Could the CE marking be relevant to enforce privacy by design in the internet of things

Eric Lachaud

Research output: Chapter in Book/Report/Conference proceedingChapterScientificpeer-review


This paper aims at evaluating the relevance of using the CE marking process to enforce Data Protection by Design principles suggested by Article 23 of the proposed General Data Protection Regulation in connected devices involved in the Internet of Things. The CE marking is a conformity assessment process has been designed by the European Commission during the 1980s to allow manufacturers to voluntarily demonstrate their compliance with mandatory regulations on safety, health and environment. This process offers some interesting features for the enforcement of data protection rules in products especially in the context of the globalization of trade. It promoted a co-regulation process between public and private stakeholders and contributed to the spreading of European technical standards worldwide. However, it does not fully address data protection issues raised by the IoT and it has been criticized for its lack of reliability. Moreover, this process has never been designed to include an unlimited list of requirements and adding data protection requirements could undermine it. Another option might be to transform the CE marking in an overarching European mark housing different certification schemes dedicated to the compliance of products. This option might preserve the existing process and offer the opportunity to set up a scheme arranged according a similar process but dedicated to the enforcement of Data Protection by Design principles.
Original languageEnglish
Title of host publicationData protection on the move
EditorsSerge Gutwirth, Ronald Leenes, Paul De Hert
Place of PublicationDordrecht
Number of pages28
ISBN (Electronic)978-94-017-7376-8
ISBN (Print)978-94-017-7375-1
Publication statusPublished - 1 Mar 2016

Publication series

NameLaw, Governance and Technology Series
ISSN (Print)2352-1929
ISSN (Electronic)2352-1910


  • certification
  • certification mechanisms
  • IoT


Dive into the research topics of 'Could the CE marking be relevant to enforce privacy by design in the internet of things'. Together they form a unique fingerprint.

Cite this