Smart home for lawyers: IoT in the home and its implications for the GDPR

The IoT is "A network of items – each embedded with sensors – which are connected to the Internet" and function thanks to the collection and communication of data. It revolves around the idea that everything can communicate every time and everywhere, in a "ubiquitous network". Today, companies market as 'smart' IoT products that are intelligent. Thanks to machine learning, they can talk (voice assistants), change the environmental conditions (lamps and thermostats) and personalise their responses to each user. Today's smart devices (hereinafter also indicated with IoTs) are consumer products whose essence not only lies in their interconnectivity but also in their sophisticated learning and personalisation. Smart devices reach their highest functionality in the smart home, where many traditional appliances are replaced with IoTs. Popular smart home devices are: TVs, thermostats, voice assistants, lightbulbs and switches. However, the sector continues to grow rapidly, offering big and small smart kitchen appliances (from fridges to coffee pots), as well as mattresses, toothbrushes, and even children's toys. The smart home is based on the ubiquitous and invisible collection, analysis, and exchange of data, which makes the private sphere more permeable and increasingly visible for the companies that control these devices. This article looks at the application of the GDPR to the smart home. The first part introduces the changes that the smart home has brought to the traditional conception of home, focusing on the expectations of privacy connected to the private sphere. The rest of the article discusses those provisions that are particularly challenged by the IoTs: the fundamental principles of data processing, the DPIA, and the prohibition of automated decisions and profiling with significant impact.