shape of a person in front on the sun

Do you have what it takes to be a privacy hero?

Reading time: 5 minutes

Read now

Dear readers, welcome to a quiz format in a class of its own. In the gleaming spotlight of your desktop and before the sparkling eyes of your robot vacuum cleaner, your knowledge will be put through its paces in just a few seconds. The topic: data protection. Don't worry, there's no time limit or know-it-all opponents. You even have the answers to check under each question. The only reason to break a spontaneous sweat is the all-important final result: data protection hero or zero. Who are you? Answer questions 1 to 5 and find out!

What is a "data controller" according to the GDPR?

A "controller" is any natural or legal person, public authority or agency which alone or jointly with others determines the purposes and means of the processing of personal data. Any controller must be able to demonstrate, taking into account the nature, purpose or scope of the data collected, that the processing is carried out in accordance with the GDPR. A processing sometimes means the collection, recording, storage, adaptation or use of information.

What is personal data and when can it be legally processed?

Personal data is all that information which relates to identified or identifiable natural persons. Examples include, but are not limited to, name, date of birth, email and IP address, or video and audio recordings. The processing of personal data is only lawful if at least one of the following conditions is met:

  • The consent of the user is available

  • Processing is necessary for the performance of a contract or legal obligation

  • The processing is necessary for the protection of vital interests

  • Processing is necessary for the performance of a task carried out in the public interest

  • Processing is necessary for the purposes of the legitimate interests of the controller or a third party

Why does the TTDSG play such an important role with regard to smart homes?

The Telecommunications Telemedia Data Protection Act (TTDSG) is the national implementation of the ePrivacy Directive and has been in force since December 1, 2021. Article 25 is entitled "Protection of privacy in terminal equipment" and regulates the storage of and access to information on terminal equipment. The term "terminal equipment" includes all devices that communicate via telecommunications services such as WLAN and LAN, among others. This means that smartphones as well as a smart vacuum cleaner robot or the smart light bulb in the bathroom fall within the scope of this law. Specifically, the storage of information in the end user's terminal equipment or access to information already stored in the terminal equipment is only permitted if the end user has given his/her consent on the basis of clear and comprehensive information. This rule applies regardless of whether this is personal or non-personal data.

Dark patterns are used on online interfaces of platforms and serve to manipulate users. Online interfaces are the point of contact between the operator/provider and the visitors of a website and appear, among other things, in the form of a cookie banner. Dark patterns aim to restrict people's ability to make free and informed choices or decisions. The Digital Services Act explicitly addresses dark patterns for the first time. According to the regulation, online platforms should not be allowed to deceive users through the structure, design or function of an online interface. This includes, among other things, design patterns that favor the provider of an online platform at the expense of the users by misleading them. These design patterns include, among others, selection options that are made more prominent by means of visual, acoustic or other elements and thus influence decision-making behavior.

Consent management platforms enable smart home companies to obtain consent from users, enforce it on their devices, and document it for data protection authorities. Therefore, consent management makes it possible to:

  • to fully exploit the potential of smart home data, because a basis for legally compliant data collection is available.

  • to build up trust and a privacy image and no longer differentiate by price alone.

  • to collect data within a legal framework and avoid fines and injunctions.

Final result

0-1 questions answered correctly = privacy zero
2-3 questions answered correctly = privacy sidekick
4-5 questions answered correctly = privacy hero

Partner & Sales Manager: Alexander Jürgens
Mobile: +43 676 4025255