Question 1

Many IOT devices like sensors lack screen displays or input devices, thus making them hard to meet the
consent conditions that GDPR requires. This is acting as a legal barrier for further advancement in the
corresponding business field. (Kim, 2019)

Answer the following question based on the above statement.

Critically discuss the legal issues when collecting personal data in IOT devices. Provide descriptive
answer with examples with relevant articles and sections from GDPR [50 Marks]

1.1. IOT

Internet of Things is a interconnected devices which can be computing, mechanical, digital,

objects, humans or animals that has a unique identifiers and it can transfer data over the network
without a need of human to compute or human to human interaction. IoT systems consists smart
devices that are wen enabled such as communication hardware, processors, sensors to send,
collect and response to the data they collect from the environment. The data gathered from the
sensors will be send through a IoT gateway to cloud to analyze. IOT devices have the capability
of communicating between another IOT device (nyfa.edu,2022).

Figure 1
1.2. Benefits of IOT

1. Cost reduction
The main benefits of using IoT is it reduces the maintenance costs because it mainly relies on
sensors. These sensing devices can work without any human interaction.

2. Efficiency & productivity

The IoT devices can increase company efficiency by easier the tasks and cut down time consume
for the specific task.

3. Business opportunities
IoT has advanced analytics which can help in making strategic decision-making process. It
increases the opportunities by managing and producing revenue using digital services.

4. Customer experience
Most of the customers like new features implemented and how easier their tasks are handled. IoT
provides the best customer experience by handling customer’s queries on a trending way which
can save their time.

1.3. GDPR

The General Data Protection Regulation is a security and the privacy law which is in presence. It
was created by European union. It has the obligations applying to organizations where they
collect data from people in EU. This regulation was effective from 25 th of May 2018. The GDPR
has heavy fines against anyone who violate security standards and privacy with millions of
euros.

1.4. Consent condition that GDPR require

There are 5 conditions that GDPR requires. They are as follows.

Design considerations
In the IoT design stage, the privacy and data protection factors should be addressed perfectly.
The design principle will be the basic privacy implementation. The developers are instructed to
create proper technical thresholds measures that can protect personal data of people.

Lawful ground for the processing of personal data

The consent is one of the main aspects of ground for the processing. An explicit consent is
needed where thy have serious data protection risks and where number of individuals controls
over more personal data. It was already initiated by working party 29. The GDPR always force
companies to handover IoT devices with a consent, where inactivity is not considered as a
consent applicable for collecting personal data.

Processing personal data of minors

The use of IoT devices is not applicable only for majors over the age of 18. Children under 18
can use those devices over a consent of the national data protection act depending on their
requirements.

Data Protection Impact Assessment

Every IoT projects need to initiate a Data Protection Impact Assessment. This requirement is not
established from the data protection regulation, but it was followed from the Article 35. It
mentions the DPIA is most important factor where personal data is collected and processed
where it has the high risk of rights and freedoms of people.

Personal data breach

In the Article 34 in GDPR, it was mentioned that if any personal data breach has occurred, the
communication should be made to the subject without any delay.
1.5. Legal issues in collecting personal data in IOT devices

Data security is the most important factor when considering IoT devices. This relies on how
much data that can be collected. The security risk is higher where every IoT devices
communicate with each other over the internet. There is a possibility of a middle man between
these devices. As an example, in the mid of 2020, the government has initiated smart electric
meter project for al the houses and the companies. Over 53 million of meters has been installed
to join the main grid connected through IoT devices. This enables in increase of the personal data
collection where it is a possible threat for a data breach or a failure in the security measure.

Some IoT devices doesn’t have auto update feature where security patches are applied. This can
be a open entrance for hackers. Another concern is most of the users don’t change the default
password that comes with the devices itself. The organizations inform all the users to update the
default password for a security reasons.

Another issue is data sovereignty. The laws of the country will be applied for the digital data that
is stored on the same country. The data from an IoT device stored in the cloud and less
possibility in understanding which country the data is stored. For example, US have their own
data protection laws and regulations. The IoT devices producers need to decide where their IoT
collected data should be stored. The local rules and regulations will be applied to that once it
stored.

Another issue is Liability of the product. The impact of an IoT device is it control daily lives of
the people. In the other side, we have to think of what happens if the device is malfunctioned.
For an example, smart cars are one of the greatest invention of people. These cars can be drive
without the need of a driver. There was a incident reported in US, where a particular car
manufacturer has implemented autonomous car and tested with a person with the driver’s own
risk. Unfortunately, the IoT device was failed and crashed. Later the car manufacturer stated that
the IoT implementation is still in the testing phase and the driver need to take the responsibility
as its not fully deployed (majortests.com,2022).
1.6. Articles in GDPR relative to Data collection and processing

GDPR Article 32 clearly states that the processors and the controllers used in the IoT devices
must have privacy mechanism like anonymization and pseudo anonymization. These
mechanisms work as de-linker some personal information from data. Hash is one of the
examples for anonymization and Tokenization is one of the examples for pseudo-anonymization.
In Article 32 it also stated that the encryption should be used for data storing where it enables
CIA. GDPR Article 5 clearly stated that the personal data collected should have a legitimate
purpose and if the data is collected incompatible with the purpose it will an offence. In GDPR
Article 30 states that the organizations need to keep written record of the data processing
mechanism (gdpr-info.eu,2022).
Question 3

Video games are part of a powerful cultural industry that influences many people; therefore,
educators and society cannot ignore that video games are here to stay. Professors should educate
future developers to create games that entertain their audience and are socially responsible.
(Polack-Wahl, 2007)

Answer the following question based on the above statement.

Critically discuss the professional and ethical issues related to “Computer Games”. Discussion
should provide by considering professional code of conducts and ethical theories

3.1. Video game

A video game is an electronic program that enables user interactions with input devices like
joystick, keyboard and mouses and output devices like monitors and speakers to generate visual
movements. These computer games influence people in various ways. Below are them.

 Problem solving – When people play games such as angry birds, they will gain creative ideas
and strategies to win the game. This drastically improve brain power.
 Hand and Eye coordination – Games improve hand movement skills. When people play
shooting games, there is a character who is running and shooting. In this case the character
needs to be controlled by hand and eyes by controlling the speed by hand and finding out the
enemy through eyes to shoot. This will combine together while playing.
 Planning skills - Video games improve planning and resource handling skills. Because in a
computer game, the Gamer need to manage his resources on playing games until it finishes.
It will be applied to real life as well.
 Multitasking skills – Video games will improve multi-tasking skills. In a game there can be
many objectives that need to achieve in a specific time. To achieve this the gamer need to
 simultaneously control and play shifting variables. This impowers the player to change the
strategy in different time in real life.
 Quick thinking – Video games enables player to quick think and take correct decisions in a
limited time. This boosts up brain.

3.2. Professional code of conducts in video games

Professional code of conduct is a document that elaborates the game participants on the
expectations that game industry needed. It has business values, disciplinary acts and other
responsibilities that are given by the industry. A code of conduct in video games helps in
providing expectations and opportunities about the fun in gaming environment and a best place
for learning. The main purpose of creating the code of conduct is laying out the expectations of
players to create a great gaming culture. These expectations rely on the player’s behaviors
towards others. The parents or guardians need to review the code of conduct to know what is
exactly asked by the program participants. They can contact the staffs if they have any doubts on
the code of conduct. The Esports staffs will review that with their students to make everyone
understand what is included in the guidelines and creating a positive gaming culture. A game of
conduct should be designed with a clear vision, mission and the values. All players and
spectators should be with a good sportsmanship and respect each other in the play. They must
obey staff instructions and regulations. Anyone who break the regulations will be disqualified
from the event.

3.3. Ethical issues related to computer games

The major ethical issue associated with video game is Violence. According to Jummy et Al,
when a person plays a violent video game, I will be directly influences him and reduce self-
control towards him. This will impact the person as well as the society. The video games which
consist of violence will be more harmful than violence in movies.

So, some individuals pay monthly fees for accounts in games like World of Warcraft, which you
may think is OK. However, a lot of obsessive gamers will spend insane sums of money in the
thousands for WoW accounts. Gaming is, after all, a pastime, just like playing a musical
instrument or participating in sports. Despite the fact that users may auction off accounts and
spend outrageous sums of money for other people's virtual things.

The current copyright legislation in the United Kingdom is the Copyright Act. It grants the
authors of literary, theatrical, musical, and creative works the right to determine how their works
are utilized. A corporation named mino is one example of someone attempting to violate this
copyright legislation. Tetris created them in 2012 for the comparable gaming characteristics.
However, due of this legal action, games now feel like they may employ Tetris-like mechanics
while changing the shapes and colors to create their own game.

Piracy is a big problem that affects everything in the media industry. Piracy is defined as the
illicit capture and sale of unauthorized items such as early DVDs and videogames. However,
because the product is frequently filmed using a camcorder, the audio and video quality is low,
and there are usually big giveaways that it was shot in a cinema, such as the audience or camera
moving. Latest games are also been released through DVDs.

Micro transactions are virtual products that may be purchased online through an in-game store;
they can include character improvements, clothes, mounts, and so on. Is it really OK for
someone to spend hundreds of thousands of pounds on virtual objects in a single video game?
Some people may believe so. These minor transactions may not appear to be significant, but we
are now seeing them everywhere, including on Facebook! Farmville, a tiny but popular game
that you may have heard of, offers micro transactions that may be rather expensive.

The loot box, which consists of a random collection of the aforementioned virtual things such as
"skins" (avatar clothing changes), user icons, or power-ups, is another harmful component in
many video games. These objects have no monetary worth and cannot be resold; also, the player
does not truly own these items, since they can be revoked or removed from the user's account in
exceptional situations. Despite these disadvantages, loot boxes remain popular, with total income
from loot box purchases alone predicted to equal roughly $30 billion in 2018. Loot box
implementation by game creators so demonstrates suspect intent. Of course, some gaming firms
say that loot boxes are intended to be a "surprise and delight" feature designed to make games
more pleasurable. Even if game makers did have such goals to entice prospective gambling
addicts, they would not announce them overtly; thus, it is critical to investigate the gambling
concerns that may be related with loot boxes. A dark pattern is one that has a purposefully
deceptive aspect that is not in the best interests of gamers. There is widespread anxiety that
technology and videogames may "manipulate" us into doing something we do not want to do.