Abstract [eng] |
Regulation of the Internet of Things (IoT) under the EU General Data Protection Regulation First, the thesis analyses to what extent GDPR is applied in the Internet of Things, due to the features of the Internet of Things and the specifics of the data collected by it. Later in the work, the application of separate BDAR norms to the Internet of Things is examined. Throughout the paper, soft law sources, in particular, the opinions and guidelines of the Article 29 EU Working Party also international legal doctrine were used to examine and identify problematic aspects of the application of GDPR in the Internet of Things. The master's thesis examines the problematic aspects of properly applying data protection principles enshrined in GDPR to the Internet of Things. The studied principles are: legality, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, accountability and the obligation to have a data processing basis. The thesis also examines how the rights of data subjects to be informed about data processing, to object to data processing, to restrict data processing, to be forgotten, to access and rectify data and the right to data portability are ensured in the Internet of Things. These rights are also analysed in the light of the fact that personal data on the Internet of Things are processed by automated means (including profiling). Given the nature of the IoT and the importance of ensuring the principle of transparency, the IoT trust between the controller and the data subject the author analyses some of the requirements of the GDPR: the obligation to report a data breach, the data protection impact assessment, the obligation to have a data protection officer. |