The Ideal Model of Personal Data Protection Legislation in the Context of the Internet of Things in the Light of Comparative Studies

Document Type : Research Article


1 Assistant Professor of Public Law, National Research Institute for Science Policy, Tehran, Iran

2 Master of Private Law, University of Shiraz, Shiraz, Iran


The Internet of Things as a new generation of connection and communication between intelligent objects through Internet is a concept that has recently entered the country's governance literature. Due to the possibility of identification and access to personal information through the analysis and combination of collected data, effective protection of personal data has been proposed as a must in the context of this technology. Iran's legal system lacks a law that is dedicated to the protection of citizens' personal data, only in the resolution of the Supreme Council of Cyberspace dated 2018-10-22, the requirements governing the Internet of Things in the National Information Network have been discussed. Based on the teachings of comparative law, we can benefit from the experiences of other systems to overcome similar challenges. Based on the descriptive analytical method, the current research has extracted the legislative patterns in the discussed field by examining all the laws and regulations of the legal systems of the European Union, the People's Republic of China, and the United States of America and answered the question of which type of legislative model is desirable for the legal system. It seems that among the proposed approaches, a combination of a comprehensive model and self-regulation with a broad definition of personal data can be a suitable option for drafting the law.


  1. Aghdasi, F & Mohaghegh Damad, MS. (2021). Legal Aspects of Internet of Things Privacy. Interdisciplinary Legal Research, 2 (2): 49-67. [in Persian]
  2. Allison, S. (2009), “the Concept of Personal Data Under the Data Protection Regime”. Edinburgh Student Law Review 1: 48–65.
  3. Ansari, B., & Attar, S. (2022). Data Protection in China; A Comparative Study of the Data Protection Approach in the United States and the European Union. Comparative Law Review, 13(1), 91-113. [in Persian] doi: 10.22059/jcl.2022.333708.634275
  4. Baik, J. (2020). Data privacy against innovation or against discrimination?: The case of the California Consumer Privacy Act (CCPA). Telematics and Informatics, Volume 52. Doi: 1016/j.tele.2020.101431
  5. Benar, M. (2019). Internet of Things: Technologies, Standards and Challenges (Report)". Office of Energy, Industry and Mining Studies of the Research Center of the Islamic Council. [in Persian]
  6. Congressional Research Service. (2019). Data Protection Law: An Overview. 1-75.
  7. European Union Agency for Fundamental Rights and Council of Europe. (2018). Handbook on European data protection law, Luxembourg: Publications Office of the European Union.
  8. Faqihi, M., & Nafei, N. (2015). Internet of Things (Report). New Technologies Studies Office of the Research Center of the Islamic Council. [in Persian]
  9. Federal Trade Commissio. (2015). Internet of Things: Privacy & Security in a Connected World.
  10. Ghanad, F., & Sharif, E. (2021). Comprehensive Study of Personal Data Protection in Iran's Legal System and European General Data Protection Regulations. ModernTechnologies Law, 2(4), 1-22. [in Persian] doi: 10.22133/clj.2021.244608.1020
  11. Ghanad, F., & Aligholi, A. (2020). The Notion and Importance of Personal Data and Privacy and Their Various Protections in Cyber Space. ModernTechnologies Law, 1(1), 297-322. [in Persian] doi: 10.22133/clj.2020.243290.1016
  12. Gubbi, J., Buyya, R., Marusic, S. & Palaniswami, M. (2013). Internet of Things (IoT): A vision, architectural elements, and future directions. Future Generation Computer Systems, 29, 7, pp. 1645–1660. Doi: 1016/j.future.2013.01.010
  13. Haller, S., Karnouskos, S. & Schroth, C. (2008). The Internet of Things in an Enterprise Context. Future Internet - FIS 2008, First Future Internet Symposium, 1-15. Doi: 10.1007/978-3-642-00985-3_2
  15. (2015). Internet of Things/M2M from Research to Standards: The Next Steps.
  16. International Telecommunication Union (ITU) (2012). Overview of the Internet of things.
  17. Kelly, C. (2022). Data Privacy Regulations in the United States, China, and the European Union. Honors College Theses, Georgia Southern University. (756)
  18. Levin, A. & Nicholson, M. (2005). Privacy law in the United States, the EU and Canada: the allure of the middle ground. University of Ottawa Law & Technology Journal, 2, 357-395.
  19. Lombardi, M., Pascale, F. & Santaniello, D. (2021). Internet of Things: A General Overview between Architectures, Protocols and Applications. Information, 12, 2, pp. 1-20. Doi:3390/info12020087
  20. Molnár, P. (2021). Comparison of the new Chinese Personal Data Protection Law (PIPL) with GDPR and CCPA. KRE-Dit Online Tudományos folyóirat, 1-12.
  21. Mousmouti, M. (Jahanshahi, A. & Petoft, A. (trans)). (2022). Designing Effective Legislation, Tehran: Library, Museum and Document Center of IRAN Parliament.
  22. Opinion 8/2014 on the on [sic] Recent Developments on the Internet of Things 2014.
  23. Pernot-Leplay, E. (2020). China's Approach on Data Privacy Law: A Third Way Between the U.S. and the E.U.?. Penn. St. J.L. & Int'l Aff, 49, 49-117.
  24. Pourghahramani, B & Sabernezhad, A. (2014). Privacy in Cyberspace from the Perspective of International Law. Tehran: Majd. [in Persian]
  25. ‫-Raisi, L., & Ghassemzadeh Liyasi, F. (2020). The Challenges of the Iranian Legal System in Violating the Personal Data and Privacy in Cyber Space. The Judiciarys Law Journal, 84(110), 119-142. [in Persian] doi: 10.22106/jlj.2020.88629.2213
  26. Smith, N. (2019). Protecting Consumers in the Age of the Internet of Things. St. JOHN's L. REV, 93, 851-881.
  27. Solove, D. & Hartzog, W. (2013). The FTC And The New Common Law Of Privacy. SSRN Electronic Journal, 114, 583-676. Doi: 2139/ssrn.2312913
  28. Weber, R,. & Weber, R. (2010). Internet of Things: Legal Perspectives, Berlin: Springer.
  29. Weber, R. (2002). Regulatory Models for the Online World, Zurich: Schulthess luristische Medien.
  30. Zareian, D., & vahed, F. (2020). Legal Review of Data Regulatory Rasaneh, 31(1), 47-72. [in Persian]