May 6, 2018

Who is setting the IoT agenda?

Several weeks ago, I was in a briefing call with a panelist who was preparing for an event on privacy and security challenges in the IoT market. This was in the context of possible guidelines emanating from the US government.

There was the usual discussion about the pros and cons of light-touch and self-regulatory approaches, in keeping with the conditions that fostered innovation and investment in the Internet.

However, the world has moved on since the late-90s; it is worth spending time to reflect on today's conditions and what new approaches are warranted. And, to what extent will US agencies set the future direction?


The Internet is deeply integrated in our everyday lives. And, the proliferation of IoT sensors and devices will only increase this level of integration and dependency. The security guru, Bruce Schneier, has pointed out that IoT security is too important an issue to be left to market forces and that the necessary precautions will only be met by a regulatory approach [1]. His might not be a lone voice. In the case of the much younger Bitcoin technology, for example, it is interesting to note the desire for private-sector players to call for regulation as a necessary condition for establishing a nascent market [2].

Going down the regulatory path, the issue then becomes one of who sets the regulatory rules. With the IoT being a global phenomenon, there is no guarantee of US leadership. Discussions in Washington D.C. might placate local firms. They risk missing the bigger picture of what is happening on the international playing field. Consider how the market for personal data is changing as firms adjust to the EU's GDPR initiative. GDPR (the General Data Protection Regulation) gives individuals significant new rights over how their personal data is collected.

In an innovative twist, GDPR applies to individuals (data-subjects) in the EU; it applies to any service provider and not just those domiciled in the EU. In the industry, it is not uncommon to hear of it referred to as the Global Data Protection Regulation. For evidence of GDPR's global impact, take a look at PayPal's recent disclosure of how it shares personal data with its network of 600 business partners [3]. Here is the same data in a more easily digestible format [4].

Having in effect set the global agenda for personal data, the EU's next step will most likely progress to rules for IoT and mixed-data assets.

In another example and at a local level, Uber is succumbing to regulatory pressure in the UK. In order to demonstrate its fitness to operate, Uber is offering to release proprietary data to help with transportation infrastructure planning. Through this gesture, Uber wants to show that it can be a better partner to the City of London [5].

These developments show that regulatory institutions can and will play a greater part in the IoT and new Internet-enabled service sectors. Innovators and investors in emerging sectors such as autonomous vehicles and data brokering, to pick two examples, should factor a pro-regulatory element into their strategies. This means engaging with the appropriate institutions and designing products/services with suitable monitoring and audit-reporting capabilities.

Strategically, it is no longer tenable to tell government, for example, to get out of the way and stop interfering with innovation.

[1] Security and the Internet of Things - https://www.schneier.com/blog/archives/2017/02/security_and_th.html

[2] Winklevoss twins pitch plan to regulate digital money http://www.businesstimes.com.sg/banking-finance/winklevoss-twins-pitch-plan-to-regulate-digital-money

[3] List of Third Parties (other than PayPal Customers) with Whom Personal Information May be Shared https://www.paypal.com/ie/webapps/mpp/ua/third-parties-list

[4] How PayPal shares your data - https://rebecca-ricks.com/paypal-data/

[5] Uber offers to share journey data with London city planners -https://www.theguardian.com/technology/2018/mar/15/uber-offers-to-share-journey-data-with-london-city-planners

IMAGE CREDITS: Victoria Heath via unsplash.com 

17 comments:

  1. 15 May 2018 update

    ETSI Summit round up on Data Protection and Privacy - see links for presentations.

    http://www.etsi.org/news-events/news/1299-2018-04-news-etsi-etsi-summit-round-up-on-data-protection-and-privacy

    ReplyDelete
  2. 29 June 2018

    "Unless America steps up with its own rules, GDPR will become the global norm", says Suzan Delbene, Democratic member of the US House of Representatives

    https://www.ft.com/content/d8a70f22-7a12-11e8-af48-190d103e32a4

    ReplyDelete
  3. 29 July 2018 update

    Standardisation of blockchain technologies and distributed ledger technologies.

    https://www.iso.org/committee/6266604.html

    ReplyDelete
  4. 3 Sep 2018 update

    UK media and telco industries demand more red tape for social media content

    http://telecoms.com/491891/uk-media-and-telco-industries-demand-more-red-tape-for-social-media-content/

    ReplyDelete
  5. 24 October 2018 update

    Apple and Facebook call for EU-style privacy laws in US

    One interesting question is whether it will be a copy-and-paste approach.

    https://www.ft.com/content/0ca8466c-d768-11e8-ab8e-6be0dcf18713

    ReplyDelete
  6. 20 Nov 2018 update

    Food companies fail to agree on new nutrition label in Europe


    Please use the sharing tools found via the share button at the top or side of articles. Copying articles to share with others is a breach of FT.com T&Cs and Copyright Policy. Email licensing@ft.com to buy additional rights. Subscribers may share up to 10 or 20 articles per month using the gift article service. More information can be found at https://www.ft.com/tour.
    https://www.ft.com/content/8005ec16-eca5-11e8-8180-9cf212677a57

    But after trials in several countries and consultation with academics and consumer groups, the companies could not gain consensus around the new portion-based, colour-based scheme, said Bart Vandewaetere, a Nestlé government affairs executive.

    “Colour coding of food labels is very controversial in continental Europe,” said Mr Vandewaetere. “We need leadership from the European Commission to come up with a common approach.”

    https://www.ft.com/content/8005ec16-eca5-11e8-8180-9cf212677a57

    ReplyDelete
  7. 31 Dec 2018 update

    The data economy is global, and EU legislation should provide a regulatory environment that enables European operators to harness the full potential of data to compete globally.

    https://www.computerweekly.com/opinion/Beyond-GDPR-Why-ePrivacy-could-have-an-even-greater-impact-on-Europe

    ReplyDelete
  8. 1 April 2019 update, not an April's Fool joke

    Facebook founder and CEO Mark Zuckerberg has governments and regulators to play a more active role in developing new rules for the internet.

    http://telecoms.com/496675/facebook-calls-on-governments-to-help-control-content-on-the-internet/

    ReplyDelete
  9. 2 April 2019 update

    The extract below illustrates the importance of an open governance framework.



    In selecting James, Google is making clear that its version of “ethics” values proximity to power over the wellbeing of trans people, other LGBTQ people, and immigrants. Such a position directly contravenes Google’s stated values.



    https://medium.com/@against.transphobia/googlers-against-transphobia-and-hate-b1b0a5dbf76

    ReplyDelete
  10. 24 April 2019 update

    Speaking at an event organised by Time magazine, Cook said “We all have to be intellectually honest, and we have to admit that what we’re doing isn’t working. Technology needs to be regulated. There are now too many examples where the no rails have resulted in a great damage to society.”

    http://telecoms.com/497015/apple-boss-wants-more-state-intervention-in-tech-business/

    ReplyDelete
  11. 25 September 2019 update

    via Benedict Evans

    "there is a tendency to frame this conversation in terms of the Chinese government and the US constitution. But no-one outside the USA knows or cares what the US constitution says, and Megvii already provides its ‘smart city IoT’ products to customers in 15 countries outside China. The really interesting question here, which I think goes far beyond face recognition to many other parts of the internet, is the degree to which on one hand what one might call the ‘EU Model’ of privacy and regulation of tech spreads, and indeed (as with GDPR) is imposed on US companies, and on the other the degree to which the Chinese model spreads to places that find it more appealing than either the EU or the US models."

    https://www.ben-evans.com/benedictevans/2019/9/6/face-recognition

    ReplyDelete
  12. 13 Aug 2020 update

    Internet of Things: How the U.K.’s Regulatory Plans Could Raise Compliance Standards

    The U.K. government is concerned that despite the introduction of a self-regulatory Code of Practice in October 2018 (COP), there are still significant security flaws in many products on the market. The U.K. proposals seek to expand on the COP, which covers 13 areas (or outcome-focused guidelines) that are widely considered good practice, including requirements that all IOT device passwords are unique, all software is securely updatable, and users have clear transparency and control over the use of their data. The code is expected to be revised by the U.K. government at least every two years.

    https://www.natlawreview.com/article/internet-things-how-uk-s-regulatory-plans-could-raise-compliance-standards

    ReplyDelete
  13. 24 March 2021 update

    Regulators are your friend

    Lopokoiyit wants fintech companies and innovative start-ups to embrace engagement with regulators in their jurisdictions. “We work with them every single time. There is no product and service that we launch without the regulator. We actually have discovered it is better to, even on a concept stage, to engage the regulator.

    https://www.howwemadeitinafrica.com/m-pesa-ceo-savings-wealth-management-and-insurance-the-next-big-opportunities-for-fintech-in-africa/

    ReplyDelete
  14. 11 June 2021 update

    Public consultation on the draft OECD Recommendation on Agile Regulatory Governance to Harness Innovation

    The COVID-19 crisis has magnified the above-mentioned challenges and forced governments to rethink their approach to rulemaking. The social and economic disruption that the pandemic has wrought further highlights the strategic importance of developing more agile and co-ordinated regulatory approaches to increase responsiveness and resilience in changing environments, harness the opportunities provided by innovation and protect the public interest. As governments rebuild afresh, they must ensure that the innovation that will power economic growth and solve the world’s most pressing social and environmental challenges is not held back by regulations designed for the past.

    https://www.oecd.org/gov/regulatory-policy/public-consultation-on-the-draft-recommendation-for-agile-regulatory-governance-to-harness-innovation.htm

    ReplyDelete
  15. 8 March 2023 update

    What Washington Gets Wrong About China and Technical Standards

    Over the past four years, Washington’s foreign policy establishment has stumbled on a new arena for competition with China: international technical standards. During that time, standards have been the focus of news stories, think tank reports, and even several pieces of federal legislation. Across these, the master narrative is largely the same: technical standards are a key part of technology competition, China is taking over international standards bodies, and it is successfully manipulating those standards as part of its quest for global tech domination.

    Parts of that narrative ring true. Technical standards are a critical part of the global technology ecosystem because they facilitate trade, can give first-movers a competitive advantage, and can generate significant revenue for companies with large patent portfolios. The Chinese government has a track record of trying to manipulate international organizations, and Chinese participation at international standards bodies is increasing.

    But Washington’s master narrative around technical standards is wrong. It’s not wrong because the Chinese Communist Party is a trustworthy actor in these arenas—it isn’t. The narrative is wrong because it fundamentally misunderstands what international technical standards do and how standards development organizations (SDOs) operate. There are real concerns when it comes to China and technical standards, and those concerns require targeted actions. But to make the right prescription, the U.S. policy community must first correctly diagnose the problem.


    https://carnegieendowment.org/2023/02/27/what-washington-gets-wrong-about-china-and-technical-standards-pub-89110

    ReplyDelete
  16. 16 November 2023 update

    China Gains as U.S. Abandons Digital Policy Negotiations

    The future of U.S. global digital policy hangs in the balance following a shock decision by the office of the United States Trade Representative (USTR) that the United States no longer supports provisions that protect cross-border data flows, prohibit forced data localization, safeguard source code, and prohibit countries from discriminating against digital products in the World Trade Organization (WTO). The USTR’s previous position allows data to flow freely, with restrictions as the exception, in contrast to China’s position that seeks stricter control and oversight based on local law and regulation before allowing data to flow. While the difference between the two positions may have seemed rather technical, it served as the foundation for U.S. government support for an open Internet and digital economy. That foundation is now gone.

    As Nigel Cory and Samm Sacks write in Lawfare, without U.S. support for trade commitments against data localization, U.S. policymakers and companies will have a harder time pushing back on localization requirements in countries where U.S. and Chinese firms are in fierce competition for market share.

    The USTR’s decision has far-reaching implications for the future of governing the internet and data that will reverberate beyond the WTO and IPEF. The absence of U.S. advocacy for data flows sends the message to other countries that they can enact restrictions that will discriminate against U.S. firms—which undermines the U.S. economy and leadership in governing digital technologies.

    https://itif.org/publications/2023/11/16/china-gains-as-us-abandons-digital-policy-negotiations/

    https://www.lawfaremedia.org/article/china-gains-as-u.s.-abandons-digital-policy-negotiations

    ReplyDelete
  17. 12 Jan 2024 update

    On the theme of single-provider business models

    US regulator considers stripping inspection authority from Boeing employees

    Mid-air blowout of 737 Max 9 prompts review of system where company staff certify aircraft


    Please use the sharing tools found via the share button at the top or side of articles. Copying articles to share with others is a breach of FT.com T&Cs and Copyright Policy. Email licensing@ft.com to buy additional rights. Subscribers may share up to 10 or 20 articles per month using the gift article service. More information can be found at https://www.ft.com/tour.
    https://www.ft.com/content/1588974e-db75-4a02-9aff-deb0b75ed379

    The move to review the oversight programme, where Boeing’s own employees certify aircraft safety on behalf of the Federal Aviation Administration, was prompted by the grounding of some 737 Max 9s following the mid-air incident over Oregon last Friday. The so-called “organisation designation authorisation” earlier came under scrutiny when two Boeing 737 Max 8s crashed in 2018 and 2019.

    Mike Whitaker, FAA administrator, said the agency was “exploring” its options for using an independent third-party to oversee inspections of Boeing’s aircraft and its quality controls.


    https://www.ft.com/content/1588974e-db75-4a02-9aff-deb0b75ed379

    ReplyDelete