The “The Internet of Things” or “IoT” is predicted to be one of the fastest growing areas of technology globally over the next few years. It is already evident that the impact of the IoT on both user day-to-day life and on business models is increasing at a rapid rate as the deployment costs of such technology drops and other barriers to entry continue to fall. With this in mind, it is predicted by technology analysts that by 2020, over 50% of major new business processes and systems will incorporate some form of IoT technology. For all of the potential benefits that will derive from this technology, for example, technology used by the health sector that enables patients to self-manage and monitor their health care at home and technology that enables the farming industry to increase food production by monitoring and adjusting the temperature, humidity and light intensity that a crop is exposed to, there are also legal risks concerning this technology. This article sets out some of those legal issues.


The IoT refers to the increased and extended interconnectivity of computing capability and network connectivity to objects, devices and sensors in order to monitor and control devices and develop ‘smart’ networks, systems and structures. “Things” in the IoT sense can refer to a wide variety of devices such as wearable fitness tracker devices that monitor body indicators and can connect to medical devices in order to provide an extensive picture of a wearer’s health, and household management devices that can adjust synchronised ambience, utility and security systems.

So What?

The IoT is dependent on data and specifically the transfer of data between different machines. The IoT will be about much more than smart meters and connected fridges; the adoption of new connectivity brings legal risks. The collation of multiple points of data can swiftly result in a large quantity of personal information about an individual being created and stored as events are reviewed in the context of a range of factors including location, time and recurrence. The regular purchase by a user of different food types for instance may divulge religious affiliations or ongoing health issues. Many older smart meters for example do not push their data to an internet service gateway directly, instead it is sent to a local data hub where it is stored until the data is uploaded in bulk. This process has the potential to place personal and sensitive data in insecure locations vulnerable to attack.

The data produced and collected by IoT technology will be very valuable and will be coveted by companies and organisations in order to gain an insight into the lifestyles, habits and preferences of users. However, IoT technology is considered to be vulnerable to attack because it embraces multiple devices, platforms, applications and networks. It is also considered that because the integrity of the data collected by IoT technology will be so important in making personal and business decisions, the risk of hackers manipulating the data for malicious reasons is a real risk. The benefits provided by IoT technologies rely on lots of data with high levels of searchability and analysis. This means that the data must exist in plain text which presents multiple threats, not least from insider attacks from sysadmins and authorised users. It has also been suggested by analysts that the IoT could lead to a rise in the black market of fake or corrupted sensor data and video data, meaning that data from this technology is compromised or substituted with inaccurate or deliberately manipulated data. Data privacy will be a big challenge for IoT technology.

What about liability and when things go wrong? Consumers will become dependent on the interconnected devices that make up IoT technology and such interdependency between devices and applications could pose challenges when it comes to the developer or manufacturer reasonably excluding and limiting their liability under consumer contracts.

The market recognises that the IoT presents significant opportunity for greater control over technology and access to data, but that the technology needs to be trusted if it is to realise its potential. The sheer scale of networks and data created by IoT technology will cause complexity and compound the legal challenges faced by the industry.