Rick Delgado

These days, just about everything and every organization collects data. Even refrigerators collect information on temperature, usage, etc. Employers do on just about anything they can; some are in fact requiring employees to wear health trackers that monitor heart rate and other metrics. From cars to medical devices, personal data is everywhere. The problem is, it is easier than ever for manufacturers to integrate data storage, but oftentimes the privacy and legal repercussions of the Internet of Things (IoT) are not considered.

The legal matters reside in who owns the data and data analytics tools, how they are used, and whether they’re sold to third parties. Data, for example, may be used for one purpose, and then for another down the road, potentially exposing financial or medical information one might not want a particular party to see. Lawsuits are sure to increase on these matters over the next few years. To succeed, they will have to prove actual, quantifiable harm was done or stolen identity, credit card numbers, or some form of harm or injury can be identified.

Here are a few legal aspects for businesses to consider when it comes to the Internet of Things.

Security

Legal challenges arising from cyber security may be the biggest of all. Internet-connected devices pose a challenge. One could theoretically hack into a home heating system, find their way into the homeowner’s mobile phone records, and obtain information on their credit card. One study recently found hackers could breach such networks via Wi-Fi light bulbs. Without a physical break-in, who is responsible; the heater manufacturer, phone service provider, Internet technology integrator?

Similarly, who is responsible for protecting data? Businesses are responsible for using data systems, but developers are tasked with making them efficient or preventing irrelevant information from being collected and stored, usually with what is flash storage. Data may be repurposed to someone else, so is it the original collector or the new data holder who is responsible for breaches?

Contracts

Various legal challenges are arising based on the contractual agreements businesses establish with partners and customers. One is disclosure. They need to identify how collected information will be used, but there are many ways that may be overlooked. Most disclosures talk about the product and its use, not the data. This is posing a challenge especially for companies involved in products not traditionally thought of as able to collect personally identifiable data. When employees find out about personal information being exposed, they’re usually pretty upset.

Data Ownership

Information on consumers and even business product users is freely traded in the U.S. You’ll find who owns the data in documents such as end-user license agreements. These are legal documents that define ownership. The communicative nature of IoT devices means data from one system may appear in another, challenging virtually any ownership model. Businesses, including farms, are for example signing contracts with drone companies. The data are very useful under many circumstances, but it’s important to check who has ownership of the data – is it the end user, drone manufacturer, or data storage provider?

Compliance

Regulators, including government organizations, have increasingly been addressing IoT, privacy, and data protection issues. A recent Data Protection Regulation issued in the European Union focuses on data privacy and consent. It offers guidelines on when personal data such as preferences, health, or location can be used legally. Policies, enforcement, fines, and other details are identified as well.

U.S. regulators are concentrating on these issues as well. In the near future, regulatory agencies will likely be involved in the adoption of standards related to data usage, cloud computing, service provisioning, and more. One challenge here is individual jurisdictions may devise regulations that are different than those from others, potentially creating conflicts of interest. There are also sure to be arguments for and against the benefits and risks of certain devices/types of data stored.

An Uncertain Legal Future

Organizations such as the Federal Trade Commission have been hard at work considering how to regulate the Internet of Things. Privacy and ownership have already presented legal challenges. New ones will likely emerge as regulatory bodies come to decisions on standards and laws regarding IoT devices and data.