IoT and ePrivacy versus Industry 4.0
From the end of May of this year, the medially known GDPR regulation, which is intended to protect personal data, shall apply. In addition to this regulation, the so-called ePrivacy Regulation, which aims to ensure the user's privacy in machine and electronic communications between services and devices, was originally supposed to be effective on the same date. From GDPR, ePrivacy differs in the nature of the rule, its scope and, above all, materiality: rules are provided for processing data and technical metadata produced by systems and devices. However, the ePrivacy Regulation remains in the legislative process so far, and its date of effectiveness is currently showing the first quarter of next calendar year or even later.
In machine to machine communication, in which two services, devices or machines are "talking" together, a number of data is generated that do not necessarily have to fulfil the requirements for being personal data under existing legislation. The data is usually based on user behaviour and his needs, or comes from monitoring of situation. Such data and metadata are produced for example by Messenger, Skype and WhatsApp messaging services, as well as devices and machines for optimizing production or providing public services. Functions and services based on such nature have examples in smart cities, e.g. as operating of street lamps or in traffic control, where integrated sensors and traffic light technologies prefers vehicles of integrated rescue systems. EPrivacy aims on the issue of collecting and using such data in order to achieve the privacy of the concerned people.
This presentation focuses on the application of the current text of the ePrivacy Regulation in the industrial environment under Industry 4.0 initiative and the Internet of Things, including possible controversies brought about by the Regulation: in particular the legality of data processing, legality of monitoring related to data transfer and data storage in terminal equipment, confidentiality of communications sent through electronic means and application problems in emerging markets.
JUDr. Josef Donát, LLM, Partner, ROWAN LEGAL
Josef Donát, holder of the prestigious Lawyer of the Year award in the field of ICT law for 2014, is the head of the ICT Law specialization at the ROWAN LEGAL. Josef has been involved in large-scale projects in the field of IT outsourcing, cloud computing, electronic evidence, cyber protection, privacy and the provision of information systems. Recently, Josef has focused on the impact of the eIDAS and GDPR provisions and on the legal aspects of e-commerce. He has led teams, for instance, in the preparation of contractual documentation to ensure global data connectivity of a multinational banking group. He has assisted in one of the largest outsourcing projects of IT infrastructure and applications in the Czech Republic, as well as providing legal assistance to two of the top three banks in the Czech Republic in determining elements of Critical Information Infrastructure in accordance with the law on cybersecurity.
He is leading author of the Commentary on eIDAS (C. H. Beck, 2017), the unique publication Právo v síti: Průvodce právem na internetu (Law in the network: the guide for the internet law, C. H. Beck, 2016) and co-author of the first Czech Commentary on GDPR (Wolters Kluwer, 2017).