Could the CE Marking Be Relevant to Enforce Privacy by Design in the Internet of Things?

Abstract

This paper aims at evaluating the relevance of using the CE marking pro-cess to enforce Data Protection by Design principles suggested by Article 23 of the proposed General Data Protection Regulation in connected devices involved in the Internet of Things. The CE marking is a conformity assessment process (A quick presentation of the basic principles of the CE marking is available on the website of the European Commission. Accessed June 14, 2015 http://europa.eu/legislation_ summaries/other/l21013_en.htm. More information can be found within the recently updated guide issued by the European Commission's " Guide to the implementation of directives based on the New Approach and the Global Approach " , 2014. Accessed May 21, 2015 http://ec.europa.eu/enterprise/newsroom/cf/itemdetail.cfm?item_ id=7326.) designed by the European Commission during the 1980s to allow manu-facturers to voluntarily demonstrate their compliance with mandatory regulations on safety, health and environment. This process offers some interesting features for the enforcement of data protection rules in products especially in the context of the glo-balization of trade. It promoted a co-regulation process between public and private stakeholders and contributed to the spreading of European technical standards world-wide. However, it does not fully address data protection issues raised by the IoT and it has been criticized for its lack of reliability. Moreover, this process has never been designed to include an unlimited list of requirements and adding data protec-tion requirements could undermine it. Another option might be to transform the CE marking in an overarching European mark housing different certification schemes dedicated to the compliance of products. This option might preserve the existing pro-cess and offer the opportunity to set up a scheme arranged according a similar pro-cess but dedicated to the enforcement of Data Protection by Design principles.