Please can anyone point me towards a body of reference/research/legislation addressing who has the right to access and who controls data generated by Things on the IoT? Also, are there conflicting views across different international legislative boundaries?
I work with controllers and monitoring equipment for passenger lift (elevator) systems, which are increasingly becoming connected as autonomous Things on the Internet. However, any data generated by this equipment, for example passenger call origin and destination floors, car trips, etc., is often kept proprietary (and secret) by the equipment manufacturer, despite the building owner having bought the equipment, paid for it's maintenance and passengers having travelled to cause the data to be generated in the first place. In most cases the data is general and does not identify individual persons (although that may be changing in some cases). The use of open standards is limited, with the notable exception of the CAN in Automation spec CiA-417, which is specific to lift equipment, but beyond that is the need to gain access authorisation from the equipment supplier.
I have read opinions on a few websites (eg:https://www.taylorwessing.com/download/article_data_lot.html ) to the effect that "there is no property right in a piece of data itself" but is there legislation regarding its being witheld or obfuscated?
Thanks in advance for your responses,
Jonathan Beebe (MIET, CEng, MBCS, CITP)