As previously mentioned, this week I attended the Web Summit in Dublin which included a section dedicated to the Internet of Things.  I was able to gain very interesting insights on the legal issues affecting the Internet of Things (IoT) and below is my list of the 5 most relevant issues which were covered during the summit. 

1. Interoperability and interaction of Internet of Things devices

The main issue at the moment seems to be that a number of manufacturers are producing “vertical” Internet of Things products that do not communicate/interface with devices of other manufactures (as opposed to “horizontal” open source products which are able to work together with devices from different suppliers).  At the moment suppliers prefer to push users to stay with their brand or with products affiliated to their brand in order to increase their market position, but the issue is what will happen in the future and whether such strategy might affect the growth of the IoT.

I have already covered in a previous post the legal issues that might arise in relation to the potential interoperability of IoT devices and the question is whether it will be either up to regulator or courts to force interoperability or it will arise as an evolution of the market conditions.

2. Is there a right of privacy?

In the light of the recent cybercrimes affecting very large cloud databases, an interesting question discussed was whether users should hold a right of privacy in a “digital context” where the amount of information collected about individuals and their interaction with the environment around them will exponentially increase.

The impression is that while privacy in Europe is seen as a fundamental right to be fully informed and made aware of how someone’s information is collected and processed, the same right is interpreted in the US as a right to ensure the safety of someone’s data against cybercrimes.  And indeed a frequent quote was that

technology companies operate in a business of trust

with the consequence that they will lose their customers if the latter don’t feel safe with them due to a data loss.  Also privacy is seen as a “tradeoff issue” i.e. if someone wants to receive relevant services then they shall “sacrifice“ their privacy.

3. Drones as data gathers

There was a very interesting presentation on how drones might be used commercially.  Examples of this might include for the delivery of medication in areas that cannot be otherwise reached, to monitor the status of  agricultural fields or, in the long term, for the home delivery of items.

The capabilities of drones represent an amazing opportunity, but it raises some legal issues in relation to

  • the potential breach of individuals’ privacy through pictures taken by drones and an interesting precedent is given by the € 1 million fine issued by the Italian data protection authority against Google for images taken by their Street View cars and
  • the safety and security of drones in case of accidents resulting from malfunctioning, and the potential approvals and licenses necessary before they can be flown.  Unlike road vehicles, drones are difficult to stop while in flight.

4. Smart city and smart home devices might make us more efficient

In a period of financial downturn, our cities might find a massive ally in smart city technologies which use sensors to  notify users whether there are parking spaces available, optimize the collection of garbage by detecting whether the bins are full, or cut the cost of public lighting by detecting the presence of cars and collecting this data to determine how to efficiently use public lights.  But the same works for our homes where smart home sensors might collect occupancy data and reduce the energy costs of the heating system.

All the above means that a number of data around us will be collected without individuals even be aware of them.  The issue is whether and when such data is “personal data” for the purposes of data protection regulations and when on the contrary it is merely anonymous data.

5. People need to know what happens to their data

As mentioned above IoT technologies will collect a very large amount of personal data about their users which might raise concerns as to the misuse of such data.  For instance if my insurance company collects personal data about me through the black box in my car in order to adjust the price of my car insurance policy, the issue is whether the same insurance company, without informing me, will use that data to set the parameters of my life insurance as well.

Transparency will represent a major hurdle for IoT technologies as people may feel they are being monitored through such devices and therefore be reluctant to use them.  However, regulators should identify ways in which privacy information notices and informed consents are given in a transparent but also business oriented manner.  Therefore it is recommendable that some privacy regulators will review the position taken by the European privacy advisory body.

It was a fascinating event, raising a number of questions on the future of the IoT.