Threats of the Internet of Things in a Techno-Regulated Society – A New Legal Challenge of the Information Revolution

 In Ethical Issues, Issue 1, Volume One


Technology has been rapidly changing the way we interact with the world around us. Companies, aiming to meet new consumer demands, are developing products with technological interfaces that would have been unimaginable a decade ago.

Automated systems turn on lights and warm meals as you leave your work, intelligent bracelets and insoles share with your friends how much you have walked on foot or on bike (Nike Running, 2012); sensors that automatically warn farmers when an animal is sick or pregnant (Computer Science Zone, 2015). These examples are all manifestations associated with the concept of “Internet of Things” (“IoT”).

There are strong disagreements regarding what IoT stands for. There is no such thing as a unanimously well-defined concept for IoT. More broadly, it can be understood as an interconnected environment of physical objects linked to the Internet through small built-in sensors, that creates a computer-based ubiquitous ecosystem, in order to facilitate and introduce functional solutions for daily routines and activities (Federal Trade Commission, 2015;, 2014).

Even though it might resemble a futuristic scenario, this kind of technology is already part of the present. Bracelet computers, smart watches, health devices, smart houses, cars and smart cities, are all manifestations of the “Internet of Things” (Federal Trade Commission, 2015).

However, despite the present context, it is still a fairly recent culture based on the new relations we are forging with machines and interconnected devices. It is estimated that the number of “things” connected to the Internet have surpassed the number of people, what further confirms this new human-machine relationship. Estimations (Barker, 2014) tells that in 2020 the quantity of interconnected objects will overcome 25 billion, being able to reach a mark of 50 billion smart devices.

All this hyperconnectivity and continuous interaction between gadgets, sensors and people, points to the rise of data and logs being produced, stored and processed both virtually and physically. On one hand, this may produce innumerous benefits to consumers. Interconnected health devices allow constant and efficient monitoring as well as greater interaction between doctor and patient. Residential automated systems will enable users to send messages to their home devices even before they arrive, performing actions such as opening the garage door, turning off alarms, turning on the lights, preparing a hot bath, cooking dinner, playing that special song, and even shifting the rooms` temperature. Moreover, what the future holds for IoT is yet to be discovered.

On the other hand, the large amount of connected apparatuses will accompany us daily and regularly in our everyday life, and therefore collecting, transmitting, storing and sharing an enormous amount of data – most of it strictly private and even intimate.

With the exponential rise of such devices, we should also pay attention to the potential risks and challenges that this increase may bring to fundamental rights. Those challenges can be investigated through a wide variety of lenses. For example, the new technological scenario is occasioning several changes on regulation and in jurisprudence of consumer’s law. Nevertheless, despite the variety of areas covered by this discussion, the analysis intended in this paper will try to investigate those challenges especially through the lens of privacy, freedom of expression and protection of personal data.

Although some of the threats and risks of the IoT scenario do not seem novel, considering how recent this context of hyperconnectivity is, we are not yet fully conscious of the possible damages that are dramatically enhanced in an IoT environment nor do we have sufficient legal regulation to avoid losses that could arise from the unclear processes of storage, treatment and sharing of our personal data in the context of IoT.

Besides, while we are failing on having an adequate regulatory framework upheld by the law, we are experiencing a strong auto-regulation from the market, a regulation that, at many times, is made through code design[1], what we may call a techno-regulation[2]. It is crucial to analyze what the new legal challenges are in this context that forces us to think about an adequate legal framework to respond to those challenges.

With that in mind, this paper is structured in two main sections. The first introduces the concept of IoT as well as shows how the focal point of this discussion goes beyond the IoT itself, linking up to the concepts of interconnectivity and Web 3.0. To reflect on the IoT nascency, it is important to take a step backwards and look carefully into the impacts of (the promise of) hyperconnectivity. That is why the next section, even though titled “The Internet of Things”, is not restricted to IoT, it encompasses the development of the Web – showing how the user’s experience has changed in a context of greater interactivity and connectiveness.

The second section of this essay tries to sustain the importance that the law advances in the search for a new regulation, especially in Brazil, that is both adequate to new technologies and that fits the new IoT context, preventing a negative scenario where the techno-regulation overlaps the regulatory framework based on the rule of law and controls us in an insurmountable way, potentially violating several fundamental rights, such as privacy, freedom of speech and access to knowledge.

Based on a theoretical and constitutional approach to current technological evolution with particular regard to the Internet of Things and its privacy dimension, the purpose of this preliminary effort is to trigger further reflections about the regulatory challenges posed by greater (inter)connectivity.

The Unravel of The Internet of Things IoT

IoT is a term used to describe connectivity between several Internet-sensitive everyday objects – gadgets equipped with sensors capable of capturing details from the “real world“, for example temperature, humidity and presence, and sending them to central data stations that collect this information and reuse it in “intelligent ways“.

The Internet of Things links the objects of the real world with the virtual world, thus enabling anytime, anyplace connectivity for anything and not only for anyone. It refers to a world where physical objects and beings, as well as virtual data and environments, all interact with each other in the same space and time.(Santucci, 2010);

From the perspective of technical standardization, the IoT can be viewed as a global infrastructure for the information society, enabling advanced services by interconnecting (physical and virtual) things based on existing and evolving interoperable information and communication technologies (ICT). (International Telecommunication Union, 2015)

Connected objects have been part of the discussion since the dawn of Information Technologies. During the 1990s, Bill Joy, cofounder of Sun Microsystems, spoke about the Device for Device (D4D) connection, a connection that incorporated not only the net, but also “several different webs”(Hapgood, 2007; Pontin, 2005).

In 1999, MIT researcher Kevin Ashton proposed the term Internet of Things. Ten years later, he wrote the article The Internet of Things Thing (Ashton, 2009) for the Radio Frequency Identification (RFID) Journal, reinforcing the importance of such term. According to Ashton, people will need to connect to the Internet in various ways and through different devices due to the lack of time available in the new fast-pacing routines. Kevin argues that even our body movements will be stored – with precision and accuracy – as data. The researcher further states that this revolution will be greater than the development of the online world we are familiar with today.

Understanding the conceptual framework behind the evolution of the Web versions is crucial to apprehend the sense of hyperconnectivity and interconnectivity as something that can explain the IoT, although they can be understood separately as different concepts. Hyperconnectivity and interconnectivity are, simultaneously, a temporal relative conclusion and a new market response to old and new societal needs.

According to this understanding, we could say that IoT and the so-called Web 3.0 were created and depend on those new technological potentialities upon which they are supported. Their centrality is based on proposals of new usages through an inter and hyperconnected environment. By depending on hyperconnectivity to promote new uses, IoT and Web 3.0 usages make hyperconnectivity even more intense and needed, stimulating this interrelationship. To clarify the interrelationship between IoT and Web 3.0 we must try to unravel the differences between the different Web versions that are usually separated in three stages.

The first Web (Web 1.0) emerged during the 1980s and was identified by its potential, connecting people – even though it was restricted to a read-only web. Consumer-producer communication was absent and a characteristic of Web 1.0 but, even though this may sound quite pessimistic and negative nowadays, it did not smoothen the impact of the first web. For the first time, people gained free access to large amounts of information (Big Think, 2012).

It is important to note that the term “Web 1.0” emerged after O’Reilly Media started coining and publicizing the word Web 2.0 on its’ 2004 conference (O’reilly net, 2004) when arose the need to categorize and differentiate both Webs.

The transition process from Web 1.0 to Web 2.0 was unclear. Some websites used resources from both phases, making it difficult to draw the line where Web 1.0 ended and Web 2.0 started. Depending on its purpose, some websites with simple layouts could be as good as the more complex ones. While Web 1.0 was known as “the Web of knowledge” due to the rapid increase of info available for those who accessed it, Web 2.0 can be considered as the “Web of communication” because of its interactive platforms (Aghaei, 2012). The differences between these two phases of the Web did not happen because of some great technological innovation, but due to the new ways of using other tools previously available in the same architecture. The two major characteristics of Web 2.0 are its collaborative nature and its constant interaction between users. All these relations were possible due to growing platforms such as social networks, blogs, wikis, and others. With that, content production in the Internet started to become more fluid. From the moment users could feed platforms with information, the Web became a two-way stream, also labelled as read-write web. Therefore, with the advent of the collaborative web (Web 2.0), Internet users went from mere content consumers to content consumers and content producers at the same time.

The term Web 3.0 (Ray, 2010) was created by the journalist John Markoff, from the New York Times (Markoff, 2006), based on the evolution of the term Web 2.0 popularized by Tim O’Reilly and Dale Dougherty in 2004.

While Web 2.0 allowed greater interaction, Web 3.0 now uses the Internet for massive data crossing. Information can be read through different devices and making it possible for them to deliver precise information. Even though the concept of Web 3.0 remains undefined, fluid and a target for critics, we can still say that some of its characteristics differ from the other Webs. The main aspect is the new connection poles where objects interact with people and with other objects – what explains its association with IoT

The main difference between Web 2.0 and Web 3.0 is the fact that the first focuses on users’ creativity for content production, considering both consumers and producers of online information, while the latter (Web 3.0) focuses in interlinked data sets (Aghaei, 2012).

Further associations (Aghaei, 2012):

There are those who defend that Machine to Machine (M2M) connection will be more useful for the organization of information by the time when personalized and specific data becomes more necessary. This technology, enhanced by greater connectivity between devices, will deliver intelligent and highly customized content. Specialists believe that one of the “pros” of Web 3.0 and IoT will be its capacity to help in personal assistance while concomitantly learning more from us as we navigate/use it.

Together with the concept of Web 3.0 arose the concept of “Semantic Web”. Tim Berners-Lee, creator of the World Wide Web (WWW), explains that semantics is part of the Web 3.0 (Shannon, 2006). During the Internet’s early days, all content produced was destined for human understanding, for example, all web pages were easily recognizable for us, computer did not possess this ability, but times are changing.

The Semantic Web implies that devices would be able to interpret information granted and produced by the user. Combining personal information to platforms could further individualize the expected outcomes. For example, even though two individuals may be searching for the same thing using the same terms, different results would be presented to each, because of their online history and individual contexts. Web 3.0, IoT and Semantic Internet will depend on the large databases that will be created as users further use platforms with this kind of technology (Shadbolt, Berners-Lee, & Hall, 2006).

Beyond the conceptualization of IoT, another concept rises up closer to the characteristics outlined by Web 3.0 and Semantic Web: the Internet of Everything (IoE) (Bajarin, 2014). Companies that work with network infrastructure, such as Cisco and Qualcomm, have been propagating the term in conventions and documents. However, there is no substantial difference between IoT and IoE. Even Qualcomm does not make a clear distinction. On the other hand, Cisco believes that IoT is only a stepping-stone to reach IoE (Weissberger, 2014).

There are already predictions about the next stages of the Web. Estimations (Patel, 2013) note that the “Web 4.0” or “5.0” will be a symbiotic Web, meaning it will be capable of integrate technologies to humans, even involving feelings and emotions, therefore transforming the Web into a brain-like system. The definitions regarding the next Webs are openly vague, even the term 2.0 is still a target for critics and the 3.0 is still consolidating. Nonetheless, the possible statements about these new webs point towards greater use of artificial intelligence in order to create an increasingly “smarter” Web.

Taking into consideration the characteristics of the IoT, Web 3.0 and growing (inter)connectivity, in the next topic we will try to shed light on the ongoing challenges faced by the rule of law posed by the advancement of the Internet of Things and the techno-regulation that it imposes capable of limiting and violating several fundamental rights.

A Techno-Regulated Society

Considering the characteristics pointed out by cyber-optimistic scholars such as Manuel Castells and Yochai Benkler, we may say that new information and communication technologies have been seen as the great promise of several different areas. Nonetheless, this potential can be considerably reduced depending on how new technological layers are built upon certain infrastructures, therefore allowing users to explore more or less actions and depending on criteria for access and content filtering by algorithms[3]. Besides, private companies are developing technology without paying adequate attention to fundamental rights such as privacy and security. Without proper care, this procedure can bring serious risks to consumers (Almeida, Doneda, & Monteiro, 2015).

We are living a moment of intense techno-regulation, commodification of personal data, and no strong legal apparatus to protect human and fundamental rights such as privacy protection. It is crucial that we stop to think about the role that the law should play in this context, especially in countries like Brazil that don’t have yet for example a solid and comprehensive data protection law (Pagallo, 2013).

Only recently has Internet diffusion become part of the Brazilian context. According to “CETIC Domicílios” report, 51% (85,9 million) are Internet users and within that statistics, 77% of them range from 16 to 24 years old (Center for Educational Computing, 2009). The current Brazilian legislation has already contemplated some aspects of Internet access and uses.

The Brazilian Internet Bill of Rights (art. 7) (Rousseff, Cardozo, Belchior, Silva, & Diniz, 2014; Snowden, 2015), also known as Marco Civil da Internet – approved by the National Congress in 2014, after a series of public consultations that started in 2009 – establishes that Internet access is essential for exercising citizenship[4]. Further on, in 2011, the Access to Information Law (Law 12.527/2011) was sanctioned. Seeking to promote greater transparency in public administration, the law established mechanisms for mandatory disclosure of open data/files, especially in the Internet, as well as any citizen’s request for information online. Following from this public policy perspective, in 2010, the Ministry of Communications launched a National Plan for Broadband (“Plano Nacional de Banda Larga“) (MCTI, 2012). The plan sets quantitative goals and guidelines in order to stimulate the expansion of Internet access in Brazil over the coming years.

It appears that not only Brazilian citizens, (Kravets, 2015) but also the Government, understand the economic and social potential of the connected public sphere in Brazil and how it is playing an important role in the digital age in terms of access to knowledge, access to information, freedom of expression and accountability (Faria, 2012).

However, pointing towards another direction, a new context emerges rapidly and surreptitiously. Even though Internet-related regulations such as the Marco Civil da Internet try to uphold the value and potential of the Internet as well as stipulate practices that seek to protect constitutional rights, the current autoregulation based on code design[5] has proven to be able to overlap the rule of law reflected in these regulations. This autoregulation can subvert the traditional legal logic of “ought to” that safeguards citizens’ free will, establishing a binary logic of “can/can’t”, therefore leaving no alternative to citizens or governments’ actions (Pagallo, 2015).

Harvard professor Lawrence Lessig called attention to the fact that the very architecture of the Internet, that is, the hardware and software that make it up with technical structure and codes governing its functioning, are also ways to regulate human behavior. According to professor Lessig, regulation through architecture is sometimes even more effective than other more familiar forms such as law, economics (market) and social norms. That’s why he coined the well known phrase “Code is Law”(Lessig, 2000), since the very architecture of the sites makes us hostage of the algorithms[6], regulating our behavior as well as the law and creating serious obstacles to access to information, individual autonomy, privacy and freedom of expression (Lessig, 2006).

The Internet is plastic and changeable and the fact that we are unwittingly becoming hostages of the algorithms that insert us on these bubbles, seeking the promise of hyperconnectivity and its facilities, has been seen as one of the most drastic changes, and subtle, because it is often unnoticeable.[7] In a techno-regulated context ruled by algorithms’ binary logic of “can/can’t”, the democratic potential of the connected public sphere and even the influence of the rule of law can be dramatically reduced.

The concept of rule of law is not easy to tackle. Tom Bingham (Bingham, 2010) brings a huge effort to describe the evolution of the concept and its meaning nowadays. According to Bingham, although we have an abstract idea of what it means as a “law-governed state” and “the laws of the land” and its importance for contemporary societies, it is hard to achieve a consensus about a closed concept.

Nevertheless, for the purposes of this article, we draw on Bingham`s position, considering rule of law as the foundation of a civilized society that embodies a series of important interrelated ideas, as follows: First, it is responsible for limiting the power of the state. A government exercises its authority through publicly disclosed laws that are adopted and enforced by an independent judiciary in accordance with established and accepted procedures. Secondly, no one is above the law; there is equality before the law. Thirdly, there must be protection of the rights of the individual. Finally, the law must apply equally to the government and individual citizens (Bingham, 2010).

Although Bingham considers the concept an ideal, the author agrees that it is an ideal worth striving for and envisions the connection of the rule of law with the concretion of fundamental and human rights. In that sense, we have a discrepancy between the role that the rule of law should represent in contemporary societies and the frequent disregard by private companies such as Facebook and Youtube through techno-regulation on the conduction of their platforms (Bingham, 2010).

In 2004, UN Secretary-General Kofi Annan provided an expansive definition of the rule of law as “a principle of governance in which all persons, institutions and entities, public and private, including the State itself, are accountable to laws that are publicly promulgated, equally enforced and independently adjudicated, and which are consistent with international human rights norms and standards. It requires, as well, measures to ensure adherence to the principles of supremacy of law, equality before the law, accountability to the law, fairness in the application of the law, separation of powers, participation in decision-making, legal certainty, avoidance of arbitrariness and procedural and legal transparency” (United Nations Security Council, 2004).

Algorithmic regulation of devices and platforms restricts the user to what has already been programmed. Furthermore, when it comes to algorithms and content providers, content filtering and withdrawal are commonly automatized, rather invisible, and can even execute illegal (and demotivated) censorship without being held accountable to the user. Even though these kind of practices occur daily, private tech companies do not suffer any penalty. It is the techno-regulation overlapping the rule of law.

According to Ugo Pagallo, “where non-normative instruments dominate the regulatory environment, we seem to be subject to the rule of technology rather than the rule of law. It may be time to realise the fact that increase in efficiency do not always result with effective solutions. `To prevent becoming merely the cognitive resource for these environments we must figure out how they are anticipating us’. In a techno-regulatory setting, rules no longer embody the politics that they are based on, but they simply dictate it. Law and politics do not operate as two exclusive axioms namely, `politics is the field of power relations and contestations; and law is the sphere of truth and justice governed by the rule of law.’ Techno-regulation signals the demise of our capacity to reason against and resist, and thus it may result with a further deviation from the values that make us “human” (Pagallo, 2015).

To illustrate this problem connecting to an IoT context, recently, Samsung warned its customers not to discuss personal information in front of Samsung’s smart TV’s. The news came after a declaration pointing out a disturbing line in the privacy policy of Samsung: “Please be aware that if your spoken words coming from your TV include personal or confidential information, this information will be among the data captured and transmitted to third parties (Democratize, 2016). This case raises the issue that although some of the threats and risks of the IoT scenario do not seem novel, many of the threats and challenges are seriously amplified in this context considering the new processes of storage, treatment and sharing of the massive amount of personal data being generated.

Other examples, Youtube’s blocking mechanism of techno-regulation through Content ID system (Google Support, 2017) severely jeopardizes the Brazilian remix culture coming from Funk (Wikipedia, 2017) and Tecnobrega (Wikipedia, 2017) expressions in the music scene. Meanwhile, Facebook’s algorithm, trying to filter pornography expressions, recently censored a post by the Ministry of Culture in Brazil (posted in its official Facebook profile) with a photograph picturing two Brazilian natives. The photo in the public domain was posted as a release to divulge a new website in partnership with the National Library Foundation and the Moreira Salles Institute containing in the collection over two thousand historical images of the nineteenth and twentieth centuries. Given the lack of transparency for the automatic filtering and the indifference demonstrated by the Facebook in this case, Brazilian Minister of Culture publicly declared that the algorithm’s private censorship was abusive, violating the rights to freedom of expression, sovereignty and access to culture, further demanding explanations by the company and threatening them with a possible judicial prosecution (Ministério da Cultura, 2015).

All those examples give us a clear perspective that techno-regulation is already an established practice, that is being articulated to address specific commercial purposes without observing constitutional rights or specific internet regulations such as those foreseen in recently approved Internet Bill of Rights (Marco Civil da Internet), document that emphatically states the importance of guaranteeing constitutional rights in cyberspace.

It is important to assert that it must not be the intent of the law to govern this process in a way that hinders the advance of technology. Differently, we must be conscious that if techno-regulation by code is growing faster than our ability to guarantee safety and privacy for users and we are already failing on having an adequate regulatory framework upheld by the law, an adequate legal framework is necessary to respond to those new legal challenges. Moreover, a deep reflection is necessary about to what extent the normative side of the law should be transferred from the traditional “ought to” of legal systems to automatic techniques through mechanisms of design, codes, and architectures (Pagallo, 2012).

The lack of specific regulation, in Brazil for instance, safeguarding personal data, makes it an even worse scenario, facilitating companies to close deals based on online information produced by its clients (users) using their services. This feeds the economic force of private companies, further simulating unclear and unfair relationship that involve practices that are challenging to track – treating data that, most of the times, is beyond the scope of their services and products.

To illustrate, recently research from the Center for Technology and Society at FGV DIREITO RIO for the Dynamic Coalition on Platform Responsibility working group of the Internet Governance Forum showed that more than 66% of the analyzed Internet platforms gathered more data than what would be necessary for the accomplishment of the service contracted by the user.[8]

In Brazil, Facebook and SERASA (Company created by the banks so they would, among other purposes, be able to analyze and research the economic/financial information of their clients for services such as credit loans) made public their interest in closing a partnership that would allow the social network company to access the financial company’s data banks. With that, companies would be able to direct ads to a specific audience according to their income based on the information provided by Facebook. This invasive practice may change the way that we view ad-based publicity contracts promoted by Facebook and its partners (Junior, 2015).

Additionally, there is a rising number of startups using users’ information taken from social media to develop an index capable of determining the reliability of a potential borrower. With that in mind, companies would have greater security in loaning services, knowing who can/can’t honor their debts. Based on such information, they could also offer lower tax rates to those that were better evaluated (Evangelista, 2015). Social groups, especially the economical vulnerable ones, have been suffering from discriminatory practices, namely, the massive use of online personal data crossing.

Another practice worth mentioning is “digital redlining”. The term redlining refers to the imaginary red line drawn by banks in poor neighborhoods to mark people within a geographic location and to whom higher taxes are destined. This exclusion and discrimination was now imported into the digital world, elaborated not by a map anymore, but by a robot that integrates imported data (among others) from social networks. They gather most of these data from networks such as Facebook, so that they may establish higher tax rates for certain people.

Even though public policy makers and citizens in Brazil appear to be more conscious of the Internet’s economic and social potential, they are not sufficiently aware of the risks that may arise from private companies’ practices or the enhanced risks to fundamental rights imposed by big and open data and the enlargement of the IoT environment.

Besides the urgent necessity of developing a specific legislation about personal data and privacy protection to avoid unconstitutional techno-regulation or personal data treatment, we should seek more broadly an efficient regulation of these technologies through a meta-technological perspective of the law.

The legal order and the rule of law, differently from other social orders, regulates human behavior by means of a specific technique. Once such technique regulates other techniques that orients behaviors and, beyond that, processes of technological innovation, we may accordingly conceive the law as a meta-technology (Pagallo, 2013).

According to Pagallo and Durante (2016), “the different and even opposite ways in which we can grasp the normative purposes of the law as a meta-technology recommend to expand our view. We propose four steps of analysis. First, a meta-regulatory approach to the field of legal automation should allow us to determine whether, and to what extent, lawmakers shall not (or cannot) delegate decisions to automated systems. Second, focus should be on the impact of technology on the formalisms of the law, and how the latter competes with further regulatory systems. Third, we have to pay attention to the principles and values which are at stake with the delegation of decisions to automated systems, namely the institutional dimension of the law with matters of interpretation and deliberation. Fourth, the distinction between automatic and non-automatic decisions of the law, and their legitimacy, may entail a class of legal problems, i.e. the hard cases of the law (…).”

Bearing in mind the importance of the law as an effective system for regulating behavior and actions, as well as considering that its criterions also take into account the need to guarantee constitutional rights while concomitantly preserving human autonomy, the rule of law has to guide technology and not the opposite. As Lawrence Lessig once stated, the threat is that “controls over access to content will not be controls that are ratified by courts; the controls over access to content will be controls that are coded by programmers” (Lessig, 2004).

Therefore, before the enhanced risks imposed by the advancement techno-regulation, amplified by the spread of the IoT environment, the rule of law must be seen as the premise for developing technology, or as a meta-technology, that should guide behavioral technological regulation and not the contrary – often resulting in the violation of rights.

Stefano Rodotà highlights the importance of the law as a regulatory instrument in a context of growing technology considering that if we do not consider the Internet as a “constitutional” space, rich in adequate guarantees, security and control may prevail, as it is threatening to happen in this period. All in all, the logic of the market, that is already imposing rules, would succeed because most of online activity are somehow commercial and the Web is considered to be a great mine of personal data. The persistent need to consider these problems as “constitutional” clearly indicates what paths the law must take if one needs adequate responses to the new shapes technologies are giving to societies (Rodotà, 2003).


The Internet of Things (IoT) becomes more prominent every day. Developed in the context of evolution of digital technologies and being considered by many as a new paradigm (Web 3.0), this new context represents a new and exciting time for both companies and consumers.

In principle, the idea of having interconnected smart devices enabling efficient interaction between machines and humans, helping those in their daily tasks, may seem a uniquely beneficial scenario. Furthermore, if considered individually, the information generated by the devices and online platforms may seem irrelevant and even harmless.

However, when combined, these data can reveal a detailed and individualized consumer profile. This possibility has increasingly attracted the interest of companies seeking through information crossing techniques, get an unprecedented view of their consumers (Ti Rio, 2015).

The data from these various interconnected devices, generated spontaneous and deliberately by users, may pose risks to constitutional rights of users such as privacy and security, exposing them to enhanced risks and losses that they are not yet fully aware.

Adding up to the increased potential for damage and challenges posed by the context of IoT, there is still no satisfactory regulation by the law on personal data protection in Brazil. It is an urgent necessity. Despite being civilly and constitutionally protected values, it is necessary for a specific law to ensure the enforcement of the security and privacy of users in this techno-regulated scenario from a meta-technology perspective of the law.

The rule of law has an important role to play in the consolidation of constitutional rights in the connected public sphere. Without legal and binding obligations to review private companies’ practices such as unconstitutional algorithmic filtering, uninformed content removal or treatment and sharing of personal data beyond the object of a certain service, these practices tend to increase even more with the enlargement of the Internet of Things. The challenge is to observe and analyze these practices and measure their importance and risks while seeking to guide technology through efficient legal regulation, preserving autonomy, privacy, freedom of expression and users’ safety.

In the words of Paul Ohm: “Regulators must respond rapidly and forcefully to this disruptive technological shift, to restore balance to the law and protect all of us from imminent, significant harm (Ohm, 2010).”

On the other hand, the users voluntarily provide their data online, feeding databases with a huge amount of personal information, without worrying about how operators oversee and treat their information. Therefore, it is essential that consumers be well aware of these risks and be even more careful with their data in an Internet of Things environment.

No one knows for sure how the Internet of Things will affect our lives in the future. Integrated, related, targeted and combined data collected from smart devices, providing numerous opportunities for analysis of this information and converting each information in a relevant information to be combined and analyzed. Whether or not, the way we interact with machines and algorithms tends to be more and more intense. In this context Internet of Things, governance and data security will be key. Businesses and consumers should weigh benefits and risks cautiously. Moreover, the law should be aware of its role in this context aiming to, on one side, not excessively hamper the economic and technological development in progress, and, on the other, regulate effectively these practices in order to curb abuses and protect the existing constitutional rights.


Almeida, V. A. F., Doneda, D., & Monteiro, M. (2015). Governance Challenges for the Internet of Things. IEEE Internet Computing, 19(4), 56–59.

Ashton, K. (2009). That “Internet of Things” Thing. RFID Journal. Retrieved from

Barker, C. (2014, November 11). 25 billion connected devices by 2020 to build the Internet of Things. Retrieved March 16, 2016, from

Benkler, Y. (2006). The Wealth of Networks: how social production transform markets and freedom. New Haven: Yale University Press.

Big Think. (2012). Web 3.0. YouTube Video. Retrieved from

Bingham, T. (2010). The Rule of Law. Penguin Books.

Castells, M. (1999). A Sociedade em Rede – A Era da Informação: Economia, Sociedade e Cultura. (Vol. 1). São Paulo: Paz e Terra.

Computer Science Zone. (2015). Security and the Internet of Things. Retrieved March 16, 2016, from

Democratize. (2016, February 12). Samsung alerta clientes para não discutir informações pessoais na frente de smart TV’s. Retrieved May 14, 2017, from

Evangelista, R. (2015, June 3). Na era da Discriminação Digital. Retrieved May 14, 2017, from

Faria, C. F. S. de. (2012). O parlamento aberto na era da internet: pode o povo colaborar com o Legislativo na elaboração das leis? Brasília: Centro de Documentação e Informação, Edições Câmara.

Faria, C. F. S. de. (2012). O parlamento aberto na era da internet : pode o povo colaborar com o Legislativo na elaboração da leis? Câmara dos Deputados, Edições Câmara. Retrieved from

Federal Trade Commission. (2015). Internet of Things: Privacy & Security in a Connected World. Uxbridge, England.

Federal Trade Commission. (2015). Internet of Things: Privacy & Security in a Connected World. Uxbridge, England.

Federal Trade Commission. (2015). Internet of Things: Privacy & Security in a Connected World. Uxbridge, England.

Floridi, L. (2015). Toleration and the Design of Norms. Science and Engineering Ethics, 21(5), 1095–1123.

Fung, A. (2003). Deepening Democracy: Institutional Innovations in Empowered Participatory Governance: Deepening Democracy – Institutional Innovations in Empowered Participatory Governance v. 4. London: Verso.

Google Support. (2017). Como funciona o Content ID – Ajuda do YouTube. Retrieved May 14, 2017, from

Hartmann, I. (2015). A auto regulação pelo código: características, impacto e limites de um novo modelo. Rio de Janeiro: Malheiros.

International Telecommunication Union. (2015, July). Internet of Things Global Standards Initiative. Retrieved March 16, 2016, from

Kravets, D. (2015, January 13). Internet of Things: There’s now a US congressional committee for that. Retrieved May 13, 2017, from

Kravets, D. (2015, January 13). Internet of Things: There’s now a US congressional committee for that. Retrieved May 13, 2017, from

Lessig, L. (1999). Code and other laws of cyberspace. New York: Basic Books.

Lessig, L. (2000, January 1). Code Is Law. Retrieved May 13, 2017, from

Lessig, L. (2004). Free Culture: The Nature and Future of Creativity (Reprint edition). New York, NY: Penguin Books.

Lessig, L., & Lessig, L. (2006). Code (Version 2.0). New York: Basic Books.

MCTI. (2012, March 29). Programa Nacional de Banda Larga (PNBL) – Início. Retrieved May 13, 2017, from

Ministério da Cultura. (2015, April 17). Ministro Juca Ferreira concede entrevista coletiva sobre medidas legais contra Facebook – Notícias Destaques. Retrieved May 14, 2017, from (2014, July 16). – Núcleo de Informação e Coordenação do Ponto BR. Retrieved March 16, 2016, from

Nike Running. (2012, June 26). The New Nike+ Running App [YouTube Video]. Retrieved March 16, 2016, from

O’reilly net. (2004). Web 2.0 Conference. Retrieved May 12, 2017, from

Ohm, P. (2010). Broken promises of privacy: Responding to the surprising failure of anonymization. UCLA Law Review, 57, 1701–1777.

Pagallo, U. (2012). Cracking down on autonomy: three challenges to design in IT Law. Ethics and Information Technology, 14(4), 319–328.

Pagallo, U. (2013). The Laws of Robots Crimes, Contracts, and Torts. Dordrecht  Netherlands: Springer. Retrieved from

Pagallo, U. (2015). On the legal implications of regulation by technology: of law and things.

Pagallo, U., & Durante, M. (2016). The Pros and Cons of Legal Automation and its Governance. European Journal of Risk Regulation, 7(02), 323–334.

Pagallo, U., & Durante, M. (2016). The Pros and Cons of Legal Automation and its Governance. European Journal of Risk Regulation, 7(02), 323–334.

Pariser, E. (2011). The filter bubble: what the Internet is hiding from you. London; New York: Viking/Penguin Press.

Pontin, J. (2005, September 29). ETC: Bill Joy’s Six Webs. Retrieved May 12, 2017, from

Ray, K. (2010, May 6). Web 3.0 [Vimeo Video File]. Retrieved March 16, 2016, from

Rodotà, S. (2003). Palestra no Rio de Janeiro. Brasile. Retrieved from

Rodotà, S. (2015). Assim o humano pode se defender do pós-humano. (D. Doneda, Trans.).

Rousseff, D., Cardozo, J. E., Belchior, M., Silva, P. B., & Diniz, C. C. Estabelece princípios, garantias, direitos e deveres para o uso da Internet no Brasil, Pub. L. No. 12.965, § Art. 7, Dos Direitos e Garantias dos Usuários (2014). Retrieved from

Santucci, G. (2010). The internet of things: Between the revolution of the internet and the metamorphosis of objects. Vision and Challenges for Realising the Internet of Things, 11–24.

Solove, D. J. (2006). A taxonomy of privacy. University of Pennsylvania Law Review, 477–564.

Ti Rio. (2015, July 2). Porque a internet das coisas implica em gerenciar contextos e nao dados. Retrieved May 14, 2017, from

United Nations Security Council. (2004). The rule of law and transitional justice in conflict and post-conflict societies (No. S/2004/616). Geneva: United Nations. Retrieved from

Wikipedia. (2016, February 19). Tecno brega. In Wikipedia. Wikipedia. Retrieved from

Wikipedia. (2017, April 25). Funk carioca. In Wikipedia. Retrieved from

  1. The expression “code design” here refers to the architecture of technology encompassing not only software though algorithmic design but also hardware architecture, as stated by Lawrence Lessig. “This regulator is code–the software and hardware that make cyberspace as it is. This code, or architecture, sets the terms on which life in cyberspace is experienced” (Lessig, 2000).
  2. Techno-regulation is the intentional influencing of human behavior through the implementation of values, norms and rules in technological devices.
  3. With some differences, varying according to their own conceptions of what would be the Internet and its focus of research, the so-called cyber-skeptics share common concerns. Andrew Keen; Nick Carr; Cass Sunstein; Richard Wurman; Mark Bauerlein; Steve Talbott; Jaron Lanier; Matthew Hindman; Sherry Turkle; Evgeny Morozov; Eli Pariser e Tim Wu are names that, at some point, have been or are associated with this current, each with its own vision, with skeptical doses for specific aspects or reticent about the democratic potential of the Internet. Eli Pariser, analyzes the democratic loss generated by the invisible filter that puts us in a bubble where everything pleases, everything makes sense and everything is in line with our visions and realities. These mechanisms, increasingly sophisticated, impressive in showing, most of the time, agreeable information, depriving us of dissonant voices. (PARISER, 2011)
  4. The project bill of “Marco Civil da Internet” was set in a context in which Brazilian representatives, academics and civil society organizations have worked together to bring more legitimacy and participation in the process of creating laws through the use of Internet platforms. The draft represented a commendable state initiative to expand the debate and communication skills in the preparation of rules. The online public consultation promoted by the Government, incremented the debate in the public sphere opening channels for discussing the content and procedures of the rules aiming a greater acceptance of the law. However it is important also to see beyond the process` merits. This deliberative process, despite being commendable and novel in Brazil, also experienced limitations to its potential, for instance, not all expressions were contemplated due to challenges such as lack of Internet access, the effects of technicalization of debate and the strong lobby imposed by some private sectors. Nevertheless, considering that it was the first experience of legislative online consultation in Brazil, it has already been a good advancement. But it is important that in the next similar processes both civil society and government try to correct these flaws and make viable all possible resources for digital inclusion and capacitate citizens for the debate, expanding the capacity to absorb the expression of all possible affected by the rule.
  5. The expression “code design” here refers to the architecture of technology encompassing not only software though algorithmic design but also hardware architecture, as stated by Lawrence Lessig. “This regulator is code–the software and hardware that make cyberspace as it is. This code, or architecture, sets the terms on which life in cyberspace is experienced.” LESSIG, L. Code Is Law: On Liberty in Cyberspace. (2000). Available from
  6. The critics to algorithmic architecture in this paper can also be expanded to hardware architecture.
  7. Former President of the USA Barack Obama recently shed light on the filter bubble effect as a democratic issue on his farewell speech (Midia Research, 2017).
  8. Recommendations on Terms of Service and Human Rights for the Dynamic Coalition on Platform Responsibility working group of the Internet Governance Forum. (Report to be divulged in 2016).
Recommended Posts

Leave a Comment

Contact Us

Please use the form below to send us an e-mail, we will respond to all e-mails as soon as possible.


Start typing and press Enter to search