The Internet of Things market has seen substantial changes during the last year, but what legal issues shall be faced in 2016? What might hinder the growth of the IoT? 

Below are my personal top 5 predictions on the legal issues that will affect the Internet of Things in 2016.

1. Big Data will not mean collecting ANY data through Internet of Things devices

In relation to IoT technologies there has often been the tendency to collect all the possible data about its users since it might become useful in the future with the development of technologies.  The stringent approach adopted by privacy regulators and the upcoming EU privacy regulation with fines up to 4% of the global turnover will force companies to considerably change their approach to privacy compliance.

Some operators have the impression that users’ consent might grant them the right to collect ANY data about them. But unfortunately for them this is not the case. Only data relevant for the purposes for which the consent was given can be processed. And a deep review of practices might be necessary by the industry. Also the new EU privacy regulation will need a major change to privacy compliance that should be started now to be ready when the regulation comes into force.

2. We will have a law for the IoT

The European Commission declared that it plans to adopt by mid-2016 a set of laws on how to regulate the Internet of Things. The IoT is not currently “unregulated” as for instance rules governing consumer protection, privacy, telecommunications are product liability are applicable also to the technologies of the Internet of Things.

However, regulations drafted for a world without IoT might become a relevant barrier to the growth of Internet of Things technologies. IoT laws are necessary, but need to be drafted after a thorough discussion with the industry.

3. Privacy by design will be a “must have” for the IoT

In a regulatory environment where the applicable privacy obligations in relation to Internet of Things technologies are still uncertain, the implementation of a privacy by design approach is the sole solution to protect a company for possible claims and damages in case of data breach.

This principle is even more valid with the EU Privacy Regulation that will introduce the accountability principle obliging entities processing personal data to prove their privacy compliance.

4. Cyber risks will call for standardization

The cyber attacks occurred in 2015 will oblige companies to implement a privacy by design approach, to adopt a cyber risk insurance policy, but also to work on standards of cyber security.

Such standards shall be industry driven as it is happening in the US with connected cars, but will need to be approved and validated by Governments as otherwise they cannot be considered a valid defence in case of claims.

5. The IoT will be in workplaces, but with what risks?

The usage of Internet of Things technologies on workplaces is already happening quite frequently. However, the need to make industrial procedures more efficient will lead to a growth in their usage.

Recent changes to the Italian Workers’ Statute make the usage of these technologies easier. But they still leave some blurred areas where the right balance between the protection of employees and their data and the need to improve the industrial efficiency.  This balance shall be identified through a review of the technologies and of the data processed through them.