The Internet of Things at the Intersection of Data Protection and Trade Secrets. Non-Conventional Paths to Counter Data Appropriation and Empower Consumers

(2020) 3 Revue européenne de droit de la consommation / European Journal of Consumer Law 419-458

32 Pages Posted: 12 Feb 2021

See all articles by Guido Noto La Diega

Guido Noto La Diega

University of Stirling; University of Connecticut

Cristiana Sappa

IÉSEG School of Management, Lille Campus

Date Written: 2020

Abstract

The Internet of Things (IoT) has heralded a never-before-seen quantity of high-quality data. This includes both personal and non-personal data. Factual and legal control over IoT data gives companies unparalleled power to influence consumers, policy makers, and the other stake-holders of the IoT’s supply chain. The combination of analytics algorithms, the data goldmine structure and the output of data processes are regularly kept secret by businesses. Leveraging this portfolio of big data and trade secrets, IoT companies put in place practices that can negatively affect consumers, who are often unaware of them due to technical and legal secrecy. ‘Technical’ secrecy results from the opacity of the algorithms that underpin the IoT, especially when AI-en-abled. ‘Legal’ secrecy, in turn, come from a combination of trade secrets and strategic contract management that keep IoT data practices secret. This begs the central research question of this article: how can consumers be empowered to counter IoT data appropriation?

Traditional consumer protection approaches, epitomised by the Consumer Rights Directive, are focused on pre-contractual duties to inform consumers. Their benefit to IoT consumers is limited by their reflecting a text-based paradigm, whereby information must be legible. This is not fit for the IoT, where displays tend to disappear and information is provided in audio or video formats. Consumer laws are drafted on the assumption of information asymmetries in business-to-consumer contracts, but they fail to account for the power imbalances that permeate IoT transactions. These power imbalances are exacerbated by control over a wealth of user data and corresponding granular knowledge of consumers’ vulnerabilities, behaviors, and biases. This knowledge can be used to impose opaque practices on consumers; among these, IoT data appropriation by means of trade secrets plays a key role.

Therefore, an emergent concern is whether the law provides tools that effectively safeguard consumers’ interests, in particular by ensuring substantial transparency as to the actual use of their personal data. How can this can be guaranteed, and the consumer empowered in a post-interface world of profoundly imbalanced relationships? The answer cannot be found solely within the trade secrets’ regime: data protection needs to be considered.

This article focuses on the trade secrets exceptions of legitimate interest and freedom of information, and on the General Data Protection Regulation (GDPR)’s rights to access, data portability, information, and not to be subject to solely automated decisions. We put forward that trade secrets’ exceptions and GDPR rights re-balance the interests of consumers vis-à-vis big IoT players such as Amazon. Specifically, they can positively contribute to transparency, consumers autonomy, information symmetry, data portability, and freedom of choice. We propose a holistic approach that empowers consumers by countering data appropriation, thus redistrib-uting data control.

Keywords: IoT, internet of things, law, regulation, consumer protection, consumer law, trade secrets, IP, GDPR, right of access, exceptions, transparency

JEL Classification: O34, K11, K13, K22, K33, K42

Suggested Citation

Noto La Diega, Guido and Sappa, Cristiana, The Internet of Things at the Intersection of Data Protection and Trade Secrets. Non-Conventional Paths to Counter Data Appropriation and Empower Consumers (2020). (2020) 3 Revue européenne de droit de la consommation / European Journal of Consumer Law 419-458, Available at SSRN: https://ssrn.com/abstract=3772700

Guido Noto La Diega (Contact Author)

University of Stirling ( email )

Pathfoot Building
Stirling Law School
STIRLING, Stirling FK9 4LA
United Kingdom

HOME PAGE: http://www.guidonotoladiega.com

University of Connecticut ( email )

Storrs, CT 06269-1063
United States

Cristiana Sappa

IÉSEG School of Management, Lille Campus ( email )

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
318
Abstract Views
1,504
Rank
173,118
PlumX Metrics