The Internet Of Things Part 2: The Old Problem Squared

Cisco estimates that some 25 billion devices will be connected in the Internet of Things (IoT) by 2015, and 50 billion by 2020.1 Analyst firm IDC makes an even bolder prediction: 212 billion connected devices by 2020. This massive increase in connectedness will drive a wave of innovation and could generate up to $19 trillion in savings over the next decade, according to Cisco's estimates.

In the first part of this two part article2, we looked at the development of, and practical challenges facing businesses implementing, IoT solutions. In this second part, we will look at the likely legal and regulatory issues associated with the IoT, especially from an EU and U.S. perspective.

THE ISSUES

In the new world of the IoT, the problem is, in many cases, the old problem squared. Contractually, the explosion of devices and platforms will throw up the need for a web of inter-dependent providers and alliances, with consequent issues such as liability, intellectual property ownership, and compliance with consumer protection regulations.

The IoT also raises a raft of data-related legal and ethical issues, associated primarily with the collection and use of the vast quantities of data processed as a result. The IoT will enable the creation and sharing of massive new reservoirs of data about individuals' habits, behaviour and personal preferences, thereby reinforcing global society's reliance on data, and making the laws and regulations which protect data privacy and limit data use even more fundamentally important.

Regulatory bodies, including the Federal Trade Commission (the "FTC") in the United States and the European Commission (the "EU Commission") in the European Union, are in particular turning their attention to the potential privacy and security issues that the IoT undoubtedly presents.

In 2013, the EU Commission published a report on the results of its public consultation on the IoT, along with a series of accompanying fact sheets (together, the "Report"), highlighting that "the development towards an IoT is likely to give rise to a number of ethical issues and debates in society, many of which have already surfaced in connection with the current Internet and ICT in general, such as loss of trust, violations of privacy, misuse of data, ambiguity of copyright, digital divide, identity theft, problems of control and of access to information and freedom of speech and expression. However, in IoT, many of these problems gain a new dimension in light of the increased complexity." At the top of the list of issues facing law and policy makers in this area are the following:

Loss of privacy and data protection. The difficulties of complying with the principles of privacy and data protection, such as informed consent and data minimisation, are likely to grow considerably. The EU Commission has stated in its Report that "It can reasonably be forecast, that if IoT is not designed from the start to meet suitable detailed requirements that underpin the right of deletion, right to be forgotten, data portability, privacy and data protection principles, then we will face the problem of misuse of IoT systems and consumer detriment." Autonomous communication. One of the most significant IoT-related data privacy risks stems from the fact that devices are able, and intended, to communicate with each other and transfer data autonomously. With applications operating in the background, individuals may not be aware of any processing taking place, and the ability for data subjects to exercise their data privacy/protection rights may therefore be substantially impaired. Traceability and unlawful profiling. Last year, researchers at Cambridge University demonstrated3 that incredibly accurate estimates of race, age, IQ, sexuality, personality, substance use and political views could be inferred from automated analysis of their Facebook "Likes" alone. Similarly, although the objects within the IoT might individually collect seemingly innocuous fragments of data, when that data is collated and analysed, it could potentially expose far more than intended by the individual to whom it relates, and indeed more than those Facebook Likes. The data collected, in combination with data from other sources, may reveal information on individuals' habits, locations, interests and other personal information and preferences, resulting in increased user traceability and profiling. This in turn increases the risk of authentication issues, failure of electronic identification and identity theft. Malicious attacks. The IoT...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT