Building automation has finally arrived in private homes: roller shutters open and close by themselves, brightness sensors determine when the light goes on, motion detectors communicate with the radiators, and the apartment door opens with a fingertip in the smart home app. Language assistants such as Alexa and Google Assistant open up the control of the smart home with spoken commands. And the TV registers media consumption habits.
All the sensors generate some personal data that is stored and processed. All in all, a lot can be concluded from this, which raises data protection issues. In episode 85 of the c’t data protection podcast, editor Holger Bleich and Heise legal advisor Joerg Heidrich talk about this with their guest Dr. Marc Störing. The lawyer is a partner in the international law firm Osborne Clarke, where he specializes in IT-related data protection advice. Privately, Störing has a weakness for home automation – in the podcast he talks about his own projects.
In the conversation, the three clarify where which data can occur and how it is stored. They then discuss which legal bases of the GDPR could justify processing, unless only the family environment is covered (which is practically never the case). It is also about fundamental questions about necessity, earmarking and storage duration in the smart home area.
Completely different problems arise with the “Smart Building” in the business environment. This is about responsibilities, employee data protection and order processing by specialized service providers. This broad field is also touched upon in the podcast.
Here are all the episodes so far: