Data protection regulators from around the world have agreed that data generated by devices in the “Internet of Things” (IoT) should be treated as personal data. Agreement was reached at an International Privacy Conference held in Mauritius the week of 20 October and a declaration published. Although the declaration is non-binding it is likely to be followed by those data protection regulators signing up to it, meaning that businesses with involvement in the IoT should be prepared to process data generated in line with their own national data protection laws.

Mauritius declaration – October 2014