Abstract

This article analyses, defines, and refines the concepts of ownership and personal data to explore their compatibility in the context of EU law. It critically examines the traditional dividing line between personal and non-personal data and argues for a strict conceptual separation of personal data from personal information. The article also considers whether, and to what extent, the concept of ownership can be applied to personal data in the context of the Internet of Things (IoT). This consideration is framed around two main approaches shaping all ownership theories: a bottom-up and top-down approach. Via these dual lenses, the article reviews existing debates relating to four elements supporting introduction of ownership of personal data, namely the elements of control, protection, valuation, and allocation of personal data. It then explores the explanatory advantages and disadvantages of the two approaches in relation to each of these elements as well as to ownership of personal data in IoT at large. Lastly, the article outlines a revised approach to ownership of personal data in IoT that may serve as a blueprint for future work in this area and inform regulatory and policy debates.