14 Aug Cybersecurity and the Internet of Things: a Legal Aspect
The Internet of Things industry is developing rapidly. Therefore, if in 2009, the number of gadgets connected to the Internet exceeded the population of our planet, then in 2020, the number of IoT devices according to the specified parameter has already exceeded the number of real users several times.
The Internet of Things means a cyber-physical ecosystem of interconnected sensors and executive mechanisms that make it possible to make intelligent decisions. It can be concluded that information is at the heart of IoT, supporting a continuous cycle of decision-making and action. Today, IoT devices are used in many sectors of the economy and social life, for example, in:
- Logistics;
- Medicine and health sector;
- The agricultural sector;
- Administrative and social spheres;
- City infrastructure.
The mass implementation of the Internet of Things today is hindered by certain problems, including “holes” in security: obsolete data formats, lack of specialists. Working in IoT requires professionals, a toolkit that is far from ideal, connection instability, reluctance of citizens to interact with smart systems.
In Ukraine, at the legislative level, the problem of theft of personal data (hereinafter – PD) is regulated by some regulatory and legal acts. Thus, according to the Law of Ukraine “On the Protection of Personal Data” (Article 12), the collection of personal data is one of the elements of the process of their processing, which involves the activity of selecting or organizing information about a natural person (i.e., the owner of personal data, the subject of personal data).
However, our state still has not developed a sufficient legal framework and methods that can effectively protect users of the IoT system. That is why Ukraine, in the matter of protection of PD, mainly relies on international experience, in particular of EU countries.
In author opinion, the Rules of the new Law on the Protection of Personal Data on the Internet, known as GDPR (from the English the General Data Protection Regulation), which entered into force on 05.25.2018, can be considered the most relevant and high quality for the protection of personal data and cyber.
Ensuring a high level of cyber security should become the main criterion when designing new devices, solutions and technologies. The authorities should cooperate with international partners in the struggle to ensure effective legal protection of Internet users. Educational work among Ukrainian citizens on the issues of self-protection of their rights in the digital environment is also important. In addition, this is the only way we can protect the Internet of Things system and ourselves in it.
Author: Nadiia Serhienko, Kharkiv National University of Internal Affairs
References:
- Filinovych V., Legal Bulletin 4 (57) 2020: Civil and Labor Law, https://er.nau.edu.ua/handle/NAU/47227
- Internet of Things (IoT). European Union Agency for Cybersecurity. 2018. URL: https://www.enisa.europa.eu/topics/iot-and-smartinfrastructures/iot.
- Pritula P. 5 problem interneta veshhej, kotorye predstoit reshit’. CNews. 2016. URL: https://www.cnews.ru/articles/2016-05-27_5_ problem_interneta_ veshchej_kotorye_predstoit_reshit.
Key words:
Cybersecurity; Information Security; Internet of Things; Internet governance; cyberspace; cybercrime; cyberattack.