IoT usually involves gathering an impressive amount of data. The processing or analysis of these data usually takes place in very remote locations in the cloud and, to be able to reach them, it is necessary to use shared networks, public networks, etc. Some of these data are raw data and some of them are aggregated data, which are created through the interaction by different IoT systems.
Under such circumstances, it is usually hard to make all data available for the data subjects. Indeed, this would not be a good idea in the case of raw data. Most of IoT complex systems, incorporating several tools, only need aggregated data and have no need of the raw data collected by IoT devices. Therefore, controllers usually delete raw data as soon as they have extracted the data required for their data processing. However, devices should always include a functionality allowing data subjects control this process and control the process of deletion of all their personal data. As a principle, deletion should take place at the nearest point of data collection of raw data (e.g. on the same device after processing). These data, thus, would not be available for the data subjects or an intruder. This is not particularly important, since they could hardly benefit from getting access to them. Instead, storing all data would be against the minimization, purpose limitation and storage limitation principles, not to mention that it would probably increase the costs of the services.
On the other hand, it is worth noting that the integrity of the data might be compromised by the way in which IoT data are shared and stored. It might happen that one of the processors or joint-controllers delete or damage the data at some point. In order to prevent such scenarios, backup copies are a compulsory security measure. Their creation should be foreseen from the first stages of the functioning of the IoT system.
1Art 29 Data Protection Working Party Opinion 8/2014 on the on Recent Developments on the Internet of Things (SEP 16, 2014) https://www.dataprotection.ro/servlet/ViewDocument?id=1088. ↑