Thank you all for attending our webinar on the “Internet of Things Legal and Business Framework”. For those who could not attend, the main conclusions are summarized below:

  • Internet of Things will be a paradigm shift. As discussed by Stan Schneider, CEO of Real Time Innovations, IoT is a truly global revolution, with extraordinary opportunities yet to be exploited (particularly on the industrial side).
  • Virtually all industries and sectors will be transformed. IoT will dramatically change industries including manufacturing, agriculture, oil and gas, mining, transportation and healthcare… For example, ultrasound is currently performed using a portable device that processes the results but IoT will permit shifting the most of the processing to the cloud making the actual machine much simpler.
  • Many regulators are yet to play a role. Whilst there are little doubts about the major changes brought by IoT, the existing statutes and regulations are frequently difficult to apply to IoT. The regulators will need to consider how to apply the statutes and regulations to new situations and how to develop new rules. Certain regulators already addressed the IoT (e.g. in the US the FTC’s report on “Privacy and Security in a Connected World”, in the UK, OFCOM’s “Promoting Investment and Innovation on the Internet of Things”, in Italy, AGCOM’s report on Machine to Machine – see here and here for more information), but many legal/regulatory issues remain to be addressed.
  • Complexity arises from differing legal rules in different countries on regulatory issues from privacy to cybersecurity. For instance:
    • Data Protection: Regulators are focused on data security and data minimizations. Most regulators suggest privacy by design and an adequate consent approach. In Europe, despite the EU Data Protection Directive, countries have adopted implementations that maintain certain differences. However, various elements of what could be the “European Regulators’ position” can be inferred from the Article 29 Working Party Opinion 8/2014 on “Recent Developments on the Internet of Things”. In the US, the regulation of privacy is very fragmented, with federal privacy laws governing  specific sectors or industries (financial, healthcare, telecom) or specific issues (email marketing, SMS marketing, children’s privacy), whilst the states have separate laws. Unfortunately, these differences will be important to IoT because of its inherently global nature: this problem is best described as jurisdiction creep (devices placed in other countries may also attract the data protection and security regulations applicable in such other countries). See here for the main IoT data protection concerns.
  • Telecoms: IoT will demand more spectrum and network resilience. Similarly additional regulations for international roaming, authorizations and numbering will need to be considered (at least in certain jurisdictions).
    • Competition: Iot is changing  business models (e.g. the traditional telco operators losing the direct relationship with the final users). The companies  who are investing in infrastructures to address the additional demand for connectivity may also want a higher share of the revenues that other parties (e.g. OTT) are making by using such  connectivity. The rise of international alliances may cause concerns for the national players that will not be able to compete on a global scale.
    • Liability, Certification and IPRs: Of course, many other issues will have to be addressed, including the definition of the level of responsibility of the stakeholders involved. For example, who should be liable for accidents in self driving cars, the car manufacturer, the component manufacturer or the software developer? It will also need to be further investigated the risk of qualification of certain IoT devices as medical devices (with potential  certification implications also on the upgrades), the rules for intellectual property and ownership for data being transferred. In addition, new interfaces, such as gestures, may be patentable.
  • Cybercrime: Cybercrime is on the top of the list of issues affecting the IoT.  Both the industrial Internet of things and IoT devices addressed to consumers will rely on sensors that in case of hacker attacks might malfunction and cause massive damages.  At the same time, potential data breaches might give rise to the loss of data that under the new EU Privacy Regulations might lead to fines up to 5% of the global turnover of the breaching entity.  However security measures should not become excessively burdensome and expensive, so as to avoid creating an entry barrier to the market. See here on cybercrime’s risks (and here for a great cybersecurity tool!).
  • Software (and open source software!) will be critical. Many of the functions of IoT will be implemented through software. However, the software will need to be developed by many companies and the integration of such functions will be very challenging.  Many software licenses disclaim all liability but this approach may not work for critical infrastructure such as the electrical grid.  Open source software will likely play an important role in the infrastructure. Both the Linux Foundation and the Eclipse Foundation, two of the major open source software foundation, have multiple projects addressing IoT.