View all newsletters
Receive our newsletter – data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 2, 2016updated 04 Sep 2016 10:44pm

Privacy, liability & patents: 4 major IoT legal challenges every CIO is facing

List: And how to overcome them.


To tap into the IoT economy, businesses have already been advised to keep it simple and differentiate form their competitors.

This evolution of the technology chain brings with it a $1.9 trillion business opportunity, with an incremented revenue exceeding $300 billion directed to IoT product and service suppliers, according to Flexera.

Kevin Curran, senior member of the IEEE, told CBR: "Appropriate preventive, detective and corrective controls in the form of policies, standards, procedures, organisational structures or software/technology functions and monitoring mechanisms are therefore required to minimise the risks associated with the confidentiality, integrity and availability of information assets within an organisation. These aspects of security should be the underpinnings of any Internet of Things Regulations policy."

CBR runs five legal aspects no company and their CIO can disregard.


1. Privacy

Regulation around privacy and the IoT is still quite non-existent when we imagine a world with hundreds of billions of connected devices.

Curran said that today there are already sophisticated data mining software in use which can reveal incredible accurate information on previously ‘anonymous’ data. "This also leads to concerns relating to identity thief," he said.

Content from our partners
Tech sector is making progress on diversity, but advances must accelerate
How to bolster finance functions and leverage tech to future-proof operational capabilities
How digital technologies can meet the challenges and opportunities ESG presents

"When it comes to privacy, there may be of course low risk exposure of data such as the authorities tracking our food and drink purchases but we must also be aware that it could expose more damaging details such as religion.

"We may also see a mission creep, in that much of the data about individuals could be re-purposed. A lot of these deployments will be commercial and data collected may be sold onwards to third parties in ways not even initially thought of."

He said that there is no agreed protocol for access to public data when it comes to law enforcement authorities or other intelligence agencies and that this will be "an interesting space to watch in the days ahead regarding regulation".


2. Patents

Companies are also faced with legal patent take aways depending on the country they are trying to file for a patent.

In a blog, international law firm TaylorWessing, said that one issue with patents is up to what extent many parts of the technology required for the IoT are patentable at all.

"UK and European case law is clear that software and methods of doing business are not patentable. However, computer implemented inventions that have a technical effect are potentially patentable (providing that they fulfill other requirements such as novelty and invention)," it reads.

Paul England, support lawyer and Kathleen Fox Murphy, consultant, both in the patents group of TaylorWessing, said that another hardship in the patent field is the that for the IoT to work in a truly seamless and interoperable way, it needs to use standardised technology.

If, however, standardised elements of technology in the architecture are patented, this presents a problem because without a licence from the patent owners, third party users of the technology may be forced to infringe those patents.


3. Cybersecurity

The avoidance of cyber-crime and data breaches is now becoming a central focus in relation to the development of IoT devices.

Speaking to CBR, John Benjamin, partner at British law firm DWF, said: "Many of the smart objects currently under development use an array of sensors, each of which is technologically incapable of providing more than a rudimental level of security.

"Privacy by design is a must under the new Data Protection Regulations that will come into force in 2018, and is particularly relevant for those currently developing products and software designed to prevent serious and persistent cyber-security breaches."

Benjamin also said that the imposition of huge fines for security breaches will further concentrate the minds of developers. "We may start to see the development of certain standards and codes of conduct around the handling of this data that are developed for the IoT industry in mind," he said.

Many IoT manufacturers will be considering privacy issues for the first time as they develop previously unconnected products into a new connected ecosystem.


4. Liability

One of the key questions in the IoT space is around the liability in regards to when devices cause arm to the environment they are deployed in, such as a house, or when they injure a human.

According to the Norton Rose Fulbright Data Protection Report, "these objects, if something goes awry, could cause physical harm or bodily injury".

The law firm exemplified some situations where such incidents could cause harm to humans. The insulin pump that loses connectivity at night and fails to properly monitor blood sugar levels and deliver insulin.

The connected alarm system that fails to report an intruder because of a glitch. The car that is hacked, causing a fatal accident.

"In short, the more we rely on devices to monitor and impact the physical world, perhaps subjugating our own decision-making processes to connected "smart" devices, the greater the potential for physical or bodily harm," the report has found.

Liability is something companies need to be aware of, and as an industry get to common conclusions to ease deployments and foster adoption.

For example, the car industry is one where liability is currently a hot topic when it comes to driverless cars. If no human is in charge of the car, who should be blamed if an accident happens?


Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy