IoT/Smart Lighting, News

Euro data laws rewrite rules of IoT lighting

‘There are 99 clauses in the GDPR legislation that we’re affected by,’ says Simon Coombes, chief technology officer of leading IoT lighting specialist Gooee.

EUROPEAN data laws set to come into force this month will slow down the emergence of internet-connected lighting and drive up costs.

The General Data Protection Regulation, or GDPR, is designed to stop privacy breaches such as the recent scandal over the sharing of information between Facebook and Cambridge Analytica.

The law – designed to give control of their personal data to EU citizens – comes into force on Friday 25 May 2018 and organisations infringing it face onerous fines of up to 4 per cent of worldwide turnover or €20 million, whichever is higher.

The European Parliament is behind the new GDPR laws, which are designed to protect the data of 300 million EU citizens. Picture: © European Union 2017 – European Parliament

While it has become an administrative burden for firms which handle the data of European consumers, its effects are particularly pronounced on the emerging Internet of Things industry, including companies developing so-called ‘connected lighting’ technology.

‘There are 99 clauses in the GDPR legislation that we’re affected by,’ says Simon Coombes, chief technology officer of leading IoT lighting specialist Gooee. ‘Now we have to go through every single feature to ensure it doesn’t breach privacy laws.’

He’s currently writing over 40 policy and process documents that need to be put into practice. ‘It’s exactly what I signed up for’, smiles Coombes ironically.

He believes GDPR could slow down the nascent IoT lighting industry at a crucial time in its development. ‘It’s a security nightmare but it’s a problem that everyone has’.

Internet-connected lights – often will built-in sensors such as occupancy detectors, beacons and low-resolution cameras  – generate data which is transferred either wirelessly or via cabling to access points and from there to the data cloud.

Companies such as Gooee need to keep all the data produced and all the interactions between devices compliant with GDPR.

‘Every time data is moved from one database to another, all that data has to be encrypted from now on,’ says Coombes. Equally, visibility of the information needs to be justified at every stage.

‘The regulatory environment is now ‘why does this person have access to the data?’

‘It’s designed architecture ethos that we’re implementing. We have to design everything with privacy as a priority.’

However, Coombes fears that many players in the sector are not fully prepared for this month’s deadline.

‘There are probably companies out there that don’t have all these policies. It’s incredible how few companies in the US have heard of GDPR, but it will take one big incident to put this on everyone’s radar. I’m certain that there will be breaches.’

Gooee’s compliance programme – implemented by a team of software engineers at the company’s technology centre in Florida – is on track and Coombes is hoping that Gooee will be the first IoT company in world to be certified by the highly-regarded TUV organisation for GDPR and security compliance.


  • A detailed presentation on GDPR’s impact on internet-connected lighting will be included in the Lighting Fixture Design 2018 conference, which takes place on Wednesday 20 June and Thursday 21 June 2018. Organised by Lux and LEDs Magazine, the event takes place at the Cavendish Conference Centre in London. For more information and to reserve you place, click HERE.