The Internet Of Things – Beyond The Long Arm Of The Law?

IoT Law

The internet of things is a fast-moving, dynamic, and flexible technology. The law is a slow, unwieldy, and laboriously complex set of rules. The two do not mix well.

The law has consistently failed to keep up with technology. Issues like cyberbullying, data protection, and even internet regulation had all reached a pandemic level before the governments and courts of the world caught up. Now the challenge is how to make the internet of things become a safe, law-abiding area of commerce.

As increasing numbers of everyday objects come online in the internet of things, regulators and lawmakers have been slow to recognise the potential legal implications for many issues that are arising – chiefly privacy and data protection. Currently, the IoT is regulated and managed by existing legal frameworks; none of the worlds developed countries have passed any new legislation specifically regarding the sector.

IoT Law

Due to the fact many internet of things devices are located in personal spaces (such as the home, the car, or even the body itself), in most European countries they fall under the jurisdiction of laws covering personal data. In the UK that means the IoT comes under the Data Protection Act 1998 and Europe-wide it falls under the EU data protection directive. Breaching these laws can lead to enforcement action and fines by national regulators such as the UK’s Information Commissioner’s office – but not necessarily criminal charges.

It’s a similar story in the United States. The US Federal Trade Commission took its first action relating to the internet of things in 2013 and later settled a complaint with a company that marketed video cameras that were designed to allow consumers to monitor their homes remotely. The regulatory body successfully argued that the companies lacklustre data protection and wilful disregard for privacy had led to the exposure of the private lives of thousands consumers online – but again, no criminal charges were forthcoming.

A simple example shows the difficulty in forming effective laws: Consider a ‘smart’ shipping container that can tell it’s owner where is it, the conditions inside the container, and other useful metrics; should that be regulated in the same way as a health band that transmits sensitive data about a user’s physical condition? What about smart fridge? – it might seem harmless, but it could provide sensitive information about a person’s religion or health to supermarkets etc, depending on its contents.

A ‘data protection working party’ which advises the EU Commission, found in research last year that in most cases consumers are unaware that data processing is being carried out by the companies that have supplied specific objects – and that needs to change.

“The challenge is, how do you get that information on transparency and consent across to people in a meaningful way?” said Ruth Boardman, Head of the International Privacy and Data Protection Group at an EU-wide law firm. “It may be easy to get someone to sign up to consent when you have to set up a device but what about a toothbrush which is connected to the internet?

Whatever the solution, you can be fairly certain that by the time lawmakers respond, the IoT will have already moved on!

By Daniel Price

Gary Bernstein
Most Dangerous Botnets While it’s no secret that the technical sophistication of cyber-attacks grows exponentially, adversaries often need widespread networks to make it happen. One of the ways to do that is to infect legitimate ...
Shireesh Thota
Here’s How to Position Your Organization for the Era of Data Intensity We live in a data-intensive era. Data is booming. Companies are realizing that data is one of the most important assets and they ...
Jen
VoIP and PBX Phone Systems The cloud is already providing businesses with such a range of advanced tools and services, optimizing communication across channels, improving global cooperation, and supporting collaboration between teammates and partners both ...
Gilad David Maayan
What Is SSPM? SaaS Security Posture Management (SSPM) is a set of security tools that an organization’s security team can use to gain visibility and manage security for their Software as a Service (SaaS) applications ...
Bi Tools
BI Tools For Data Scientists Many data scientists prefer to use open-source framework to code scripts; after all, it’s something they already trust to work. Business intelligence tools like Qlik Sense, Power BI, or Tableau, ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.