The Internet Of Things – Beyond The Long Arm Of The Law?

IoT Law

The internet of things is a fast-moving, dynamic, and flexible technology. The law is a slow, unwieldy, and laboriously complex set of rules. The two do not mix well.

The law has consistently failed to keep up with technology. Issues like cyberbullying, data protection, and even internet regulation had all reached a pandemic level before the governments and courts of the world caught up. Now the challenge is how to make the internet of things become a safe, law-abiding area of commerce.

As increasing numbers of everyday objects come online in the internet of things, regulators and lawmakers have been slow to recognise the potential legal implications for many issues that are arising – chiefly privacy and data protection. Currently, the IoT is regulated and managed by existing legal frameworks; none of the worlds developed countries have passed any new legislation specifically regarding the sector.

IoT Law

Due to the fact many internet of things devices are located in personal spaces (such as the home, the car, or even the body itself), in most European countries they fall under the jurisdiction of laws covering personal data. In the UK that means the IoT comes under the Data Protection Act 1998 and Europe-wide it falls under the EU data protection directive. Breaching these laws can lead to enforcement action and fines by national regulators such as the UK’s Information Commissioner’s office – but not necessarily criminal charges.

It’s a similar story in the United States. The US Federal Trade Commission took its first action relating to the internet of things in 2013 and later settled a complaint with a company that marketed video cameras that were designed to allow consumers to monitor their homes remotely. The regulatory body successfully argued that the companies lacklustre data protection and wilful disregard for privacy had led to the exposure of the private lives of thousands consumers online – but again, no criminal charges were forthcoming.

A simple example shows the difficulty in forming effective laws: Consider a ‘smart’ shipping container that can tell it’s owner where is it, the conditions inside the container, and other useful metrics; should that be regulated in the same way as a health band that transmits sensitive data about a user’s physical condition? What about smart fridge? – it might seem harmless, but it could provide sensitive information about a person’s religion or health to supermarkets etc, depending on its contents.

A ‘data protection working party’ which advises the EU Commission, found in research last year that in most cases consumers are unaware that data processing is being carried out by the companies that have supplied specific objects – and that needs to change.

“The challenge is, how do you get that information on transparency and consent across to people in a meaningful way?” said Ruth Boardman, Head of the International Privacy and Data Protection Group at an EU-wide law firm. “It may be easy to get someone to sign up to consent when you have to set up a device but what about a toothbrush which is connected to the internet?

Whatever the solution, you can be fairly certain that by the time lawmakers respond, the IoT will have already moved on!

By Daniel Price

Data Bed.png
The Manuscript.png
Growing Up.png
Answer To Everything.png
Jennifer Nwokolo
Risk Assessment and Management Risks are inevitable in every business venture. Generally, most organizations aim to identify and evaluate their risks before investing. Hence, the need for a risk assessment and management solution. Businesses will ...
Derrek Schutman
Building a Digital Enablement Layer Most Digital Service Providers (DSPs) aim to provide digital capabilities to customers but struggle to transform with legacy O/BSS systems. According to McKinsey research, 70% of digital transformation projects don’t ...
Gilad David Maayan
What Is Application Dependency Mapping? Modern software development teams use fast-paced DevOps work processes. However, the complexity of modern software applications often gets in the way. A typical enterprise software project has thousands of components, ...
Data Web Accessibility
Data Centres Of The Future As humans require more and more computing power and more and more cloud storage, we’re going to need more and more data centres. So what do the data centres of ...
Study Finds Only 8% of Global Tech Workers Have Significant Cloud-Related Skills
Silicon Slopes, Utah - September 20, 2022 – Pluralsight, the technology workforce development company, today released its 2022 State of Cloud Report, which compiles survey results from more than 1000 technologists and leaders in the ...