Legal world of internet of things

As with any significant evolution of telecoms and technology, come the inevitable questions about the adequacy of the legislation and regulatory principles governing the internet of things (IoT) ecosystem.

To thrive and reach its revolutionary potential does the IoT require more law and regulation or less?

Given that the IoT industry is one that analysts at McKinsey predict is going to be in its trillions in the next five to ten years, it may be surprising to learn that there is no dedicated legislation to the internet of things. In the absence of specific legislation, IoT is governed horizontally, by legislation concerning telecoms (the legal terminology refers to “electronic communications”), data privacy and security, intellectual property, safety and environmental, and competition, among others.

This is not to say that it has escaped the attention of lawmakers and regulators; quite the contrary. The IoT legal landscape has been – and continues to be – an important area of focus for many influential industry regulatory bodies. The Organisation for Economic Co-operation and Development, European Commission, Federal Trade Commission and the GSMA mobile operators’ organisation, to name just a few, have all identified a number of bottlenecks and challenges which need to be addressed.

There is little doubt that legislation and regulation to support and facilitate the IoT will happen. It is just a question of the shape and form that this takes; whether it will be by way of principles designed to enable the IoT ecosystem to continue to innovate and evolves – spectrum policy being an obvious example – or whether we will be seeing the equivalent of an “Internet of Things Act”.

There is little doubt that legislation and regulation to support and facilitate the internet of things will happen

I think the former more likely and I will share with you why. The legal issues that arise from the IoT are by and large not new issues. They are issues we lawyers have dealt with for over a decade, for instance use of telecoms spectrum, data privacy, liability, security, standardisation, patent protection.

There is pretty robust and much debated legislation already in place that addresses many of these, and such legislation is under scrutiny and evolving all of the time. The real issue stems from the fact that, by its very nature, the IoT blurs the distinction between what is private and what is public. Hence the opportunity for data misuse is greater, the risk of security hacking higher and the liability position more complex, given that an IoT value-chain can involve five or more vendors. Hence enterprise-users, customers, providers, mobile network operators and all the other potential parties in the IoT value-chain have to pay far greater consideration to the legal environment, to leverage this to their advantage, and build it into their business plans, risk profiles and consumer communications.

Alongside this is the fact that the majority of IoT and machine-to-machine (M2M) communications are based on a finite and valuable resource – spectrum. While fixed networks can sometimes be used, the real strain comes on the mobile telecommunication networks. Even though IoT applications are not data-consumption heavy, the “always on” nature multiplied by the cumulative effect of the increasing number of devices that are predicted to be out there, means that better and more efficient use of spectrum is a necessity.

White spaces, small cells, wi-fi all become more important telecoms technologies, as is the deployment of the next generation of networks. Indeed in its 2014 Spectrum Strategy Statement, the UK government specifically acknowledged it had an important role to ensure that spectrum is available to stimulate innovation and growth, citing the social and economic benefits of the IoT and M2M as a key driver behind this statement.

IoT is also a key influencer in the legislative proposals that are going through the European Parliamentary process at the moment for a single telecoms market. Given that the demands of many M2M users and customers are multi-regional or global in nature, the European fragmentation of differing legal and regulatory environments governing telecom networks is one that can hinder deployment and adoption of the IoT.

The new framework, dubbed the Connected Continent package, is intended to address this fragmentation. Its aim is to create a true single market, making it easier to operate across Europe’s borders. The implementation of the new legislation could come as soon as the end of this year.

Where does this leave those in the IoT ecosystem? Just as the IoT is as much about transforming existing products and services, and unlocking additional revenue streams, as it is about creating entirely new ones, regulators and lawmakers are thinking on the same lines. They are considering, using, adapting and transforming what is already there.

But keep an eye out – it may not be a new piece of law, but many of these transformative changes are literally just around the corner.