The Internet of Things and the Meaning of “Personal Data”: A Case Study in Regulation for Rights

The Internet of Things and the Meaning of “Personal Data”: A Case Study in Regulation for Rights

Richardson, M, Clifford, D, Clark, K & Bosua, R forthcoming, ‘The Internet of Things and the Meaning of “Personal Data”: A Case Study in Regulation for Rights’, special issue on Internet of Things and Consumer Protection in Revue européenne de droit de la consommation.

This article considers the different meanings of “personal data”/“personal information” in modern data protection regimes. It notes that legislative meaning as framed, construed and applied is not necessarily treated as corresponding directly to common lexical meaning. Indeed, it often reflects a policy choice about what should be regulated and conversely what should be treated as beyond regulation. The meaning ascribed to “personal data”/“personal information” as set out in a data protection regime and deployed in policy decisions by commissioners and courts offers an example of meaning more or less shaped by considerations of rights. Specifically, the article considers the meaning of “personal data” with respect to data processing by the Internet of Things (IoT), suggesting that the treatment of such data as “personal data” provides a useful case study on policy decisions to seek to regulate, or not, the processing of data under a modern data protection regime. As to relevant policies, the article argues that a broad flexible definition of “personal data” fits well with a human rights approach (and need not be inconsistent with an economic approach to rights) but this does not preclude, and ideally should be combined with, a rigorous economic approach to the question of how regulation can be designed to efficiently foster innovation and minimise harm in the most cost-effective way.