Could the CE marking be relevant to enforce privacy by design in the internet of things

Research output: Chapter in Book/Report/Conference proceedingChapterScientificpeer-review

Abstract

This paper aims at evaluating the relevance of using the CE marking process to enforce Data Protection by Design principles suggested by Article 23 of the proposed General Data Protection Regulation in connected devices involved in the Internet of Things. The CE marking is a conformity assessment process has been designed by the European Commission during the 1980s to allow manufacturers to voluntarily demonstrate their compliance with mandatory regulations on safety, health and environment. This process offers some interesting features for the enforcement of data protection rules in products especially in the context of the globalization of trade. It promoted a co-regulation process between public and private stakeholders and contributed to the spreading of European technical standards worldwide. However, it does not fully address data protection issues raised by the IoT and it has been criticized for its lack of reliability. Moreover, this process has never been designed to include an unlimited list of requirements and adding data protection requirements could undermine it. Another option might be to transform the CE marking in an overarching European mark housing different certification schemes dedicated to the compliance of products. This option might preserve the existing process and offer the opportunity to set up a scheme arranged according a similar process but dedicated to the enforcement of Data Protection by Design principles.
Original languageEnglish
Title of host publicationData protection on the move
EditorsSerge Gutwirth, Ronald Leenes, Paul De Hert
Place of PublicationDordrecht
PublisherSpringer
Pages135-162
Number of pages28
ISBN (Electronic)978-94-017-7376-8
ISBN (Print)978-94-017-7375-1
DOIs
Publication statusPublished - 1 Mar 2016

Publication series

NameLaw, Governance and Technology Series
PublisherSpringer
Volume24
ISSN (Print)2352-1929
ISSN (Electronic)2352-1910

Fingerprint

Data privacy
Internet of things
Health

Keywords

  • certification
  • certification mechanisms
  • IoT

Cite this

Lachaud, E. (2016). Could the CE marking be relevant to enforce privacy by design in the internet of things. In S. Gutwirth, R. Leenes, & P. De Hert (Eds.), Data protection on the move (pp. 135-162). (Law, Governance and Technology Series; Vol. 24). Dordrecht: Springer. https://doi.org/10.1007/978-94-017-7376-8_6
Lachaud, Eric. / Could the CE marking be relevant to enforce privacy by design in the internet of things. Data protection on the move. editor / Serge Gutwirth ; Ronald Leenes ; Paul De Hert. Dordrecht : Springer, 2016. pp. 135-162 (Law, Governance and Technology Series).
@inbook{162aacbfe3e14fe083104951d127a131,
title = "Could the CE marking be relevant to enforce privacy by design in the internet of things",
abstract = "This paper aims at evaluating the relevance of using the CE marking process to enforce Data Protection by Design principles suggested by Article 23 of the proposed General Data Protection Regulation in connected devices involved in the Internet of Things. The CE marking is a conformity assessment process has been designed by the European Commission during the 1980s to allow manufacturers to voluntarily demonstrate their compliance with mandatory regulations on safety, health and environment. This process offers some interesting features for the enforcement of data protection rules in products especially in the context of the globalization of trade. It promoted a co-regulation process between public and private stakeholders and contributed to the spreading of European technical standards worldwide. However, it does not fully address data protection issues raised by the IoT and it has been criticized for its lack of reliability. Moreover, this process has never been designed to include an unlimited list of requirements and adding data protection requirements could undermine it. Another option might be to transform the CE marking in an overarching European mark housing different certification schemes dedicated to the compliance of products. This option might preserve the existing process and offer the opportunity to set up a scheme arranged according a similar process but dedicated to the enforcement of Data Protection by Design principles.",
keywords = "certification, certification mechanisms, IoT",
author = "Eric Lachaud",
year = "2016",
month = "3",
day = "1",
doi = "10.1007/978-94-017-7376-8_6",
language = "English",
isbn = "978-94-017-7375-1",
series = "Law, Governance and Technology Series",
publisher = "Springer",
pages = "135--162",
editor = "Gutwirth, {Serge } and Ronald Leenes and {De Hert}, Paul",
booktitle = "Data protection on the move",

}

Lachaud, E 2016, Could the CE marking be relevant to enforce privacy by design in the internet of things. in S Gutwirth, R Leenes & P De Hert (eds), Data protection on the move. Law, Governance and Technology Series, vol. 24, Springer, Dordrecht, pp. 135-162. https://doi.org/10.1007/978-94-017-7376-8_6

Could the CE marking be relevant to enforce privacy by design in the internet of things. / Lachaud, Eric.

Data protection on the move. ed. / Serge Gutwirth; Ronald Leenes; Paul De Hert. Dordrecht : Springer, 2016. p. 135-162 (Law, Governance and Technology Series; Vol. 24).

Research output: Chapter in Book/Report/Conference proceedingChapterScientificpeer-review

TY - CHAP

T1 - Could the CE marking be relevant to enforce privacy by design in the internet of things

AU - Lachaud, Eric

PY - 2016/3/1

Y1 - 2016/3/1

N2 - This paper aims at evaluating the relevance of using the CE marking process to enforce Data Protection by Design principles suggested by Article 23 of the proposed General Data Protection Regulation in connected devices involved in the Internet of Things. The CE marking is a conformity assessment process has been designed by the European Commission during the 1980s to allow manufacturers to voluntarily demonstrate their compliance with mandatory regulations on safety, health and environment. This process offers some interesting features for the enforcement of data protection rules in products especially in the context of the globalization of trade. It promoted a co-regulation process between public and private stakeholders and contributed to the spreading of European technical standards worldwide. However, it does not fully address data protection issues raised by the IoT and it has been criticized for its lack of reliability. Moreover, this process has never been designed to include an unlimited list of requirements and adding data protection requirements could undermine it. Another option might be to transform the CE marking in an overarching European mark housing different certification schemes dedicated to the compliance of products. This option might preserve the existing process and offer the opportunity to set up a scheme arranged according a similar process but dedicated to the enforcement of Data Protection by Design principles.

AB - This paper aims at evaluating the relevance of using the CE marking process to enforce Data Protection by Design principles suggested by Article 23 of the proposed General Data Protection Regulation in connected devices involved in the Internet of Things. The CE marking is a conformity assessment process has been designed by the European Commission during the 1980s to allow manufacturers to voluntarily demonstrate their compliance with mandatory regulations on safety, health and environment. This process offers some interesting features for the enforcement of data protection rules in products especially in the context of the globalization of trade. It promoted a co-regulation process between public and private stakeholders and contributed to the spreading of European technical standards worldwide. However, it does not fully address data protection issues raised by the IoT and it has been criticized for its lack of reliability. Moreover, this process has never been designed to include an unlimited list of requirements and adding data protection requirements could undermine it. Another option might be to transform the CE marking in an overarching European mark housing different certification schemes dedicated to the compliance of products. This option might preserve the existing process and offer the opportunity to set up a scheme arranged according a similar process but dedicated to the enforcement of Data Protection by Design principles.

KW - certification

KW - certification mechanisms

KW - IoT

U2 - 10.1007/978-94-017-7376-8_6

DO - 10.1007/978-94-017-7376-8_6

M3 - Chapter

SN - 978-94-017-7375-1

T3 - Law, Governance and Technology Series

SP - 135

EP - 162

BT - Data protection on the move

A2 - Gutwirth, Serge

A2 - Leenes, Ronald

A2 - De Hert, Paul

PB - Springer

CY - Dordrecht

ER -

Lachaud E. Could the CE marking be relevant to enforce privacy by design in the internet of things. In Gutwirth S, Leenes R, De Hert P, editors, Data protection on the move. Dordrecht: Springer. 2016. p. 135-162. (Law, Governance and Technology Series). https://doi.org/10.1007/978-94-017-7376-8_6