Regulatory challenges of the General Data Protection Act (LGPD) for the Internet of Things (IoT)

Abstract

In recent years, intelligent objects with detection, processing and communication capabilities have proliferated. The Internet of Things (IoT) connects these objects to the Internet and provides communication between users and devices. IoT promotes innovations that the entire society can benefit from, such as smart cities, healthcare and automation. On the other hand, we need to solve several social, theoretical and practical problems. To address these issues, it is necessary to overcome barriers, such as ensuring data privacy, restrictions on processing capacity, memory and energy consumption of restricted devices, standardization and regulatory challenges. In this article we will address the challenges of IoT information security through the prism of the General Data Protection Act (LGPD), a law that establishes guidelines for the collection, processing and storage of personal data with the aim of protecting the fundamental rights of freedom and privacy of the Brazilian people. Thus, the main aspects of the LGPD and the applicability of the concepts of reliability, integrity and availability in restricted devices will be explored. The formulation and adoption of good practices and governance rules by the controllers and operators of the collected data, as well as the use of gateway in isolated networks for IoT devices and the use of lightweight algorithms to encrypt the stored data, constitute, actually, ways to provide more user data security and LGPD compliance.