This PhD critically analyses how legal frameworks, in particular data protection law, work in practice when organisations develop and deploy smart devices used by vulnerable people.
In the first chapter of the thesis, doctrinal research will be conducted into the data protection law and legal concepts, to understand the current legal landscape, guidelines and opinions related to my field of study. Doctrinal legal research “provides a systematic exposition of the rules governing a particular legal category, analyses the relationship between rules, explains areas of difficulty and, perhaps, predicts future developments” (Hutchinson and Duncan, 2012). The doctrinal study will identify the most relevant data protection law provisions in the context of the use of smart products by vulnerable people and discuss how they should be interpreted.
The second chapter of the PhD will be the empirical part. The dichotomy that is sometimes observed between doctrinal studies and how laws work in practice has been the subject of criticism by modern legal scholars. Interviews and case studies of different smart devices will help us understand how data protection laws work in practice and how organisations try to adapt to the current legislation. Semi-structured legal interviews with members of UK organisations developing and deploying smart products for vulnerable people will be conducted. Lawyers who give data protection advice to those organisations will be also interviewed.
Finally, the last chapter of the thesis will be devoted to understanding the theoretical or conceptual misplacements underlying the issues linked to the protection of data of vulnerable people when they use smart devices.
In the thesis, we do not exclude any particular group of vulnerable people, as special measures helping one group will often be also beneficial for others (for example, writing privacy policies in a child-friendly language will also make them more understandable for vulnerable adults). Of course, this does not change the fact that some categories of vulnerable persons would benefit from specific data protection measures designed especially for them. Smart devices will be used more and more often in vulnerable people’s homes, regardless of whether they are designed specifically for them or for the general population (for example, smart door locks, smart alarms or voice assistants).
City Arts is the industry partner of this PhD project. It is a charity that strives to ensure that all people can enrich and change their lives by actively participating in the arts. The aim of this PhD is to identify relevant issues and propose solutions that could help organisations working on smart devices used by vulnerable people in complying with data protection laws. I would like to raise awareness about current problems with data protection compliance so that they can be resolved by policy makers. If organisations are persuaded that technologies that use our personal data and personalise our experience are more effective, and if they have the capacity and knowledge to comply with laws, this might increase the availability, quality and security of smart devices used by vulnerable people.
This author is supported by the Horizon Centre for Doctoral Training at the University of Nottingham (RCUK Grant No. EP/L015463/1) and EPSRC.