The design of an assistive technology for older people that respects their right to the protection of personal data.
Our research work is integrated into a Coordinated Research Programme: the SECURHOME project. The main objective of this project is the development of a device to help elderly people, providing them with greater independence and security in their home.
The SECURHOME project aims to develop and validate a device that can detect, through artificial intelligence (AI) techniques, if a person is at risk, or not, through their daily activity at home. To this end, their daily behaviour must be analysed through the study of their movement, sound, temperature, use of certain household appliances, etc. The device, using these artificial intelligence techniques, will learn the user's behaviour and the possible variations that may occur. In this way it will adapt to your lifestyle and it will be possible to prevent any eventuality, such as an accident in the home, a loss of consciousness, etc.. If the device detects any eventuality, it will send alerts to previously configured family members and to the nearest health care centre. Therefore, the SECURHOME project involves first of all research in the technological field but also poses very important challenges in the field of law, especially for privacy.
From a legal point of view, we are faced with the processing of personal data and this means that the regulations governing this very specific matter must be applied. Since 25 May 2018, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter RGPD) has been applicable. This Regulation entails important changes in relation to the processing of personal data as well as new responsibilities and obligations for those who collect and use such data. In addition, Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights has been in force in Spain since 7 December 2018, adapting and completing the Spanish legal system to the RGPD.
In order to develop the SECURHOME Device it is necessary to collect personal data, that is to say, information about an identified or identifiable physical person that will serve to study the behaviour of the users of the device and in this way be able to detect alterations in these behaviours in order to prevent and react to any eventuality. This collection and analysis of personal information constitutes a processing of personal data as defined in Article 4 of the RGPD and our research work will focus on identifying the legal requirements applicable to such data processing. This work, among other issues, will require determining the nature and category of the personal data collected, the purpose or compatible purposes of use of such data, the conditions for the consent of the persons holding the personal data and the applicable security measures. This last aspect, that of security, is of vital importance in the field of the Internet of things, in which the assessment of the risks inherent in the processing of personal data is presented as an essential prior requirement.
When we talk about the Internet of Things (IoT) we are referring to those infrastructures which, through sensors incorporated into certain everyday devices, collect, store, process and transfer personal data.
These systems are associated with unique identifiers that allow them to interact with other sensors and devices through their networking capabilities. We are in the field of so-called "ubiquitous" computing which, as pointed out by the European Union Working Party on Data Protection (Opinion 8/2014 on the recent evolution of the Internet of Things) are based on "the principle of extensive processing of data by these sensors designed to communicate data inadvertently and exchange them seamlessly". The device to be developed through the SECURHOME project would be oriented, not exclusively, but fundamentally, to what is known as the "quantified self", that is to say, devices designed to record and analyse information on habits and lifestyles. The IoT poses several important challenges in relation to privacy so it is of great importance to implement the legal framework for data protection in force.
The aim of our research is to study the legal context for:
1) To focus on the general risk to the rights and freedoms of data subjects.
2) To analyse the particular risks caused by the Internet of things to the rights and freedoms of data subjects, such as lack of control, asymmetry of information and creation of profiles that the SECURHOME device can cause.
3) Connect the risks of IoT with the rights of data subjects.
4) Review the quality of the consent and information provided by the interested party who will use the SECURHOME device.
5) Place the security risk of the SECURHOME device within the framework of the RGPD.
6) Monitor and oversee how technological neutrality and privacy is carried out from the design in the development of the SECURHOME device.
Through our research we intend to analyze the application of personal data legislation to an Internet device of Things in real life, to try to determine what are going to be the biggest challenges in its application and, at the same time provide a real example of how RGPD can improve the protection of privacy through IoT devices.
The research team is made up of 7 researchers with extensive experience in the field of human rights, especially on the processing of personal data and fundamental rights and on the rights of people in situations of vulnerability: Ana Garriga Domínguez and Susana Álvarez González, lecturers at the University of Vigo and Rafael de Asis Roig, Javier Ansuategui Roig, María del Carmen Barranco Avilés, Patricia Cuenca Gómez and Migle Laukyte, lecturers at the University Carlos III of Madrid.