The Internet of Things (IoT) has heralded a never-before-seen quantity of high-quality data. This includes both personal and non-personal data. Factual and legal control over IoT data gives companies unparalleled power to influence consumers, policy makers, and the other stakeholders of the IoT’s supply chain. The combination of analytics algorithms, the data goldmine structure and the output of data processes are regularly kept secret by businesses. Leveraging this portfolio of big data and trade secrets, IoT companies put in place practices that can negatively affect consumers, who are often unaware of them due to technical and legal secrecy. ‘Technical’ secrecy results from the opacity of the algorithms that underpin the IoT, especially when AI-enabled. ‘Legal’ secrecy, in turn, come from a combination of trade secrets and strategic contract management that keep IoT data practices secret. This begs the central research question of this article: how can consumers be empowered to counter IoT data appropriation?
Traditional consumer protection approaches, epitomised by the Consumer Rights Directive, are focused on pre-contractual duties to inform consumers. Their benefit to IoT consumers is limited by their reflecting a text-based paradigm, whereby information must be legible. This is not fit for the IoT, where displays tend to disappear and information is provided in audio or video formats. Consumer laws are drafted on the assumption of information asymmetries in business-to-consumer contracts, but they fail to account for the power imbalances that permeate IoT transactions. These power imbalances are exacerbated by control over a wealth of user data and corresponding granular knowledge of consumers’ vulnerabilities, behaviors, and biases. This knowledge can be used to impose opaque practices on consumers; among these, IoT data appropriation by means of trade secrets plays a key role.
Therefore, an emergent concern is whether the law provides tools that effectively safeguard consumers’ interests, in particular by ensuring substantial transparency as to the actual use of their personal data. How can this can be guaranteed, and the consumer empowered in a post-interface world of profoundly imbalanced relationships? The answer cannot be found solely within the trade secrets’ regime: data protection needs to be considered.
This article focuses on the trade secrets exceptions of legitimate interest and freedom of information, and on the General Data Protection Regulation (GDPR)’s rights to access, data portability, information, and not to be subject to solely automated decisions. We put forward that trade secrets’ exceptions and GDPR rights re-balance the interests of consumers vis-à-vis big IoT players such as Amazon. We propose a holistic approach that empowers consumers by countering data appropriation, thus redistributing data control.
This article will be presented by my co-author Prof. Cristiana Sappa (IESEG) at the Society of Legal Scholars Conference (1-4 September 2020), in the Intellectual Property session. You can still register here!