IoT & Connected objects 

From smart homes to smart cars, smart cities, smart energy systems, smart grids, smart agriculture, connected health ... the areas to which the Internet of Things (IoT) and connected objects can apply are constantly growing, heralding a third Internet revolution, partly linked to the increase in the volumes of data put online and Big Data. By 2020, it is estimated that the number of connected objects will range between 20 and 50 billion.

If the deployment of the Internet of Things raises many questions related to its practical and industrial applications (5G initiatives in Europe and the United States, use of the cloud, network management costs, implementation of complex value chains and involving numerous stakeholders, building technical standards, and so on), it also poses legal challenges. Indeed, the trust placed in these connected objects is one of the main issues on which their success and widespread use depend, and that trust also depends on the regulations that are applicable to them.


The current legal challenges involved, however, are particularly numerous:

  • The lack of specific legislation at the European level and the diversity of the applicable rules (consumer law, personal data law, criminal law, commercial law, etc..);

  • Lack of control such as the asymmetric nature of information flows;

  • The quality of the user's or consumer's consent and how they may exercise their rights;

  • The potential uses of the "raw" data transmitted and their use for purposes unrelated to their initial collection, the risk being the widespread misappropriation of their purposes;

  • The difficulty of regulating new uses (from connected vehicles to emotional artificial intelligence);

  • The risks of profiling and monitoring privacy, with the proliferation of sensors...

Because the Internet of Things is directly related to personal data law, DEROULEZ AVOCAT has the unique ability to provide clients with its recognized expertise and long-standing experience to help them implement their IoT projects.

This is because the development of the Internet of Things requires a consistent approach to personal data protection given the sheer volume and flow of personal data to manage, process and retain. The conditions in which these data are used, exploited and stored are far from being neutral. Issues such as the security of the data, how they are controlled, the terms of consent for their use, the protection of privacy with respect to connected objects related to health for example, or the risks of profiling, will be particularly sensitive.

As such, DEROULEZ AVOCAT provides the following services:

  • Legal and strategic monitoring of the regulations applicable to the Internet of Things in Paris and Brussels;

  • Follow-up of legislative, regulatory and normative projects, particularly at European Union level;

  • Introduction to the legal issues relating to connected objects;

  • GDPR compliance of IoT projects (audit, risk studies for privacy, data security, collection of personal data, formalization of consent, documentation on Information Technology and Civil Liberties);

  • Support in ensuring the GDPR compliance of connected objects (DPO, impact studies, exercising the rights of individuals, register of processing operations, etc.);

  • Installation of privacy-by-design connected objects;

  • Contact with the competent inspection authorities (French Data Protection Authority (CNIL));

  • Private international law, business contracts and connected objects;

  • Connected objects and criminal risk;

The firm also supports its clients in all the cross-cutting aspects of their connected objects projects, as both counsel and in claims.

Our latest publications on IoT law and connected objects 


jd (1).jpg

DEROULEZ AVOCAT was created by Jérôme Deroulez, a Lawyer at the Paris and Brussels Bars.

A former magistrate, Jérôme Deroulez has also served as an investigative judge. He was then in charge of European and international negotiations for the French Ministry of Justice. Counsel for the Permanent Representation of France in Brussels from 2009 to 2013, Jérôme Deroulez participated in the negotiations of European texts and international agreements in the field of personal data protection, private international law and judicial cooperation in penal matters. He has also acquired detailed knowledge of the French public administration.

Jérôme Deroulez has developed specific expertise in personal data law in France and Europe backed by his experience and practice. He accompanies clients in their compliance and data issues every day.

Jérôme Deroulez is a member of the Brussels and Paris Bar Legal Tech Incubators. He is also particularly involved in the Privacy Tech for which he is the general delegate. He is also a member of the French association of Data Protection Officers (AFCDP), the French Professional Group for BtoB Information and Knowledge (GFII) and the European Alliance for Artificial Intelligence (European Commission).


Practical information

Deroulez Avocat
26, avenue de la Grande Armée
75017 Paris
Tél : 01 85 08 54 76

20171014-Nicolas Broquedis-170.jpg