Megrendelés

Ibolya Stefán: Internet of Things and the protection of biometric data (IJ, 2021/2. (77.), 21-25. o.)

1. The influence of technological development on the regulatory framework of data protection

Many historic events originated from scientific and technical - later technological - developments, which phenomenon is expected to continue in the future. Steam machines and electricity were brought to mankind by the First and Second Industrial Revolution. While the widely known computer systems and automatization were created by the Digital - Third Industrial - Revolution in the second half of the XX[th] century. The ongoing Fourth Industrial Revolution - known as Industry 4.0[1] - aims to connect the digital and physical world and to establish cyber-physical systems. It should be noted that the mentioned novelties initially appeared in the industry, but they eventually have become an integral part of everyday life.

Artificial intelligence[2] (hereinafter, AI) has great significance these days as it appears in several fields of our lives. As software it can be discovered in virtual assistants, search engines or speech and face recognition systems, furthermore, the technology also exists in embodied form, integrated into various smart devices or drones. Although the technology carries positive effects, many people have concerns relating to AI, which derive from the nature of the novelty as opacity (lack of transparency) is one of its main characteristics.[3] This attribute is the result of the so-called black-box effect, which refers to those decisions of AI where the reasoning is not clear.[4]

First of all, it is important to describe the regulatory framework of biometric data, to do so we have to examine the right to protection of personal data. The fundamental right appears in 'the Charter of Fundamental Rights of the European Union', as follows: "Everyone has the right to the protection of personal data concerning him or her. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified."[5] The Charter is compulsory for the Member States of the European Union, since the 1[st] of December 2009, when the Treaty of Lisbon has come into force. The agreement states "The Union recognises the rights, freedoms and principles set out in the Charter of Fundamental Rights of the European Union of 7 December 2000, as adapted at Strasbourg, on 12 December 2007, which shall have the same legal value as the Treaties."[6]

In the context of Hungarian regulation, we need to mention the Fundamental Law of Hungary, which states that "Everyone shall have the right to the protection of his or her personal data, as well as to access and disseminate data of public interest."[7] The 'Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: General Data Protection Regulation)' and the 'Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information' (hereinafter: Privacy Act) help to ensure the protection of personal data as these documents regulate the method of data processing.

It is noteworthy to mention that the 2002/58/EC Directive 'Directive on privacy and electronic communication' does not include regulations regarding IoT systems, or smart devices as the technology was unknown a few years ago. To fill this gap the 'Proposal for a Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC' - known as Regulation on Privacy and Electronic Communications - mentions the system as it states that "this Regulation should apply to the transmission of machine-to-machine communications",[8] unfortunately, the document has not come into effect since 2017.

Another essential document is 'The impact of the General Data Protection on artificial intelligence', which examines how AI fits into the regulatory framework of GDPR, especially concerning the legal bases, principles, rights of the data subjects, profiling, and automated decision-making. The document also highlights the risks, challenges, and opportunities of the novelty.

This paper aims to examine the data protection issues of the manifestation of AI, namely the smart or IoT devices and more importantly the legal basics of data processing, especially the case of consent. We intend to study the legal framework of data protection and to describe smart devices, the structure of IoT systems. We also focus on an extremely specific issue, the case of special - biometric - data concerning consumers. Therefore, we define biometric technologies, their characteristics, and their most common forms of application.

2. About IoT

2.1. Understanding IoT systems

Before we examine the topic, it is necessary to define what can be considered smart devices and IoT. According to the 'Big Data and Smart Devices and Their Impact on Privacy' study for LIBE Committee[9] "Smart devices are electronic tools capable of operating interactively and autonomously; they are usually networked."[10] Moreover, the document states that in this context smart devices and IoT are related to each other as the concept of the latter is "a cluster of objects that are readable and/or controllable via the Internet or other technologies such as RFID; these objects sometimes communicate with each other without human interference."[11] According to the mentioned definitions, we can state that IoT is the interconnected system of smart devices, also called IoT devices, such as intelligent assistants or wearable smart devices. Consequently, the use of artificial intelligence is equally common in IoT and smart devices, as the technology uses Big Data collected by the devices or services to learn and teach itself - the often-used methods are deep learning (DL) or machine learning (ML)[12] -, to provide personalized service.[13]

To understand the IoT system it is essential to study its levels and layers. Levels are significant because they help to understand the architecture of IoT, meanwhile the layers describe the functions of each level. Pagallo, Durante and Monteleone examined the architecture of IoT, based on their research we can differentiate three levels of IoT:

1. Basic connectivity level "concerns the mechanisms that aim to establish physical and logical connection between systems".[14]

2. Network interoperability level is essential because it manages the communication between the above-mentioned systems.

3. Syntactic interoperability level is essential because it is responsible for the understanding of the data structure with respect to the previously mentioned systems.[15]

A teljes tartalom megtekintéséhez jogosultság szükséges.

A Jogkódex-előfizetéséhez tartozó felhasználónévvel és jelszóval is be tud jelentkezni.

Az ORAC Kiadó előfizetéses folyóiratainak „valós idejű” (a nyomtatott lapszámok megjelenésével egyidejű) eléréséhez kérjen ajánlatot a Szakcikk Adatbázis Plusz-ra!

Tartalomjegyzék

Visszaugrás

Ugrás az oldal tetejére