The FTC and “The Internet of Things” - Locke Lord

croutonsgruesomeNetworking and Communications

Feb 16, 2014 (8 years and 20 days ago)


intended to constitute legal advice or to create an attorney-client relationship. If you wish to secure legal advice specific to your enterprise and circumstances in connection with any of the topics
111 South Wacker Drive, Chicago, Illinois 60606, Attention: Marketing. If we are not so advised, you will continue to receive the Locke Lord QuickStudy. Attorney Advertising.
Locke Lord LLP disclaims all liability whatsoever in relation to any materials or information provided. Locke Lord QuickStudy is provided solely for educational and informational purposes. It is not
addressed, we encourage you to engage counsel of your choice. If you would like to be removed from our mailing list, please contact us at either or Locke Lord LLP,
© 2013 Locke Lord LLP
December 9, 2013
The FTC and “The Internet of Things”
Charles M. Salmon
On November 19, 2013, the Federal Trade Commission (the FTC) hosted a workshop titled the
Internet of Things—Privacy & Security in a Connected World
. Per the FTC:
The ability of everyday devices to communicate with each other and with people
is becoming more prevalent and often is referred to as “The Internet of Things.”
Connected devices can communicate with consumers, transmit data back to companies,
and compile data for third parties such as researchers, health care providers, or even
other consumers, who can measure how their product usage compares with that of
their neighbors. … The workshop [was focused] on privacy and security issues related
to increased connectivity for consumers, both in the home (including home automation,
smart home appliances and connected devices), and when consumers are on the move
(including health and fitness devices, personal devices, and cars).
In a sense, the privacy and security issues associated with sharing information among numerous
devices is next in a logical progression from the recent focus on ever-increasing service provider
handling of personal information. In addition to the FTC, other state and federal agencies and
standard-setting bodies (
including the NIST
) are recognizing that control systems, sensors, and
the like must be taken into account along with traditional information systems in any sophisticated
information/cyber security program. This focus also fits well with the FTC’s recently-announced top
agenda items of (non-HIPAA) consumer health data security, predictive behavior /contextual data
technology, and mobile device tracking.
Most fundamentally, the “Internet of Things” captures the concept of a highly-connected world
in which devices connected to the Internet include phones, cars, home automation and security
systems, utility meters, and even commodity-measuring tools for items such as milk and light bulbs.
Several recurring themes emerged as takeaways from the workshop:

The importance of the context in which information is collected
: For example, data generated by
a home automation system to control a coffee pot may be inappropriate for marketing purposes.

Consumer awareness and “privacy by design” considerations
: Consumers underestimate how
information collected about them might be used in a harmful manner. For example, consumers
may not appreciate that information collected by their utility could indicate what types of devices
Privacy and Data Security Practice
Atlanta, Austin, Chicago, Dallas, Hong Kong, Houston, London, Los Angeles, New Orleans, New York, Sacramento, San Francisco, Washington DC
Practical Wisdom, Trusted Advice.
Privacy and Data Security Practice

Locke Lord
December 9, 2013
they use, when they use those devices, and even when they are home or on vacation. On the flip
side, developers may not place significant emphasis and make adequate investment in information
security in the midst of rapid innovation, market pressures, and the difficulty of predicting the
myriad potential uses of the information generated or obtained.

The viability of Fair Information Practice Principles (FIPPs) notice and choice
: The FTC continues
to evaluate the current, traditional FIPPs approach to privacy notice and choice. Several
panelists noted the limitations of such an approach in a world where information is collected
about consumers ubiquitously, often without any user interfaces. Ultimately, solutions may
involve standardized disclosures and notices in connection with use (as opposed to collection) of
information. (Query whether the situation calls for a more
approach, where information
can’t be used except for a lawful purpose, as defined by the law.)
In her closing remarks, Jessica Rich, the director of the FTC’s Bureau of Consumer Protection, stated
that, although the workshop was not a prelude to regulation, the FTC would issue a report on the
topic in the near future.
For more information on the matters discussed in this
Locke Lord QuickStudy
, please contact the author:
Charles M. Salmon

| 512-305-4722 |