By some estimates, there will be 25 billion connected devices by 2015. The massive increase in connectedness that will stem from the so-called Internet of Things (IoT) will drive a wave of innovation that could generate up to $19 trillion in savings over the next decade.
IoT derives from the impending steep rise in "machine-to-machine" (M2M) interconnectivity that will evolve as companies embed more and more everyday physical objects – TVs, cars, refrigerators – with the technology to collect and transmit data about their use and surroundings. As that happens, existing issues will take on new dimensions.
The problem is that, just as technologies combine to open up unforeseen opportunities, the legal consequences of those technology combinations may also increase exponentially. The likely regulatory consequences of the IoT are significant and are associated primarily with the collection and use of vast quantities of data.
The IoT will enable the creation and sharing of massive new reservoirs of data about individuals' habits, behaviour and personal preferences. This reinforcement of global society's reliance on data makes the laws and regulations that protect data privacy and limit data use even more fundamentally important.
Regulatory bodies, including the US Federal Trade Commission and the European Commission, are already turning their attention to the potential privacy and security issues that the IoT undoubtedly presents. In the main, these issues relate to ensuring that the principles of privacy and data protection, such as informed consent and data minimisation, are adhered to in the era of mass M2M communication.
One of the most significant risk areas stems from the fact that devices are able, and intended, to communicate with each other and transfer data autonomously. With applications operating in the background, individuals may not be aware of any processing taking place, and the ability for data subjects to exercise their data protection rights may therefore be substantially impaired. The risk that data may be used for purposes in addition to or other than those originally contemplated and specified by the data subject becomes even greater in the IoT.
The IoT also provides hackers with more vulnerabilities to exploit and creates significant security risks. Such risks could take a variety of forms, depending on the nature of the data and device in question. In the context of e-health, the collection and rapid exchange of sensitive personal information in an interconnected and open environment not only increases risks in respect of patient confidentiality, but also has the far more alarming potential to endanger life if one takes the example of implanted medical devices administering drugs on the basis of autonomous data inputs.
For companies seeking to exploit IoT, one of the key issues is that deploying M2M technology effectively in so-called cyberphysical environments, requires reliance on many different systems, APIs and networks, so the issue becomes how to integrate solutions across platforms.
Looking ahead, lawmakers and standards bodies need to determine what approach to take in addressing these issues. And companies bringing IoT-enabled channels to market need to anticipate the issues as well as overcoming the technical issues of integration and interconnectedness. The potential threats to security and privacy vary considerably and the breadth of challenges presented means that a one-size-fits-all approach to policy and regulation on the one hand – and commercial exploitation on the other hand – is unlikely to work.