Abstract
This article analyses, defines, and refines the concepts of ownership and personal data to explore their
compatibility in the context of EU law. It critically examines the traditional dividing line between
personal and non-personal data and argues for a strict conceptual separation of personal data from
personal information. The article also considers whether, and to what extent, the concept of ownership
can be applied to personal data in the context of the Internet of Things (IoT). This consideration is
framed around two main approaches shaping all ownership theories: a bottom-up and top-down
approach. Via these dual lenses, the article reviews existing debates relating to four elements supporting
introduction of ownership of personal data, namely the elements of control, protection, valuation, and
allocation of personal data. It then explores the explanatory advantages and disadvantages of the two
approaches in relation to each of these elements as well as to ownership of personal data in IoT at large.
Lastly, the article outlines a revised approach to ownership of personal data in IoT that may serve as a
blueprint for future work in this area and inform regulatory and policy debates.