May 6, 2018

Who is setting the IoT agenda?

Several weeks ago, I was in a briefing call with a panelist who was preparing for an event on privacy and security challenges in the IoT market. This was in the context of possible guidelines emanating from the US government.

There was the usual discussion about the pros and cons of light-touch and self-regulatory approaches, in keeping with the conditions that fostered innovation and investment in the Internet.

However, the world has moved on since the late-90s; it is worth spending time to reflect on today's conditions and what new approaches are warranted. And, to what extent will US agencies set the future direction?


The Internet is deeply integrated in our everyday lives. And, the proliferation of IoT sensors and devices will only increase this level of integration and dependency. The security guru, Bruce Schneier, has pointed out that IoT security is too important an issue to be left to market forces and that the necessary precautions will only be met by a regulatory approach [1]. His might not be a lone voice. In the case of the much younger Bitcoin technology, for example, it is interesting to note the desire for private-sector players to call for regulation as a necessary condition for establishing a nascent market [2].

Going down the regulatory path, the issue then becomes one of who sets the regulatory rules. With the IoT being a global phenomenon, there is no guarantee of US leadership. Discussions in Washington D.C. might placate local firms. They risk missing the bigger picture of what is happening on the international playing field. Consider how the market for personal data is changing as firms adjust to the EU's GDPR initiative. GDPR (the General Data Protection Regulation) gives individuals significant new rights over how their personal data is collected.

In an innovative twist, GDPR applies to individuals (data-subjects) in the EU; it applies to any service provider and not just those domiciled in the EU. In the industry, it is not uncommon to hear of it referred to as the Global Data Protection Regulation. For evidence of GDPR's global impact, take a look at PayPal's recent disclosure of how it shares personal data with its network of 600 business partners [3]. Here is the same data in a more easily digestible format [4].

Having in effect set the global agenda for personal data, the EU's next step will most likely progress to rules for IoT and mixed-data assets.

In another example and at a local level, Uber is succumbing to regulatory pressure in the UK. In order to demonstrate its fitness to operate, Uber is offering to release proprietary data to help with transportation infrastructure planning. Through this gesture, Uber wants to show that it can be a better partner to the City of London [5].

These developments show that regulatory institutions can and will play a greater part in the IoT and new Internet-enabled service sectors. Innovators and investors in emerging sectors such as autonomous vehicles and data brokering, to pick two examples, should factor a pro-regulatory element into their strategies. This means engaging with the appropriate institutions and designing products/services with suitable monitoring and audit-reporting capabilities.

Strategically, it is no longer tenable to tell government, for example, to get out of the way and stop interfering with innovation.

[1] Security and the Internet of Things - https://www.schneier.com/blog/archives/2017/02/security_and_th.html

[2] Winklevoss twins pitch plan to regulate digital money http://www.businesstimes.com.sg/banking-finance/winklevoss-twins-pitch-plan-to-regulate-digital-money

[3] List of Third Parties (other than PayPal Customers) with Whom Personal Information May be Shared https://www.paypal.com/ie/webapps/mpp/ua/third-parties-list

[4] How PayPal shares your data - https://rebecca-ricks.com/paypal-data/

[5] Uber offers to share journey data with London city planners -https://www.theguardian.com/technology/2018/mar/15/uber-offers-to-share-journey-data-with-london-city-planners

IMAGE CREDITS: Victoria Heath via unsplash.com 

10 comments:

  1. 15 May 2018 update

    ETSI Summit round up on Data Protection and Privacy - see links for presentations.

    http://www.etsi.org/news-events/news/1299-2018-04-news-etsi-etsi-summit-round-up-on-data-protection-and-privacy

    ReplyDelete
  2. 29 June 2018

    "Unless America steps up with its own rules, GDPR will become the global norm", says Suzan Delbene, Democratic member of the US House of Representatives

    https://www.ft.com/content/d8a70f22-7a12-11e8-af48-190d103e32a4

    ReplyDelete
  3. 29 July 2018 update

    Standardisation of blockchain technologies and distributed ledger technologies.

    https://www.iso.org/committee/6266604.html

    ReplyDelete
  4. 3 Sep 2018 update

    UK media and telco industries demand more red tape for social media content

    http://telecoms.com/491891/uk-media-and-telco-industries-demand-more-red-tape-for-social-media-content/

    ReplyDelete
  5. 24 October 2018 update

    Apple and Facebook call for EU-style privacy laws in US

    One interesting question is whether it will be a copy-and-paste approach.

    https://www.ft.com/content/0ca8466c-d768-11e8-ab8e-6be0dcf18713

    ReplyDelete
  6. 20 Nov 2018 update

    Food companies fail to agree on new nutrition label in Europe


    Please use the sharing tools found via the share button at the top or side of articles. Copying articles to share with others is a breach of FT.com T&Cs and Copyright Policy. Email licensing@ft.com to buy additional rights. Subscribers may share up to 10 or 20 articles per month using the gift article service. More information can be found at https://www.ft.com/tour.
    https://www.ft.com/content/8005ec16-eca5-11e8-8180-9cf212677a57

    But after trials in several countries and consultation with academics and consumer groups, the companies could not gain consensus around the new portion-based, colour-based scheme, said Bart Vandewaetere, a Nestlé government affairs executive.

    “Colour coding of food labels is very controversial in continental Europe,” said Mr Vandewaetere. “We need leadership from the European Commission to come up with a common approach.”

    https://www.ft.com/content/8005ec16-eca5-11e8-8180-9cf212677a57

    ReplyDelete
  7. 31 Dec 2018 update

    The data economy is global, and EU legislation should provide a regulatory environment that enables European operators to harness the full potential of data to compete globally.

    https://www.computerweekly.com/opinion/Beyond-GDPR-Why-ePrivacy-could-have-an-even-greater-impact-on-Europe

    ReplyDelete
  8. 1 April 2019 update, not an April's Fool joke

    Facebook founder and CEO Mark Zuckerberg has governments and regulators to play a more active role in developing new rules for the internet.

    http://telecoms.com/496675/facebook-calls-on-governments-to-help-control-content-on-the-internet/

    ReplyDelete
  9. 2 April 2019 update

    The extract below illustrates the importance of an open governance framework.



    In selecting James, Google is making clear that its version of “ethics” values proximity to power over the wellbeing of trans people, other LGBTQ people, and immigrants. Such a position directly contravenes Google’s stated values.



    https://medium.com/@against.transphobia/googlers-against-transphobia-and-hate-b1b0a5dbf76

    ReplyDelete
  10. 24 April 2019 update

    Speaking at an event organised by Time magazine, Cook said “We all have to be intellectually honest, and we have to admit that what we’re doing isn’t working. Technology needs to be regulated. There are now too many examples where the no rails have resulted in a great damage to society.”

    http://telecoms.com/497015/apple-boss-wants-more-state-intervention-in-tech-business/

    ReplyDelete