When the Internet Gets Under Our Skin: Reassessing Consumer Law and Policy in a Society of Cyborgs.

In this article, the authors identify and explore the phenomenon of consumer cyborgification and ask what the legal and ethical implications of this emerging trend are. They consider whether fundamental legal principles, concepts, and assumptions in various EU acts and directives are adequate to address these challenges or whether these need to be reassessed in light of novel forms of vulnerability. They also ask what alternatives might be suggested. In the era of the consumer Internet of Things (IoT), consumer expectations of privacy, security, and durability are changing. While the consumer uses of the IoT often revolve around improving efficiency (e.g., of the body, the home, the car) and enhancing experiences through datafication of our bodies and environments and personalization of services and interfaces, the power of IoT companies to influence consumer behaviours and preferences is increasing in part because the hybridization of humans and machines. Cyborgification allows our behaviours to be individually and continuously monitored and nudged in real time. Our bodies and minds are reflected back at us through data, shaping the narratives we tell about ourselves and our surroundings, and this is creating new lifeworlds and shaping our preferences, roles, and identities. This presents novel benefits, as well as risks in the potential exploitation of novel vulnerabilities. With technology under the skin, both metaphorically (in relation to products that become a sensory accessory to the body and influence the perception and physical reality of one's body and lifeworld) and literally (in the form of microchips, cybernetic implants, and biometric sensors and actuators), cyborg consumers are more vulnerable to manipulative practices, unfair contractual terms, automated decision-making, and to privacy and security breaches. Cyborg consumers are therefore more susceptible to damage, financial and physical, caused by defective products, low-quality services, and lax cybersecurity. Law, policy, and practice must go further than merely enhancing transparency and consent processes and prohibit practices and business models that are premised on manipulating the need to anticipate and manage the working of technologies under the skin, i.e., that which undermines consumer and public interests systematically. The law needs to be agile and responsive to the changes the IoT has established in the consumer-producer relationship. Consumer laws, including the contractual/consenting process itself, must be reviewed and reimagined to ensure more robust protections.