The Internet of Things is an extremely exciting area and at the forefront of innovation in technology.
However, as internet enabled ‘things’ increasingly generate and share data, consideration must be given to who actually owns the data and how it can be protected. What if a device connected to the internet acts inappropriately and causes harm to a third party. Who is responsible for the consequences?
Those developing devices and technology in this area need to aware of the issues and ensure that sufficient consent and waivers of responsibility are in place.
Currently we think about individuals and businesses being affected by concerns about security and loss of control of personal data. The Internet of Things gives rise to a new class of user, one stage removed from the individual or business; their internet enabled devices.
There is currently no specific legislation to govern the Internet of Things. However the importance of the Internet of Things and possible challenges it may raise are one of the drivers behind the forthcoming EU legislation on data protection and cyber security standards.
At present it is unlikely that the Internet of Things will be regulated in a fundamentally different way than the internet is already. In other words regulation will start at the national level. Where multi-national frameworks exist, the European Union probably being the most obvious example, these will continue to be the driver behind multi-national standards. In theory common standards across the globe and a uniform regulatory approach would make sense. However this does not currently exist in an already highly connected global world. The Internet of Things may provide a reason and pressure to encourage this but being realistic that kind of harmonised regulatory approach still seems a long way off.
Ultimately it remains to be seen what unique and unforeseeable facets there will be to the Internet of Things which may require a unique legislative response. This could be to make the market run smoothly and to protect users and those in the industry as well. It should not be forgotten that the Internet of Things offer significant benefits and opportunities and governments have not been slow to recognise this.
Although the Internet of Things is by its nature a virtual world it is anchored in reality, ie the things themselves and at those touch points existing regulation concerning telecommunications, data, privacy, security, intellectual property and health & safety are still relevant.
The Federal Trade Commission (FTC) in the United States published a report on this area at the end of January 2015. The FTC’s view is that specific Internet of Things legislation would be premature given the way in which technology is rapidly changing and it stressed the importance of existing security, privacy and data protection measures. The FTC encourages limiting the amount of data which is collected and also the automatic deletion of data after a set time. Keeping consumers informed and providing consumers with choice are key.
In February 2015 the Obama administration indicated a preference for uniform data protection standards across the USA taking a lead from the EU legislation which ironically is not yet in force and which takes its lead from some US States.
It is however safe to say that those who take seriously security and privacy issues, obtain consents and demarcate responsibility in their contracts will have the least problems.
We must also not forget that these are not issues for the future but for now. Only a few years ago there were predictions of 25bn Internet of Things devices by 2020 but some commentators believe we have already hit this level.