The Internet Of Things – Beyond The Long Arm Of The Law?

IoT Law

The internet of things is a fast-moving, dynamic, and flexible technology. The law is a slow, unwieldy, and laboriously complex set of rules. The two do not mix well.

The law has consistently failed to keep up with technology. Issues like cyberbullying, data protection, and even internet regulation had all reached a pandemic level before the governments and courts of the world caught up. Now the challenge is how to make the internet of things become a safe, law-abiding area of commerce.

As increasing numbers of everyday objects come online in the internet of things, regulators and lawmakers have been slow to recognise the potential legal implications for many issues that are arising – chiefly privacy and data protection. Currently, the IoT is regulated and managed by existing legal frameworks; none of the worlds developed countries have passed any new legislation specifically regarding the sector.

IoT Law

Due to the fact many internet of things devices are located in personal spaces (such as the home, the car, or even the body itself), in most European countries they fall under the jurisdiction of laws covering personal data. In the UK that means the IoT comes under the Data Protection Act 1998 and Europe-wide it falls under the EU data protection directive. Breaching these laws can lead to enforcement action and fines by national regulators such as the UK’s Information Commissioner’s office – but not necessarily criminal charges.

It’s a similar story in the United States. The US Federal Trade Commission took its first action relating to the internet of things in 2013 and later settled a complaint with a company that marketed video cameras that were designed to allow consumers to monitor their homes remotely. The regulatory body successfully argued that the companies lacklustre data protection and wilful disregard for privacy had led to the exposure of the private lives of thousands consumers online – but again, no criminal charges were forthcoming.

A simple example shows the difficulty in forming effective laws: Consider a ‘smart’ shipping container that can tell it’s owner where is it, the conditions inside the container, and other useful metrics; should that be regulated in the same way as a health band that transmits sensitive data about a user’s physical condition? What about smart fridge? – it might seem harmless, but it could provide sensitive information about a person’s religion or health to supermarkets etc, depending on its contents.

A ‘data protection working party’ which advises the EU Commission, found in research last year that in most cases consumers are unaware that data processing is being carried out by the companies that have supplied specific objects – and that needs to change.

“The challenge is, how do you get that information on transparency and consent across to people in a meaningful way?” said Ruth Boardman, Head of the International Privacy and Data Protection Group at an EU-wide law firm. “It may be easy to get someone to sign up to consent when you have to set up a device but what about a toothbrush which is connected to the internet?

Whatever the solution, you can be fairly certain that by the time lawmakers respond, the IoT will have already moved on!

By Daniel Price

Dan Saks 1

How the Cloud Will Transform in the Next Decade

Transformative Cloud Silicon Valley is easy to stereotype: the gadgets, the startup perks, the culture and mentality. However, the real reason Silicon Valley captures headlines is its market dominance. The rise of the FAANGs—Facebook, Amazon, ...
David Shearer

Looking Back – and Looking Forward to 2020

As we celebrate our thirtieth anniversary here at (ISC)², it’s incredible to look back at the changes our industry has been through. From advances in technology, to changing policy and regulations, this field is constantly ...
Jeremy Daniel

Find Competitive Advantage through AWS by Partnering With The Experts

Setting up your cloud configuration is too important to not involve the experts MediaTemple & CloudTweaks Thought Leadership Brand Series So many great business ideas fail at the moment when strategy must turn to execution ...
Digital Theft

Cross-Site Scripting – Why Is It A Serious Security Threat For Big Data Applications?

Security Threat And Big Data Applications (Updated August 11th, 2020) IBM, Amazon, Google, Yahoo, Microsoft - and the list goes on. All these leading IT enterprises have been affected by Cross-Site Scripting (XSS) attacks in ...
Nik Thumma Contributor

Why It’s Time for Companies to Move ‘All-In’ on the Cloud

Companies to Move ‘All-In’ on the Cloud The cloud offers businesses innovative ways to optimize operations and achieve amazing results. While many companies have already migrated to the cloud in some capacity, the full scope ...
Rick Braddy

The Secrets to Achieving Cloud File Storage Performance Goals

Storage Performance with Cost Reduction By 2025, according to Gartner, 80 percent of enterprises will shut down their traditional data centers. As of 2019, 10 percent have already shifted their data centers and storage to ...