Complying with the GDPR when vulnerable people use smart devices

Abstract

The number of smart home devices is increasing. They are used by vulnerable people regardless of whether they are designed specifically for them or for the general population (eg, smart door locks, smart alarms, or voice assistants). This article focuses on children and inherently vulnerable adults, and analyses how to comply with the General Data Protection Regulation (GDPR) when the latter use smart products, with a particular focus on the UK through references made to the Information Commissioner’s Office guidelines and reports. Complying with the GDPR provisions related to the processing of vulnerable people’s data would be beneficial not only for the latter but also for organizations developing and deploying smart devices. This article argues in favour of protecting vulnerable people’s data by design and default in every smart product. The objective of this work is also to draw attention to the need of thinking about vulnerability across all data protection principles and to propose solutions on how to effectively comply with the GDPR in this context.