Design a site like this with
Get started

The Internet of Things at the intersection of data protection and trade secrets. Non-conventional paths to counter data appropriation and empower consumers

The Internet of Things (IoT) has heralded a never-before-seen quantity of high-quality data. This includes both personal and non-personal data. Factual and legal control over IoT data gives companies unparalleled power to influence consumers, policy makers, and the other stakeholders of the IoT’s supply chain. The combination of analytics algorithms, the data goldmine structure and the output of data processes are regularly kept secret by businesses. Leveraging this portfolio of big data and trade secrets, IoT companies put in place practices that can negatively affect consumers, who are often unaware of them due to technical and legal secrecy. ‘Technical’ secrecy results from the opacity of the algorithms that underpin the IoT, especially when AI-enabled. ‘Legal’ secrecy, in turn, come from a combination of trade secrets and strategic contract management that keep IoT data practices secret. This begs the central research question of this article: how can consumers be empowered to counter IoT data appropriation?

Traditional consumer protection approaches, epitomised by the Consumer Rights Directive, are focused on pre-contractual duties to inform consumers. Their benefit to IoT consumers is limited by their reflecting a text-based paradigm, whereby information must be legible. This is not fit for the IoT, where displays tend to disappear and information is provided in audio or video formats. Consumer laws are drafted on the assumption of information asymmetries in business-to-consumer contracts, but they fail to account for the power imbalances that permeate IoT transactions. These power imbalances are exacerbated by control over a wealth of user data and corresponding granular knowledge of consumers’ vulnerabilities, behaviors, and biases. This knowledge can be used to impose opaque practices on consumers; among these, IoT data appropriation by means of trade secrets plays a key role.

Therefore, an emergent concern is whether the law provides tools that effectively safeguard consumers’ interests, in particular by ensuring substantial transparency as to the actual use of their personal data. How can this can be guaranteed, and the consumer empowered in a post-interface world of profoundly imbalanced relationships? The answer cannot be found solely within the trade secrets’ regime: data protection needs to be considered.

This article focuses on the trade secrets exceptions of legitimate interest and freedom of information, and on the General Data Protection Regulation (GDPR)’s rights to access, data portability, information, and not to be subject to solely automated decisions. We put forward that trade secrets’ exceptions and GDPR rights re-balance the interests of consumers vis-à-vis big IoT players such as Amazon. We propose a holistic approach that empowers consumers by countering data appropriation, thus redistributing data control.

This article will be presented by my co-author Prof. Cristiana Sappa (IESEG) at the Society of Legal Scholars Conference (1-4 September 2020), in the Intellectual Property session. You can still register here!

Published by guidonld

I am Associate Professor of Intellectual Property Law and Privacy Law at the University of Stirling, Faculty of Arts and Humanities, where I lead the Media Law and Information Technology Law courses. I am an expert in the legal issues of Internet of Things, Artificial Intelligence, cloud computing, robotics, and blockchain. Holder of a PhD (Unipa), a postdoc (QMUL), and an HEA Fellowship, I have a strong publication and bidding record and my works on Intellectual Property, Data Protection, Information Technology Law, Consumer Protection, and Human Rights have been cited by the EU Court of Justice’s Advocate General, the House of Lords, the European Commission, and the Council of Europe. Outside of the University of Stirling, I am Director of ‘Ital-IoT’ Centre of Multidisciplinary Research on the Internet of Things, Visiting Professor at the University of Macerata, Fellow of the Nexa Center for Internet and Society, Fellow of NINSO Northumbria Internet & Society Research Group, and I serve on the Executive Committee of the Society of Legal Scholars, the oldest and largest society of law academics in the UK and the Republic of Ireland. Most of my publications can be downloaded for free on SSRN, ResearchGate,, and LawArXiv.

One thought on “The Internet of Things at the intersection of data protection and trade secrets. Non-conventional paths to counter data appropriation and empower consumers

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: