**1. Introduction**

Several recent field studies and business reports prospected, in the last two years, the fact that the wearable technologies market will have a strong impact and an unstoppable growth, even in the fashion sector (CCS Insight 2019). These studies described a wearables market worth \$34 billion by 2020 and an existing solid presence of wearable technology in the digital society, with multiple applications in the retail, automobile, medical, and insurance sectors (Arnault 2018).

On the one hand, in fact, technologies are getting smaller. On the other hand, all the objects that surround us are designed to "contain" a specific technological device.

This market includes companies inventing, designing, and building miniature body-borne computational and sensory devices and creating wearable devices that can be worn under, over or in clothing, or, of course, "may also be themselves clothes" (Mann 2012).

In fashion shows, and in the most important events around the world, the first prototypes presented aroused wonder and admiration on one side, and concern on the other; also, the apparel industry is going "through a period of fast tech-driven transformations, with fashion brands working hard to capture the needs of the modern fashion consumer" (Arnault 2018).

In this case, as it is clear, digital fashion joins fashion in the strict sense, given that most digital objects have also become fashion or design garments.

The evolution consists in the fact that "wearable technology found in modern fashion garments are no longer just smart sensors but have evolved into being part of a complex ecosystem comprising sustainable and innovative apparel, aiming for a cleaner industry and a healthier lifestyle"

(Arnault 2018): contemporary fashion tech garments "are made from biomaterials such as leather from fungi and pineapple, textiles from algae, 3D printed rubber from recycled plastics, and lab-grown leather, all recorded on the blockchain" (Arnault 2018).

For reasons of space, we will not deal with the interesting relationship between blockchain and data protection (there are many projects concerning the application of blockchain systems in the fashion sector), but there are several scholars who are tackling the problem in a very precise manner (Finck 2017).

From a technical point of view, therefore, these devices are interesting for the scholar for two reasons.

The first is that they are "real sensors": they contribute to building up the sensor society and are capable of capturing data from a person or his/her devices.

The second aspect is that these sensors communicate with the environment surrounding us, and being wearable clothes or objects, they communicate with all the other sensors they encounter during the movements of the same person who wears them.

The fashion world is trying, on one side, to radically change the wearable devices market: "This is a departure from the approach to date, where technical features have led the race, with most devices competing solely on battery life and capabilities. But technology is no stranger to fashion; from smart fabrics, models wearing Google Glass on the runway, to fashion designer Adam Selman sporting the next generation of paymen<sup>t</sup> enabled dresses on the catwalk–wearable tech is increasingly claiming its place in fashion" (Lambert 2019).

On the other side, legal scholars (Russey 2018) have started to try to connote with precision what is meant, from a legal point of view, as a "wearable device", "smart watches" (Chuah et al. 2016) or "smart clothes," the consequent legal implications, and what are the di fferences with respect to other technological objects and devices of daily use (like, for example, smartphones) (Kim 2016).

In our opinion, the di fference between a smartphone and a wearable sensor is radical: the smartphone is invasive but remains disconnected from the human body and from the "physical" idea of "person." A sensor that enters the clothes, or is attached to a part of the user's body, becomes much more subtle (especially if the user, at a certain point, gets used to its presence and no longer realizes that he/she is constantly monitored).

On the one hand, therefore, the scholar notes an incessant evolution of the world of fashion that pursues, in many aspects, the evolution of technology and, above all, of technological society. On the other hand, the legal framework tries to adapt to the evolution of the digital society and, consequently, shows interest also for the fashion sector when countless devices of common use (sensors, Radio Frequency Identification systems, locators, touch screens, message or chat notification systems) enter clothes and the fashion business.

At the same time, these issues raise important cybersecurity problems, which need to be addressed in a summary way in order to better understand the consequent legal regulation as well.

This is why, in this chapter, we will have to deal simultaneously with business, technological, legal, and data protection issues. All four sensitively characterize the present and will probably characterize the future.

#### **2. Data Processing and Cybersecurity in the Fashion Business**

From a data processing, data protection, and cybersecurity point of view, two types of objects/devices in the fashion business can be identified, and they are very di fferent from each other.

The first one is, in fact, an object that is worn as an accessory: a watch, a necklace, a bracelet, an earring. This "object" can have some technological characteristics, or networking and wireless connection capabilities, as well as the ability to process data and communicate them to the user or to "the outside" (for example: to the producer of the device, or to a shop).

The second type consists of real "smart clothes": wearable garments that have the ability to interact with the body and the health of the person and act autonomously in the analysis of the data of the subject who is wearing them; garments that can monitor sweating and skin pores, health status, heart rate, or can check if the subject is healthy and fit in a given moment. They also could adapt, for example, the color of the dress to the color of the skin (analyzing, for example, a face more or less tanned).

Often, this second type of device is also connected to "smart shops," "smart factories," or "smart companies," in order to create a union that allows not only, for example, the control of a music stream with a tap on the dress, or to warn about the presence of threat factors in the external atmosphere (for example: a dress that can "hear" the presence of radiations, or gas), but also to change the configuration of the device and the reaction of the technology depending on the surrounding urban, shopping, or domestic situation.

This second type of wearable technology is clearly more interesting also from a legal point of view, because it is potentially more invasive with reference to the rights and freedoms of the individual (Katyal 2014).

This is the reason why wearable technologies and smart clothes, in the last few years, were also under the lens of jurists (Ching and Singh 2016) and cybersecurity and data protection experts (Burbidge 2019; Allery 2019).

The idea that the diffusion of objects with certain advanced functions can be not only related to "simple" smart glasses, or bracelets for fitness, or watches/smartphones, but also to real sensors that analyze our body and tell us (or someone else) if we are, for example, hypertensive, dehydrated, or if we need to drink or eat, or that try to communicate with our brain waves, or (perhaps in the future) with microchips implanted under our skin, raises interesting legal issues.

#### **3. Some Preliminary Legal Issues**

First of all, we are talking about technologies that, compared to other smart objects, are extremely "personal" (Satyanarayanan 2001) and, above all, invasive of the most intimate part of the individual (Pearce 2016).

These are devices that are not designed to create a network, or to share information with other people, but that aim to adapt to a specific person, continually acquiring data on that subject and, above all, constantly operating for that purpose, not only during working hours, but also during the night and in extremely personal (or intimate) environments and contexts.

Wearable technologies and smart clothes are, in other words, "environmentally conscious": they are constantly monitoring and observing everything that happens in the surroundings, and then generate a large amount of data ("big data") that give rise to interesting GDPR issues (Wachter and Mittelstadt 2019), especially concerning data protection during big data analysis (Zarsky 2017).

There is an important, preliminary distinction (Mann 2012) between "wearable" devices and "portable" devices, like handheld and laptop computers: in fact, Mann says, "the goal of wearable computing is to position or contextualize the computer in such a way that the human and computer are inextricably intertwined" (Mann 2012).

"In this sense"–Mann writes–"wearable computing can be defined as an embodiment of, or an attempt to embody, Humanistic Intelligence. This definition also allows for the possibility of some or all of the technology to be implanted inside the body, thus broadening from 'wearable computing' to 'bearable computing' (i.e., body-borne computing)" (Mann 2012).

The idea of "Humanistic Intelligence" is very interesting if related to the interaction capability of wearable devices and smart clothes: as Mann correctly states, "One of the main features of Humanistic Intelligence is constancy of interaction, that the human and computer are inextricably intertwined. This arises from constancy of interaction between the human and computer, i.e. there is no need to turn the device on prior to engaging it (thus, serendipity). Another feature of Humanistic Intelligence is the ability to multitask. It is not necessary for a person to stop what they are doing to use a wearable computer because it is always running in the background, so as to augmen<sup>t</sup> or mediate the human's interactions. Wearable computers can be incorporated by the user to act like a prosthetic, thus forming a true extension of the user's mind and body" (Mann 2012).

Today, wearable devices in the fashion world exist, basically, in three types/forms.

#### *Laws* **2020**, *9*, 12

The first type is made by clothes that can "activate functions," for example, for cyclists (that can start specific tasks by simply touching the clothes), often connected to smartphones or other communication devices.

The second type consists in technical clothes designed for athletes, monitoring, for example, blood pressure and heart rate values.

The third type combines clothes, body, and technology, for example, showing the messages or tweets received on the surface of the dress itself, or changing the colors of the clothes depending on the context, on the skin, or on the mood of the subject.

Even the wearable technologies sector, as, in general, the Internet of Things sector (the two sectors are strictly connected), has been overwhelmed by the advent of new ways of doing business through the collection and use of big data, especially with reference to the profiling of the most intimate aspects of the consumer.

Hence, there is the need to rethink, from a legal point of view, the delicate issue of protecting this information, the connected possibilities of discrimination related to misuse or abuse of this information (Rodotà 2015), the risk to the customer's reputation and, in general, the profiling and managemen<sup>t</sup> of data of all those customers who use similar devices.

There are several fundamental points, from a Legal Informatics point of view, that are of particular relevance for the interpreter: they are all linked to the concepts of "data protection" and "cybersecurity."

The first point concerns the new methods of commercial use of consumers' data, modern e-commerce and marketing activities, the constant customer profiling activity (that, we will see, has an important impact for the GDPR), and the consequent consumer protection linked to the use of similar devices (Burbidge 2019).

This is an area of study that, on the one hand, is linked to the traditional business and marketing activities of companies and that, on the other hand, is increasingly conditioned by the presence of the companies on social networks and the need to innovate the ways of disseminating commercial information based on the collection, in fact, of big data coming from the daily life of customers.

To this end, wearable devices and smart clothes allow the achievement of two objectives.

The first is a control, also from a "geographical" point of view (GPS), of the consumer, even in his/her shopping activities and paths. This factor becomes very important from a marketing point of view: fashion is a sector where the relationship between in-store purchases and online purchases is very problematic to analyze in modern days, and the capacity to monitor consumer paths at any time and in any place takes on an enormous value.

The second objective is the ability to generate a profiling activity that is more precise than all those previously carried out; above all, because it can finally involve sensitive characteristics of the client. This is the reason why this issue inevitably has to deal with data protection legislation which, especially in Europe, has always tried to limit as much as possible these procedures, while respecting the need for data circulation and the need for business.

These first two protection requirements have been accompanied by the necessary attention to possible data breaches, i.e., the "escape" of data collected (with consequent reputation problems and fines coming from local Control Authorities) and the use of chatbot, automated systems that must be transparent to the customer for correctness (the user must always be aware that he/she dialogues with a robot and not with a human being).

To these first problems, there are specific implications involving smart fabrics, nanotechnologies, and, generally, the Internet of Things. Wearable and connected technologies can be very useful, but they have security problems, as does the Internet of things in general: every device that is connected is vulnerable.

The implementation of the GDPR since May 2018 in all EU Member States has entered such a delicate and unstable framework and had to face new problems that are not easy to solve.

The idea of the protection of digital data is transversal to all the problems listed above.

#### **4. Four Points of Discussion**

It seems to us that there are four clear points of discussion that today concern wearable devices and smart clothes from a legal and data protection point of view:

(i) the need to introduce a new "culture" of data protection (training, for example, all the people who are processing data) when dealing with such intimate devices and data, especially if what is being processed is not only customers' data, but also information related to employees/workers (Allery 2019);

(ii) the need to plan correct data breach management, as the collection of large amounts of data made by these wearable devices and smart clothes will inevitably, sooner or later, lead to the threat of a data breach;

(iii) the need to guarantee a transparent legal framework regarding the delivery of the information, the collection of consent of the customer, and the development of less intrusive forms of marketing and targeting;

(iv) finally, the need to always guarantee the exercise of the rights of those who wear these devices, up to the cancellation of all customers' data and the disconnection of the device.

In this study, the four aspects indicated above will be in summary highlighted. We will try to link, in particular, the phenomenon of wearable devices and smart clothes to the GDPR norms, and to the most common cybersecurity approaches (and best practices).
