The Internet Of Things – Beyond The Long Arm Of The Law?

IoT Law

The internet of things is a fast-moving, dynamic, and flexible technology. The law is a slow, unwieldy, and laboriously complex set of rules. The two do not mix well.

The law has consistently failed to keep up with technology. Issues like cyberbullying, data protection, and even internet regulation had all reached a pandemic level before the governments and courts of the world caught up. Now the challenge is how to make the internet of things become a safe, law-abiding area of commerce.

As increasing numbers of everyday objects come online in the internet of things, regulators and lawmakers have been slow to recognise the potential legal implications for many issues that are arising – chiefly privacy and data protection. Currently, the IoT is regulated and managed by existing legal frameworks; none of the worlds developed countries have passed any new legislation specifically regarding the sector.

IoT Law

Due to the fact many internet of things devices are located in personal spaces (such as the home, the car, or even the body itself), in most European countries they fall under the jurisdiction of laws covering personal data. In the UK that means the IoT comes under the Data Protection Act 1998 and Europe-wide it falls under the EU data protection directive. Breaching these laws can lead to enforcement action and fines by national regulators such as the UK’s Information Commissioner’s office – but not necessarily criminal charges.

It’s a similar story in the United States. The US Federal Trade Commission took its first action relating to the internet of things in 2013 and later settled a complaint with a company that marketed video cameras that were designed to allow consumers to monitor their homes remotely. The regulatory body successfully argued that the companies lacklustre data protection and wilful disregard for privacy had led to the exposure of the private lives of thousands consumers online – but again, no criminal charges were forthcoming.

A simple example shows the difficulty in forming effective laws: Consider a ‘smart’ shipping container that can tell it’s owner where is it, the conditions inside the container, and other useful metrics; should that be regulated in the same way as a health band that transmits sensitive data about a user’s physical condition? What about smart fridge? – it might seem harmless, but it could provide sensitive information about a person’s religion or health to supermarkets etc, depending on its contents.

A ‘data protection working party’ which advises the EU Commission, found in research last year that in most cases consumers are unaware that data processing is being carried out by the companies that have supplied specific objects – and that needs to change.

“The challenge is, how do you get that information on transparency and consent across to people in a meaningful way?” said Ruth Boardman, Head of the International Privacy and Data Protection Group at an EU-wide law firm. “It may be easy to get someone to sign up to consent when you have to set up a device but what about a toothbrush which is connected to the internet?

Whatever the solution, you can be fairly certain that by the time lawmakers respond, the IoT will have already moved on!

By Daniel Price

Episode 1: Why Small and Medium Sized Businesses Need an MSP

Small and Medium Sized Businesses Need an MSP Small and medium-sized businesses don’t enjoy the ...

Episode 5: How the Pandemic is Changing Business and the Cloud

An Interview with Ed Dryer of Steadfast With the global pandemic wreaking havoc on business ...

Episode 6: Cloud Migration: Why It’s More Important Than Ever

The Importance of Cloud Migration Moving fully to the cloud is still a concern for ...

SIGNUP FOR OUR FREE NEWSLETTER

Enjoy thought leadership insights, industy news, free tech reports, podcasts and comics.
Something went wrong. Please check your entries and try again.
David Friend

Data Centers Need to Wake Up and Compete with the Hyperscalers

Data Centers Need to Wake Up and Compete with the Hyperscalers Win Customer Hearts & Minds and Become a Trusted Technology Partner Data center operators ...
Steve Prentice

Cloud-Based Financial Software Reinforces the 80/20 Rule of Business Management

Cloud-Based Financial Software Sponsored by Sage 50cloud Small businesses are known for being innovative and customer-focused in a way that their larger competitors cannot. This ...
Kokumai

How to Enhance Security of Digital Identity

Enhance Security of Digital Identity Introduction The subject of this article is a fragile digital identity built with a weak password, which makes a grave ...
Steve Prentice

Episode 3: The Bottomless Cloud – An Interview with David Friend of Wasabi

Why data is not “the new oil” and why “cloud” means more than we think. In his new book, author David Friend refers to the ...
Kokumai

History, Current Status and Future Scenarios of Expanded Password System

Future Scenarios of Expanded Password System Passwords are so hard to manage that some people are urging the removal of passwords from digital identity altogether. What ...
Google Prog

Working with security researchers to make the web safer for everyone

Working with security researchers What do a 19-year-old researcher from Uruguay, a restaurant owner from Cluj, Romania and a Cambridge professor have in common? They’re ...