**6. Conclusions**

The fashion sector will most likely be affected by the new regulatory framework brought by the GDPR; the same will happen for wearable devices and smart clothes, which will probably play an increasingly important role in the near future.

Some data protection issues are common to all commercial sectors and all digital technologies, from network connectivity to the use of smartphones; others are more specific, and peculiar, to wearable devices. In particular, the managemen<sup>t</sup> of big data of customers and workers (Allery 2019) collected in these ways will be a central problem in the near future, along with profiling and marketing activities aimed at collecting and processing such data. This aspect, however, is common to many commercial sectors and does not present particularly innovative features in the topic we are dealing with.

In our opinion, a peculiar feature that will concern the relationship between fashion and data protection will be the close connection between the data and the human person (and its everyday life). For the first time, the same clothes that the subject will wear will also function as sensors to collect, in real time, a large amount of data. This will cause such actions to be perceived as invasive, able to penetrate into the depths of the person and, therefore, more urgen<sup>t</sup> to regulate from a legal point of view.

The vulnerability of the data must be taken into consideration, not only for the value that the commercial archives have, but because we are discussing data, in this case, which must be considered critical and sensitive, given their close connection with the person. The creation of an ad hoc policy on security and privacy, which is usually more common in other areas (i.e., banking, insurance, telecommunications, public sector), is today essential also in the fashion sector.

We refer, in particular, to a policy that is able to better prepare all the subjects who process the data to deal effectively with a data breach. The essential points of such a policy, for example, could be the following:


There are two methods of protection that are most evident and that can be used to mitigate damages related to a data breach: (i) the use of anonymous data, and (ii) the encryption of information.

If we extrapolate anonymously a profile of each user of a brand, which contains interests based on the places the customers frequent, it can allow for detecting interesting data and implementing different strategies depending on the level of brand affinity and also on physical movements, even if the data is processed anonymously.

It becomes useful, in fact, to know how to dominate and govern data throughout the customer journey, made of many stages in the offline and online world, focusing on "location intelligence" to analyze in-store traffic, to understand the tastes of customers around the world, and to present personalized and hyperlocalized offers.

Then, there will be an almost exclusive importance of mobile technologies, since the data collected through the mobile devices of the customers will be integrated with artificial intelligence technologies (Luce 2019) able to predict consumer behavior and offer advice through virtual assistants.

This point is, from a legal perspective, very interesting. Several scholars are studying the existence of a 'right to explanation' (Edwards and Veale 2017) of all decisions made by automated or artificially intelligent algorithmic systems as a tool to enhance the accountability and transparency of automated decision-making (Wachter et al. 2017).

All the fashion houses are, these days, equipping themselves with data scientists who know how to analyze this enormous amount of data and generate new value. Less attention is devoted to the recruitment of legal and cybersecurity experts.

The hard point is that real anonymization is becoming increasingly difficult due to the constant possibility of correlating data and information.

The wearable technologies are the most suitable for perfecting this data collection, as they follow the movements of the individual and collect data closely related to the personality (and also to the health) in all moments of the individual's life, both private and in society. It is an enhancement of the advertising possibilities that has no equal, especially if combined with artificial intelligence, machine learning, and virtual and augmented reality (Kamarinou et al. 2016).

So, the first point of conclusion is that processing data as anonymously as possible becomes essential.

The second aspect, data encryption, in addition to anonymization, seems to be the most effective technical tool for protecting data after the collection and, above all, when the individual communicates, through the wearable devices, with the fashion company.

The norms and, in this case, the GDPR clearly recall these needs to protect the customer who wears the device: an anonymous processing of the data based on security and encryption.

To this end, the wearable devices that will be created, or have already been created, with privacy and security in their DNA will certainly succeed in combining efficiency and new marketing opportunities with the protection of people's rights.

Allday, in conclusion, highlights four interesting focal points that we can use to connect the wearable devices world, the cybersecurity best practices, and the GDPR:


(Allday 2018). From this point of view, it becomes important to respond immediately to any request from customers concerning their data (we find that the requests for cancellation of the information are, in this perspective, the most important).

(iv). Last, but not least, it will be important the focus on "social media marketing and advertising to ensure personalized content that keeps individual consumers engaged and interested in the brand, without their data being compromised or exploited" (Allday 2018). It will be important, in particular, to find a good compromise between the data protection needs and the need, in the digital society, to process data with grea<sup>t</sup> speed and precision.

**Funding:** This research received no external funding.

**Conflicts of Interest:** The authors declare no conflict of interest.
