University of Strathclyde

Legal Guidance and Research / Experts / Organisations / University of Strathclyde

1 Experts

Clear all filter

2 Contributions by University of Strathclyde Experts

EU IoT regulatory landscape: data protection, privacy, cybersecurity and liability—GDPR, ePrivacy, NIS2, Data Act, DGA, Cyber Resilience Act, AI Act, e‑Evidence and revised Product Liability
PRACTICE NOTES
EU IoT regulatory landscape: data protection, privacy, cybersecurity and liability—GDPR, ePrivacy, NIS2, Data Act, DGA, Cyber Resilience Act, AI Act, e‑Evidence and revised Product Liability
This Practice Note addresses the EU data protection and privacy ramifications of the internet of things (IoT) and the information it generates. It considers the following principal areas: What is the internet of things? Data protection Key themes identified for concern Article 29 Working Party opinion on recent developments regarding the internet of things Cookies and equivalent tools Practical actions concerning data protection Cybersecurity EU Data Governance Act and EU Data Act Revised EU Product Liability Directive EU AI Act e-Evidence Regulation For fuller insight into core commercial issues linked to the IoT, see Practice Note: Internet of Things (IoT)—key legal issues in the EU. Specific matters relating to automated vehicles are outside the scope of this Practice Note; for details, see Practice Note: Automated vehicles—data, privacy and cybersecurity issues in the EU. For material on the data protection and privacy aspects of the IoT in the UK, see Practice Note: Internet of things
EU Law
UK Internet of Things compliance: data protection, ePrivacy and cyber security (UK GDPR, DPA 2018, PECR, PSTIA 2022) with DUAA 2025 updates
PRACTICE NOTES
UK Internet of Things compliance: data protection, ePrivacy and cyber security (UK GDPR, DPA 2018, PECR, PSTIA 2022) with DUAA 2025 updates
STOP PRESS: On 19 June 2025, the Data (Use and Access) Bill obtained Royal Assent, becoming the Data (Use and Access) Act 2025 (DUAA 2025), with elements taking effect that day. Measures addressing, among other things, responses to data subject access requests and the grant of powers to make further regulations commenced immediately on 19 June 2025. Other elements, including notices issued by the Information Commissioner and certain facets of law enforcement processing, began on 19 August 2025, two months after Royal Assent. The bulk of DUAA 2025 requires additional regulations, in the form of statutory instruments, before those provisions can start. Part 5 of DUAA 2025 revises aspects of the UK’s data protection and ePrivacy framework, covering the United Kingdom General Data Protection Regulation, Assimilated Regulation (EU) 2016/679 (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic
TMT
If you expected to see yourself on this page, click here.