DATA OWNERSHIP IN IOT DRIVEN URBAN HOMES 

Abstract 

Everyday more people are bringing smart devices into their homes like voice assistants, smart  appliances, connected security cameras etc. The homes where the daily tasks are done by  internet-connected devices are called smart homes. Our lives are becoming more data-driven  than ever before. But the thing is the more connected we are, the less control we seem to have  over the data our homes constantly generate. This paper explores the legal challenges and  questionable area of data ownership in urban, IOT-powered homes. Who really owns this data?  Do we have control over it? And what will happen if that information ends up in the hands of  third parties? Using examples from real life, policy analysis, and user views this research  identifies what’s at stake and what must change.

Keywords : Data ownership, IoT, privacy law, data protection, consumer data, smart homes, 

Introduction 

Smart homes which used to sound fictional aren’t fiction anymore. They are our ‘new-normal’  now. To make life more comfortable and efficient people are using IoT devices frequently. For  your information IoT stands for Internet of things. These are network of connected devices and  things which have sensors and other equipments attached. You can play a song by asking ‘Siri’  which is your virtual assistant or check your home security from far away places on your phone  or turn off the lights from your phone. 

But, have you ever thought; while these devices make life more comfortable, they also lead to  hundreds of questions about privacy. Apart from making our work easier this technology also  raises several ethical questions in different ways. Most people don’t know what happens to the  data that is being generated through the devices on a daily basis. Data security and personal  privacy are the two most important and concerning issues. These loopholes have caught public  attention and have been a topic of discussion in several research papers. Previously, websites and  apps collected data from individuals but now, even smart vehicles and devices can collect data. A  huge amount of sensitive, personal information is collected by sensors from the user’s private space and is transmitted through the Internet. There are times when data is collected without  users’ idea or consent. It can be that users agree to provide data but they may not fully understand  what is being collected or why. Not only are they unaware but also they often lack the freedom to  make their own choices. For e.g. A person needs to accept cookies in order to use the service and  provide data. The big data controllers will easily get to know almost everything related to an  individual’s home which most people wouldn’t want to face. This issue falls under improper  information collection. This research paper is not as straightforward as it should be but it raises a  few valid questions: who owns our data? Can our own data be misused which could eventually  ruin our life? 

Research methodology 

This paper is a qualitative review and secondary research of existing data. It focuses on analysing  and interpreting data and reports which already exist. Real-world examples of cities like Toronto,  Seoul or Mumbai where IoT is being adopted faster. 

Review of literature 

The issue of data ownership has become tremendously complex and a hot topic of debate  especially in the context of smart homes. It might seem straight-forward at first, that the data is  owned by the person who is generating it but the researches already existing reveals that the  ownership right is often unclear and in favour of the corporations. However, despite its concern  regarding privacy the market of IoT driven smart homes is witnessing rapid growth. According to  the reports of Grand view research, smart home appliances such as light systems, CCTV  cameras, voice assistants rely mostly on Wi-Fi connection.¹ Thus, Wi-Fi had accounted for the  largest market revenue share in 2023. North American countries like USA, Canada are on top in  using IoT technologies. Not only Europe but also Asia is witnessing rapid growth in IoT market.  Cities like Tokyo, Seoul, and Mumbai are adapting smart city solutions by using IoT  technologies to improve the quality of their residents’ life. 

According to National Real Estate Development Council, the smart home market in India is  expected to grow by approx. 9.14% from 2024 to 2028.² As AI has made our work easier, India  is also taking part in modernization through IoT technology usage. In cities like Mumbai IoT  adoption is rising but most residents are unaware of where their data is going once collected.  ‘The Home Digital Twins’ is changing the entire process of how a home is controlled. It is  entirely controlled by IoT starting from lighting systems to climate control to security systems.  Several appliances such as smart refrigerator, smart television, and security cameras all work  together as a single unit with the help of one connection under one roof. These devices not only  know how to follow orders and take instructions from the users but also know how to store data  and adapt the behaviours and predict what the user might need : Sounds scary and creepy! 

Scholar Nadezhda Purtova in her research paper on property rights in personal data argues that  the current developments in in data processing technology have destroyed the concept of  personal data.³ What is personal data depends according to the need of the applications. Anything  and everything can become personal data. In the contemporary times data is considered as a  required resource for economic advancement. Without data there will be no production,  management and even governance. The AI algorithm feeds on this data to understand patterns of  human behaviour. She states that in U.S.A the thought of introducing property rights in personal  data to protect data have emerged back in the 1970s. It can be argued that property rights are a  suitable legal instrument to fulfil the goal of having control over one’s own personal data against  the whole world. Shoshana Zuboff in an interview talks about her book ‘The Age of Surveillance  Capitalism: The Fight for a Human Future at the New Frontier of Power’.⁴It has described how  tech companies such as Google, Facebook convince us to give up our privacy for ‘convenience.’  Have you ever wondered how Instagram never fails to show you reels based off your preference?  It is a good example of how they track our actions and build an algorithm to personalise our experience. They want to know how we behave so that they can intercede in our behaviour.  Shoshana boldly claims that ‘if you have nothing to hide then you are nothing.’ It began as an  advertisement but now it is gradually becoming like a threat to democracy as per the author.  Humans use words like privacy laws, rights, identity, and ownership however, when it comes to  smart home appliances which exploit exactly these terms to collect data and in return make our  work easier they want nothing but to get things done easily. Humans love things that are easily  obtained without much effort as it sounds more appealing. Even though this research paper  focuses more on the cons of IoT driven smart homes, the pros can hardly be ignored.

Journal of Computing and Biomedical Informatics in their research article ‘Integrating IoT and  Machine Learning to Provide Intelligent Security in Smart Homes’ say that there are several  benefits of IoT based smart homes⁵, which include:

1. By learning human behaviour and tracing their activities, smart homes can automatically perform certain activities like turning on the lights or closing or opening the doors, adjusting the temperature of the air conditioner and so on as per the routine of the users.  There are devices that can detect serious problems like gas leaks or electrical issues.  There are health care devices which make the user conscious regarding any health  emergency or abnormality. We are almost in the verge of living in a complete smart  world. 
2. With the help of AI smart homes can track the security of the homes, identify danger and immediately let the home owner know. They use sensor to detect any sort of abnormalities by differentiating between the normal physical movement and suspicious  movements. This is how they can enable alarm systems, or take certain measures to  protect the house when the owner’s not at home or even when at home. These Internet of  Things devices generate an immense amount of sensor data which enables risk prediction  and anomaly detection. The IoT sensors continuously collect data from around the  environment of the house and pick the behaviours and activities of the user which act as 

The Real Problems

Here the researcher will do an analysis of the real problems. Undoubtedly IoT incorporation has  improved the quality of living in smart homes but it has also brought numerous risks about  privacy and security. It is very much important to discuss about the ethical and legal challenges  as it is a need of the hour. 

Cyber-security risks: One of the biggest problems of IoT driven smart homes can be cyber security risks. The devices can be hacked which can lead to dangerous damages such as sending  harmful commands to devices as it will affect the daily lives of the users. Hackers can use smart  home devices for stealing data or hijacking devices. Viruses and malwares as such can also affect  the function of the appliances. There is also a high chance of possible misuse of the private  information collected by a third-party which raises worries about the safety of the users.  Financial fraud can also be a type of harm that can be caused by stealing identity. Hackers can  disrupt regular services like lighting, security or health checking monitors. A real life example  includes The Mirai Botnet Attack: By exploiting IoT devices, the criminal deactivated websites  like Netflix, Twitter.⁶

Inexplicit data ownership: People think that if they are using the devices at their own homes,  the data owner is clearly themselves. But, if you have ever closely read the user agreements of  Amazon Alexa or Xiomi,⁷⁸ you will see clearly how they have mentioned about providing some  of your personal data to third parties in the course of receiving technical or any other support  from them. Companies like these acknowledge the fact that there are limitations in guaranteeing absolute security. Device manufacturers might claim rights in your data, use them and sell it.  This is a possibility that we are talking about. It is very important to read the terms and  conditions thoroughly before installing any kind of smart home devices and facilities. Due to the  rapid changes and developments in technology, law generally falls behind and is unable to catch  up with technology and frame legislations around consent , private rights and liability. 

Privacy issues: Smart homes are always watching, listening, keeping an eye on you and your  actions. That might be very useful for better functioning of the devices but deep down they are  not only helping you but also analysing your daily habits such as when you sleep, what you  watch, what kind of temperature do you prefer which might be shared with third parties without  your knowledge. Some of these data are so sensitive that users need to protect these from  leaking. IoT connections are also subject to Man-in-the-Middle (MITM) attacks which can easily  hamper private data and footages. Even though there are benefits, some consumers feel that the  risk is too high to justify the benefits. This is what makes IoT technology usage complex and full  of doubts.⁹

Difficult installation process: Many people may find installing smart home devices to be  difficult and time-consuming. Also, deleting data might feel like a tough job. Sometimes, some  brands make it difficult for a person to change their devices to some other brands as they aren’t  able to function directly with the consumer without using third party advertisers to fill the gap  between them.

AI driven decision making: Most smart homes depend on AI for decision making , so the fear  that what if AI fails to identify abnormal movements in the house or a security breach or even  give wrong predictions remain. Who will take the blame for the damage that might be caused?  Users often lose their ability to think critically due to over dependence on automatic decisions  without determining the fact whether the decision taken was right in the first place. If a user does  not know how to do their task manually and there is a failure or breakdown in the IoT device  system, they might become helpless. 

Laws related to IoT

With the rapid expansion of IoT technology, several legislations have been passed regarding  cyber-security and advancement of the technology in U.K., U.SA, E.U, so on. 

Region: E.U. The General Data Protection Regulation.¹⁰ It is a legally binded act that applies to  all the member states of E.U. Its main focus is to protect and secure the personal data of the  individuals. Organizations should implement proper technical and organizational measures to  ensure the security of personal data. It has a global impact as it ensures fairness and transparency  in processing personal data which also allows individuals to have right in handling their own  data(even the right to erase data) in a stable and secured manner. The data collected must only be  used for the purpose of the consumer and not otherwise. For e.g. Fitness trackers collect data  regarding health and biological needs which falls under GDPR’s definition of private  information. Through GDPR the individuals are assured that they can trust the digital  environment.

Region: U.S.A. The Cyber Trust Mark.¹¹ The FCC developed a voluntary cyber-security  labelling program for wireless IoT products used by the consumers that relies on public-private  cooperation to improve IoT cyber-security. The California Consumer Privacy Act(CCPA) has  also attempted to fix the problem of data ownership.¹²

Region: California legislature passed a new IoT security law in 2018 that became effective on  January 2020.¹³ This was the first IoT- specific law in the country which aimed to have  reasonable security features in IoT devices sold in California. 

Region: India. The Right to Privacy is a fundamental right in India which also includes collection  of data within the homes by IoT devices. Other than this, even though India is a developing  country, Digital Personal Data Protection Act, 2023(DPDP)¹⁴ is a crucial piece of legislation for  safeguarding personal data processed through IoT devices in urban homes. 

Even though there are cons of these legislations, these laws ensure rigid penalties for not  complying which forces companies to work honestly and ethically.

Suggestions

This research focuses on smart homes for the reason that this is an increasingly prominent sector  where numerous legal problems appear. A huge number of people including vulnerable people  will be using smart home devices for different purposes such as health check-up , or smart  refrigerator or for entertainment. Hence, as the number of installing smart home appliances will  increase the security issues will most probably increase as well. This is why the researcher will  now suggest a few steps that can be taken:

1. The users must be given education about IoT driven urban homes as by the passing of time most of the cities will turn into smart cities with people living in smart homes using smart devices for the daily, very basic tasks. They need to understand the data processing  practices in a better way so that they do not just blankly agree to the terms and conditions  or get exploited by the manufacturers. They must develop the ability to raise ethical  questions when in doubt or required. This is why digital literacy is important. 
2. Block chain can be used for tracking personal data and having control over who can have access to our own data. It can make sure that individuals can claim their ownership over time. It can also secure data transaction.
3. The Government must fine companies if they do not provide transparent, clear data policies. Strategies must be developed to call out the legal and moral challenges which can eventually preserve the future of these technologies by giving assurance that they are  safe to use in everyday life. 
4. The terms and agreements are sometimes so long and complex to read that users might not just have the interest to read or some aren’t just capable of reading. The companies can use their social media to expose parts of their working and assure the consumers of  the privacy policies from time to time by making reels or posts. People must be made aware and provided with the knowledge of where the data given by them is going, how it  will be used and what are the ways in which they can both enjoy the facilities of this  technology as well protect their personal space.

5. The companies must build features which let users see, delete, download or shift their data easily. They must not collect data which they do not need. They need to build the trust and confidence in the users. 
6. Data and identity theft chances can be minimised by encrypting all data, and conducting frequent checks to identify threats and weaknesses in the system.

Conclusion

Frankly, the current data ownership model benefits the corporations more than the users. But,  this doesn’t need to remain the same, this can and must change. The global regulatory  frameworks such as GDPR, DPDP, and CCPA are big initiatives collaboratively taken by the  policy-makers to provide guidance and make people aware of the importance of privacy laws and  data ownership all across the globe. These will not only help the common people know the  decisions taken by the policy-makers but also help the organisations adjust their practices  according to the ever-changing legal prospects. The functioning of the IoT technologies must be  made completely transparent so that more number of people can without any doubt switch from  normal homes to IoT-driven smart homes. This research paper demands IoT systems to not work  irresponsibly by costing the users their rights and benefits. If these ethical and legal loopholes are  addressed and fixed then IoT driven smart homes will provide excellent ecosystem. The users  must conduct routine security check-ups. Advanced encryption techniques must be adopted and  the users must be allowed to customize the data as per need. It is important for both the policy  makers as well as the corporations to settle the legal and ethical issues. The consumers must  cooperate for making IoT driven urban homes successfully work so that more people can utilize  this technology to make their lives more comfortable. The liability which stands as a big  question: for e.g. A device fails to function and causes significant property damage: who is to be  blamed? The manufacturer can be held accountable for device failure or the cloud platform  which is hosting data can be liable for cyber-security issues or the user who hasn’t updated  software or followed certain security rules.¹⁵

Reference(S):

¹ Grand View Research, Internet of Things (IoT) Market Size and Share Report 2030, GRAND VIEW RESEARCH  (2024), https://www.grandviewresearch.com/industry-analysis/iot-market.

² National Real Estate Development Council, India’s Smart Homes Market to Grow by 9.14% by 2028; Green  Buildings Market to Reach $39 Billion by 2025, https://naredco.in/indias-smart-homes-market-grow-914-2028- green-buildings-market-reach-39-bn-2025-naredco-resurgent (last visited June 20, 2025).

³ Nadezhda Purtova, Property Rights in Personal Data: A European Perspective (Kluwer Law International 2012).

⁴ SHOSHANNA ZUBOFF, Surveillance Capitalism is an Assault of Autonomy, THE GUARDIAN, (Oct.4, 2019,  11:00 BST), https://www.theguardian.com/books/2019/oct/04/shoshana-zuboff-surveillance-capitalism-assault human-automomy-digital-privacy .

⁵ Saira Batool, Muhammad Kamran Abid, Muhammad Asjad Salahuddin, Yasir Aziz, Ahmad Naeem and Naeem  Aslam,“Integrating IoT and Machine Learning to Provide Intelligent Security in Smart Homes”, Vol. 7 No. 01,  Journal of Computing & Biomedical Informatics, pp. 1- 4, 2024, https://jcbi.org/index.php/Main/article/view/476 .‘eyes and ears’ of the home to protect their master. However, the question still remains  the same: Who’s the real master here? 

⁶ U.S. Dep’t of Homeland Sec., Alert (TA16-288A): Heightened DDoS Threat Posed by Mirai and Other Botnets (Oct. 14, 2016), https://www.cisa.gov/news-events/alerts/2016/10/14/alert-ta16-288a heightened-ddos-threat-posed-mirai-and-other-botnets.

⁷ See Xiaomi Privacy Policy § 4.1.4 https://www.mi.com/global/about/privacy/.

⁸ See Alexa Full Privacy Report 3.2, https://privacy.commonsense.org/privacy-report/Amazon-Alexa.

⁹ U.S. Dep’t of Homeland Sec., Alert (TA18-276B): Securing Internet of Things (IoT) (Oct. 3, 2018),  https://www.cisa.gov/news-events/alerts/2018/10/03/securing-internet-things-iot.

¹⁰ European Union: General Data Protection Regulation (GDPR), Regulation (EU) 2016/679, 2016 O.J. (L 119) 1.

¹¹ U.S. Fed. Commc’ns Comm’n, U.S. Cyber Trust Mark Program for Consumer IoT Products (2023),  https://www.fcc.gov/IoT-labeling.

¹² California Consumer Privacy Act of 2018, Cal. Civ. Code §§ 1798.100–1798.199 (West 2023).

¹³ Cal. Civ. Code §§ 1798.91.04–.06 (West 2020) (California Internet of Things (IoT) Security Law).

¹⁴ The Digital Personal Data Protection Act, No. 22 of 2023, Acts of Parliament, 2023 (India).

¹⁵ D. Dhinakaran et al., Ethical and Legal Challenges with IoT in Home Digital Twins, 14 METHODSX 103409  (2025).