نوع مقاله : مقاله پژوهشی
عنوان مقاله English
نویسندگان English
Context & Objective: The entanglement of artificial intelligence (AI) and the Internet of Things (IoT) has shifted the paradigm of privacy from the traditional control of personal data to a multi-layered domain of risk regulation. In these interconnected ecosystems, continuous, environmental, and behavioral data generated by smart devices pose profound risks to informational autonomy, human dignity, non-discrimination, and personal security through algorithmic analysis, platform recommendations, automated decision-making, and product vulnerabilities. Consequently, the primary objective is to critically analyze the European Union’s legislative mechanisms—specifically the General Data Protection Regulation, the Digital Services Act, the Artificial Intelligence Act, and the Cyber Resilience Act—and to assess the feasibility of applying their risk-based logic within the domestic legal framework of Iran. The core research question addresses how the European Union distributes risk across the four operational levels of data, platforms, artificial intelligence systems, and connected products, and determines what functional capacities exist to implement this architecture within Iranian jurisdiction.
Method & Approach: A doctrinal legal methodology is employed, utilizing a functional comparative and legislative feasibility approach. Data collection relies on a comprehensive documentary review of European Union legislative texts, specialized legal literature, and selected judicial precedents, juxtaposed against the current domestic statutory framework. The Iranian legal analysis scrutinizes the Electronic Commerce Law, the Computer Crimes Law, administrative regulations governing internet service providers, and traditional rules of civil and contractual liability. The primary analytical criterion avoids superficial formal equivalence; instead, it functionally evaluates the operational capacity of each legal source to address vulnerabilities across the four distinct technological strata comprising data, platforms, algorithmic systems, and connected hardware products.
Findings: The efficacy of the European Union’s regulatory model lies in its targeted distribution of risk according to its origin, translating each operational level into specific, ex-ante, and supervisable obligations. This includes establishing legitimacy and accountability in data processing, mandating transparency and systemic risk management for digital platforms, enforcing strict controls over high-risk artificial intelligence systems, and ensuring cybersecurity throughout the lifecycle of connected products. Conversely, the existing capacities within Iranian law are predominantly fragmented and reactive. Domestic protections are largely confined to limited data safeguarding within electronic commercial transactions, ex-post criminal penalization for explicitly codified cyber offenses, administrative restrictions on infrastructural behavior, and conventional civil compensation. Iranian law currently lacks the dedicated, proactive mechanisms required to enforce platform transparency, conduct algorithmic risk assessments, and guarantee product lifecycle security.
Conclusion: Effective privacy protection in intelligent, interconnected environments requires a fundamental structural realignment of domestic legal rules predicated on the specific origin of technological risks. Achieving a robust regulatory ecosystem cannot be accomplished through the mere literal transplantation of European regulations or the extensive, strained judicial interpretation of existing statutes, which risks violating principles of legal certainty and strict construction in penal law. Instead, an urgent, comprehensive legislative overhaul is necessitated within Iranian law to independently address the four distinct risk layers. Transitioning from a reactive, fragmented remedial model to a proactive, risk-based regulatory framework is essential to adequately safeguard fundamental rights against the compounding algorithmic and infrastructural vulnerabilities inherent to modern digital ecosystems.
کلیدواژهها English