What regulation is needed for the Internet of Things?

croutonsgruesomeNetworking and Communications

Feb 16, 2014 (4 years and 4 months ago)


What regulation is needed for the Internet of Things?
— filed under:
Spectrum policy
Internet of Things
Nov 30,2012by Catherine Viola
In our second report fromthis month’s 4th Annual Internet of Things Europe conference in Brussels,we
focus on progress in Europe towards establishing a policy framework for the Internet of Things (IoT) and
discuss how stakeholder views diverge on what policies might be needed.
EU support for the IoT
European Commission Vice-President Neelie Kroes,addressing the conference via video-
link,stressed the potential social benefits of the IoT.It could,she said,“help us tackle the big
challenges facing humanity:saving energy,assuring food and water for all,or caring for an
ageing society”.
Our priority is to allow innovation and promote the benefits of the IoT,while at
the same time protecting consumers
According to Kroes,there are several ways in which policymakers can promote the
development of the IoT.She pledged to continue to support IoT research and innovation
through the FP7 funding programme and,from2014,the Horizon 2020 programme.Kroes
also highlighted a need for standardisation,and called for industry to develop IoT standards
to stimulate a borderless single market in Europe,ensure the protection and trust of end-users,
and provide interoperability.
The IoT also needs a legal and ethical framework that enjoys broad support fromall
stakeholders,Kroes continued.The Commission’s planned initiative on IoT governance,she
explained,would “support the dynamic development of IoT innovation,boost growth and
jobs within the digital single market,and protect and ensure the confidence of EU citizens”.
Diverging opinions on IoT policy needs
The Commission is currently evaluating the responses to a consultation held earlier this year
to gather views on what policy framework the IoT might require.The consultation asked for
views on privacy,safety and security,security of critical IoT-supported infrastructure,ethics,
interoperability,governance and standards.The results will feed into the Commission's
Recommendation on the IoT,which is due to be presented by mid-2013.
The consultation drew over 600 responses fromindustry,government,academia,citizens and
consumer groups.The Commission’s Giuseppe Abbamonte told the conference that opinions
differ on what policymaking is needed for the IoT.On the one hand,industry stakeholders are
concerned that inappropriate regulation could stifle innovation and cripple the development
of IoT business models.Consumers,on the other hand,are uneasy about the potential impact
of the IoT in areas such as data protection and privacy.“Innovation cannot come at the
expense of fundamental citizen rights,” said Abbamonte.
But it would be wrong,Abbamonte added,to place an emphasis on the potential problems of
the IoT.He believes it is more important to take an optimistic view and look at the
opportunities the IoT creates.“Our priority is to allow innovation and promote the benefits of
the IoT,while at the same time protecting consumers.”
Data protection and privacy are primary concerns
Data protection and privacy are among the top concerns,the IoT consultation shows.With
billions of connected devices envisaged within the next decade or so,and many of these
directly linked to citizens in their homes or vehicles,the scope for personal data requiring
protection is vast.
Maria Badia i Cutchet,the European Parliament rapporteur for the action plan for Europe on
IoT,emphasised the importance of tackling consumer privacy and data protection concerns.
“The IoT will only grow through citizens’ trust,” she said.“The right to privacy should come
first.For the IoT to take off,people need a degree of comfort,and business needs stability.”
Educating citizens about the IoT and how to take advantage of it will be important in building
trust,she added.
Only those issues that are specific to IoT and cannot be sufficiently addressed by
other rules may deserve specific intervention
But safeguarding EU citizens’ privacy rights also has to be considered in context.Privacy
issues are not black and white,said Francois Carrez,who co-ordinates the Internet of Things
Initiative (IoT-I).The IoT-I holds a working group on ethics,privacy,and security through
the IoT Forum.It is all about the trade-offs that users make between losing part of their
privacy – such as sharing their location in order to receive location-based services on their
smartphones or sharing credit card details – and the benefit gained fromusing a service.“If
people have a strong interest in using a service,” Carrez said,“they are often ready to give up
on privacy,especially if the service provider comes with a good reputation”.
Building on existing regulations
IoT policy cannot be devised in isolation,said Abbamonte.Horizontal rules on competition,
security,privacy and data protection all apply,and will provide the framework for IoT
developments.As an example,the IoT will need to comply with the new European data
protection and privacy framework,which unifies the legal requirements into a single set of
EU-wide rules and includes revised measures for data transparency,enforcement and security
breaches.The privacy framework aims to strengthen individual rights and tackle the
challenges of globalisation and new technologies.
“We will have to build on these horizontal rules,” Abbamonte explained.“Only those issues
that are specific to IoT and cannot be sufficiently addressed by other rules may deserve
specific intervention.”
But further work will be needed before a judgment call can be made on where such
intervention may be appropriate.According to Badia,the first step has to be to analyse in
detail the potential impact of the IoT and understand if existing legislation in areas such as
privacy and data protection is adequate.“Once that has been achieved,we will have a clearer
view of what needs to be done next,” she said.
Specific IoT regulation not needed,some argue
Some speakers and delegates already espouse the view that IoT-specific legislation and
governance is not needed.
According to Dan Caprio,senior strategic advisor frominternational law firm
McKenna Long and Aldridge,the proposed General Data Protection Regulation
provides a sufficient horizontal and interoperable regulatory framework to address any
IoT privacy concerns.“IoT-focused policy initiatives would not only be over-
burdensome and confusing,” he said,“but also run the real risk of not keeping pace and
becoming quickly outdated,given the evolving nature of technologies within this digital
information society.”
We are assessing several policy options with an open mind
Peter Hustinx,the European Data Protection Supervisor,agreed that IoT-specific frameworks
are not the answer,but emphasised that “it is profoundly important that the general principles
for protecting consumers get implemented”.The more IoT takes off in the home,he said,the
more it will give rise to personal data.The solution,in his view,is to build in trust and
security fromthe start.“Responsibility and privacy by design are key,” he said.
Roomfor non-regulatory solutions?
“The Commission has a huge responsibility,” said Stephen Pattison of British microchip
designer ARMHoldings.“The path it chooses could determine whether the IoT becomes an
engine for growth or doesn’t get off the ground.”
Pattison believes that any regulation should only be proposed if necessary,and should be
carefully crafted,as there is a very difficult line to draw between creating consumer trust and
confidence and allowing the IoT to grow.Using the data produced by connected devices is
one of the ways that investment in the IoT may be funded,he pointed out.“Let’s not do
anything that makes that unnecessarily difficult.”
He urged policymakers not to impose undue regulation,to look carefully at what data needs
to be protected,and to consider solutions that stop short of regulation,such as voluntary
codes of conduct or kite marks.These could be enough to instil consumer confidence in the
IoT without imposing a burden on its growth,Pattison suggested.
All policy options on the table
“We are assessing several policy options with an open mind,” said Abbamonte.These,he
said,would include both regulatory and non-regulatory interventions,such as voluntary codes
of practice.“We don’t yet know what the concrete follow-up will be.”•
Kate Milligan
+44 (0)20 7100 2875
+44 (0)20 7099 1677 (Fax)
PT Publishing Limited,4 Houghton Square,SW9 9AN
Registered in England No.5081138 at 4 Houghton Square,SW9 9AN