Abstract:

The “Internet of Bodies” is turning into a popular catchphrase to
describe the next generation of the Internet of Things – the move from
a collection of everyday objects connected to the Internet and each
other to a scenario, where those devices are attached to, or
incorporated into, the human body with a view to collect and provide a
constant stream of information about an individuals’ health or bodily
functions. Those devices could be part of a medical treatment process
(like pace makers, cochlear implants, digital pills, etc.), medical
research or physical enhancement. The choices, as they say, are
endless, as are the potential reasons why individuals may decide to
use or subject their bodies to those devices.

This means that the Internet of Bodies raises much (and many of) of
the same privacy issues and concerns that we have already observed in
connection to the Internet of Things, multiplied by the power of n
because the majority of the data collected and processed will firmly
fall into the category of “sensitive personal data” that has long
received particular protection under EU data protection law. What
measures do we need to put in place to ensure that the established
principles of data minimization, purpose limitation and limited
retention are met? On what legal basis can we justify the collection
of this data in the first place? Where the data collection is based on
the individual’s consent, how can this consent be voluntary in
situations where the choice might be between a life-saving
intervention and a refusal to use IoB devices? What other pressures
– well known from the use of other IoT enabled devices (convenience,
cost-saving, etc.) might motivate an individual to consent to their
use? What further use might the medical establishment, including the
research and the insurance sector envisage for this type of data?
How do we ensure not just device (IT) security but the security of
the information collected?

This talk will look at the prima facie privacy and data protection
issues of “everyday cyborgs” while trying to stay clear – for now –
from some of the more apocalyptic scenarios currently bandied about in
the media. But even on that basis, the question must be asked: The
Internet of Bodies – What could possibly go wrong?

Speaker Bio:

Judith Rauhofer is a Lecturer in IT Law at the University of Edinburgh
and an Associate Director of the Centre for Studies of Intellectual
Property and Technology Law (SCRIPT).

Her research interests include the commercial and fundamental rights
aspects of online privacy and electronic surveillance, data
protection, information security and all areas of e-commerce and
internet law and policy. Judith is particularly interested in
exploring the tensions between privacy as an individual right and as a
common good.

Judith is qualified as a Rechtsanwalt in Germany and as a solicitor in
England and Wales. She has worked in legal practice for several years,
advising clients from the media and new media industries on aspects of
e-commerce, data protection and IT law.

Judith is the founding editor of the European Data Protection Law
Review and a member of the Executive Committee of the British and
Irish Law, Education and Technology Association (BILETA). She also
works closely with digital rights organisations as a member of the
Advisory Councils to the Open Rights Group (ORG) and the foundation
for information policy research (fipr).