exchanged in decentralized platforms (including China blockchain technology) has been identified as the criterion for identifying this type of data. Application of these criteria by policymakers in Iran could be the solution to many of the challenges ahead..
1- فرحزادی، علی اکبر، ناصر، مهدی، سازوکار جبران جمعی خسارات ناشی از نقض قواعد امنیتی آییننامۀ عمومی حفاظت از اطلاعات اتحادیۀ اروپا و امکان سنجی اجرای آن در حقوق ایران، دو فصلنامه حقوق خصوصی، دوره 16، شماره 2،صص 413-433، 1398
2- Lachlan Urquhart, Tom Lodge, Andy Crabtree, Demonstrably doing accountability in the Internet of Things,International Journal of Law and Information Technology,Volume27, Issue1, pp 1-33, 2019
3- Wagner Julian, The transfer of personal data to third countries under the GDPR: when does a recipient country provide an adequate level of protection?,International Data Privacy Law, online Edition:https://academic.oup.com › advance-article-pdf › doi › idpl › ipy008 › ipy008, 2019
4- Finck Michèle,Pallas Frank, »They who must not be identified—distinguishing personal from non-personal data under the GDPR«,International Data Privacy Law,Volume10,Issue1,February,pp11–36, 2020
5- Ryngaert C &van Eijk N, »International cooperation by (European) security and intelligence services: reviewing the creation of a joint database in light of data protection guarantees«,International Data Privacy Law,Volume9,Issue1,February,pp61–73, 2019
6- Altman, Micah &Etc,»Practical approaches to big data privacy over time«, International Data Privacy Law,Volume8,Issue1,February,pp29–51, 2018
7- van der Sloot, Bart, ‘Do Privacy and Data Protection Rules Apply to Legal Persons and Should They? A Proposal for a Two-tiered System’, 31 Computer Law and Security Review, Volume 13, Issue 8, pp 18-34, 2017
8- European Commission, The Article 29 Working Party Ceased to Exist as of 25 May 2018, https://ec.europa.eu/newsroom/article29/item detail. Cfm ? item id=629492, (accessed 13 Nov2019)
9- Data Protection Commission, ‘Guidance on Anonymisation and Pseudonymisation’ https://www.dataprotection.ie/sites/ default/files/uploads/2019-06/190614%20Anonymisation%20and% 20Pseudonymisation.pdf , (accessed 9 January 2020)
10- European Commission, Communication from the Commission to the European Parliament and the Council, Exchanging and Protecting Personal Data in a GlobalisedWorld,online Edition: https://ec.europa.eu › newsroom › document, ,(accessed 12 May 2020)
11- Deliberation of the Restricted Committee SAN-2019-001, pronouncing a financial sanction against GOOGLE LLC, ONLINE Edition available at: http//:www.cnil.fr, ,(accessed 12 May 2020)
12- E. Blythe Stephen, »Hungary's Electronic Signature Act: Enhancing Economic Development with Secure Electronic Commerce Transactions«, School of Management, New York Institute of Technology, USA, Volume8,Issue3,Automn, pp 47-58, 2007
13- Levy, Karen E. C., Book-Smart, Not Street-Smart: Blockchain-Based Smart Contracts and The Social Workings of Law, online Edition available at: www.SSRN.com, pp 1-11, 2017
14- O’Shields Reggie, Smart Contracts: Legal Agreements for the Blockchain, North Carolina Banking Institute,volume21, Issue 4, pp 1-13, 2017
15- Kuan Hon, ‘The Problem of “Personal Data” in Cloud Computing: What Information Is Regulated? - The Cloud of Unknowing’ 1 International Data Privacy Law, Volume3, Issue2, March, pp11–36, 2017