The Internet of Things and EU Law

This book offers a comprehensive and holistic analysis of the cybersecurity, privacy & data protection challenges entailed by IoT devices in EU law. A working definition and three-layered architecture taxonomy of the ‘Internet of Things’ are provided, together with a state-of-the-art threat landscape in which each specific attack is linked to a layer of the IoT taxonomy.

In a scenario where IoT devices physically interact with individuals, the book disentangles the legal, ethical and technical aspects of the concepts of ‘(cyber)security’ and ‘safety’, as the former now affects the latter more than ever before. To this end, a normative analysis aims to explore the concepts of ‘cybersecurity’, ‘safety’ and ‘privacy’ against the background of the ‘IoT revolution’.

Building on the outcomes of this normative analysis, the work then addresses from a legal perspective the rapidly evolving EU cybersecurity legal frameworks, particularly taking into account the specific issues related to the IoT, both in terms of technology and the market dynamics of the stakeholders involved. On a different level, the book also investigates three legal challenges raised by the ubiquitous IoT data and metadata processing to EU privacy and data protection laws.

After having examined the manifold IoT ‘security & privacy’ risks, the discussion focuses on how to assess them, by giving particular attention to the risk management tool enshrined in EU data protection law (i.e., the Data Protection Impact Assessment). Accordingly, an original DPIA methodology for IoT devices is proposed.

This book will appeal to researchers in IT law, EU cybersecurity & data protection law, and more generally, to anyone interested in finding out how EU cybersecurity and data protection law is responding to the manifold regulatory and compliance issues associated with connected devices.

Pier Giorgio Chiara holds a master degree in Law at the University of Turin (2019). From November 2019 to November 2022, he was a Ph.D. researcher in the LAST–JD–RIoE programme, funded by the EU Horizon 2020 Marie Sklodowska–Curie ITN actions, at the University of Luxembourg (main) and Bologna and Turin in cotutelle. In 2023, he successfully defended (with highest grade, ie excellent) his doctoral thesis, on the multiple cybersecurity and privacy issues of IoT devices. He published several articles in various international prestigious journals and attended different international conferences. Pier Giorgio is currently a (junior) Assistant Professor in legal informatics at University of Bologna, School of Law and Cirsfid-Alma AI center. His research focuses primarily on the regulation of new technology, particularly in the field of cybersecurity, as well as the normative impacts (ethical, legal and social) of the 'digital revolution'.