Complying with the GDPR when vulnerable people use smart devices
The number of smart home devices is increasing. They are used by vulnerable people regardless of whether they are designed specifically for them or for the general population (for example, smart door locks, smart alarms or voice assistants). This PhD focusses on children and inherently vulnerable ad...
| Main Author: | |
|---|---|
| Format: | Thesis (University of Nottingham only) |
| Language: | English |
| Published: |
2022
|
| Subjects: | |
| Online Access: | https://eprints.nottingham.ac.uk/69888/ |
| _version_ | 1848800591225028608 |
|---|---|
| author | Piasecki, Stanislaw |
| author_facet | Piasecki, Stanislaw |
| author_sort | Piasecki, Stanislaw |
| building | Nottingham Research Data Repository |
| collection | Online Access |
| description | The number of smart home devices is increasing. They are used by vulnerable people regardless of whether they are designed specifically for them or for the general population (for example, smart door locks, smart alarms or voice assistants). This PhD focusses on children and inherently vulnerable adults, and analyses how to comply with the General Data Protection Regulation (GDPR) when the latter use smart products, with a particular focus on the UK through references made to the Information Commissioner’s Office guidelines and reports. Complying with the GDPR provisions related to the processing of vulnerable people’s data would be beneficial not only for the latter but also for organisations developing and deploying smart devices. This thesis argues in favour of protecting vulnerable people’s data by design and default in every smart product. The objective of this work is also to draw attention to the need of thinking about vulnerability across all data protection principles and to propose solutions on how to effectively comply with the GDPR in this context.
This PhD contains a legal doctrinal chapter, an empirical part (interviewing lawyers and technologists working within the smart home field) as well as a chapter related to theoretical debates and privacy enhancing technologies (PETs).
In the doctrinal chapter, research into data protection law and legal concepts is conducted to understand the current legal landscape, guidelines and opinions related to this field of study. Personal data can be processed only if an appropriate legal basis is chosen and all of its conditions are met, and if all GDPR principles are respected. In this part of the thesis, the most relevant data protection law provisions in the context of the use of smart products by vulnerable people are identified and discussed.
The empirical chapter introduces information gathered through semi-structured interviews conducted with UK and international professionals in the field of data protection law and technology design, with a focus on the smart home context. Those discussions gave various insights and perspectives into how the two communities view intricate practical data protection challenges.
The chapter related to theoretical debates and PETs analyses personal information management systems (PIMS) in order to understand how to protect and manage vulnerable people’s data more effectively in smart homes and, as a result, enhance compliance with data protection law. Relying on PETs to safeguard vulnerable people’s personal data could lead to questions as to the normative grounds for this technological approach. By examining debates such as privacy-as-confidentiality versus privacy-as-control, this thesis explains why edge computing PIMS could help in improving GDPR compliance while underlining that designers of PIMS need to consider the consequences of implementing different privacy paradigms. |
| first_indexed | 2025-11-14T20:53:59Z |
| format | Thesis (University of Nottingham only) |
| id | nottingham-69888 |
| institution | University of Nottingham Malaysia Campus |
| institution_category | Local University |
| language | English |
| last_indexed | 2025-11-14T20:53:59Z |
| publishDate | 2022 |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | nottingham-698882023-01-01T04:30:23Z https://eprints.nottingham.ac.uk/69888/ Complying with the GDPR when vulnerable people use smart devices Piasecki, Stanislaw The number of smart home devices is increasing. They are used by vulnerable people regardless of whether they are designed specifically for them or for the general population (for example, smart door locks, smart alarms or voice assistants). This PhD focusses on children and inherently vulnerable adults, and analyses how to comply with the General Data Protection Regulation (GDPR) when the latter use smart products, with a particular focus on the UK through references made to the Information Commissioner’s Office guidelines and reports. Complying with the GDPR provisions related to the processing of vulnerable people’s data would be beneficial not only for the latter but also for organisations developing and deploying smart devices. This thesis argues in favour of protecting vulnerable people’s data by design and default in every smart product. The objective of this work is also to draw attention to the need of thinking about vulnerability across all data protection principles and to propose solutions on how to effectively comply with the GDPR in this context. This PhD contains a legal doctrinal chapter, an empirical part (interviewing lawyers and technologists working within the smart home field) as well as a chapter related to theoretical debates and privacy enhancing technologies (PETs). In the doctrinal chapter, research into data protection law and legal concepts is conducted to understand the current legal landscape, guidelines and opinions related to this field of study. Personal data can be processed only if an appropriate legal basis is chosen and all of its conditions are met, and if all GDPR principles are respected. In this part of the thesis, the most relevant data protection law provisions in the context of the use of smart products by vulnerable people are identified and discussed. The empirical chapter introduces information gathered through semi-structured interviews conducted with UK and international professionals in the field of data protection law and technology design, with a focus on the smart home context. Those discussions gave various insights and perspectives into how the two communities view intricate practical data protection challenges. The chapter related to theoretical debates and PETs analyses personal information management systems (PIMS) in order to understand how to protect and manage vulnerable people’s data more effectively in smart homes and, as a result, enhance compliance with data protection law. Relying on PETs to safeguard vulnerable people’s personal data could lead to questions as to the normative grounds for this technological approach. By examining debates such as privacy-as-confidentiality versus privacy-as-control, this thesis explains why edge computing PIMS could help in improving GDPR compliance while underlining that designers of PIMS need to consider the consequences of implementing different privacy paradigms. 2022-12-31 Thesis (University of Nottingham only) NonPeerReviewed application/pdf en cc_by https://eprints.nottingham.ac.uk/69888/1/Stanislaw_Piasecki_PhD_Thesis.pdf Piasecki, Stanislaw (2022) Complying with the GDPR when vulnerable people use smart devices. PhD thesis, University of Nottingham. Data protection law Compliance Internet of things Smart devices Vulnerable people Children Privacy enhancing technologies Personal information management systems |
| spellingShingle | Data protection law Compliance Internet of things Smart devices Vulnerable people Children Privacy enhancing technologies Personal information management systems Piasecki, Stanislaw Complying with the GDPR when vulnerable people use smart devices |
| title | Complying with the GDPR when vulnerable people use smart devices |
| title_full | Complying with the GDPR when vulnerable people use smart devices |
| title_fullStr | Complying with the GDPR when vulnerable people use smart devices |
| title_full_unstemmed | Complying with the GDPR when vulnerable people use smart devices |
| title_short | Complying with the GDPR when vulnerable people use smart devices |
| title_sort | complying with the gdpr when vulnerable people use smart devices |
| topic | Data protection law Compliance Internet of things Smart devices Vulnerable people Children Privacy enhancing technologies Personal information management systems |
| url | https://eprints.nottingham.ac.uk/69888/ |