The Internet of Things, often abbreviated to IoT, is a reference to devices connected to each other and other systems via the internet. The term is most commonly used to describe electronic devices which traditionally have not been connected in this way.
The ability for devices to communicate with each other (and others) is a key element of the Internet of Things.
Examples of the IoT
The convenience which IoT can bring to consumers means that it has found real traction in the home environment and when people refer to the IoT they are typically referring to household appliances and consumer products like smart speakers.
For example, any household device which you can control from a smart phone, such as a door, bulb, light fitting or kettle, is part of the IoT. If you can close your blinds from anywhere in the world with a tap on a smart watch or turn the heating on as you head back from the airport at the end of your holidays, then you are enjoying the convenience of the IoT.
The potential is almost unbound, from the environments of our cars to our houses and offices, if you can think of an electronic device there is probably an internet connected version out there and, if there isn’t today, there probably will be soon.
What are the key legal risks?
As with so much when it comes to technology, consumers and businesses have seized the time saving benefits without considering the trade-off they are making. When it comes to the IoT that trade-off, and one of the biggest legal risks, comes around security and privacy.
Security has, traditionally, been one of the last things to concern hardware manufacturing, especially when building high volume, fast moving consumer goods. After all, if consumers don’t appreciate the risks, they won’t be prepared to accept the increased costs added security entails. A manufacturer sourcing components and faced with the choice between a more expensive but more secure element, knowing they can’t pass that cost onto their consumer, might be tempted to go for the cheaper, and more riskier option. IoT exacerbates this by requiring human data input and sharing of data via the internet – all inherently unsecure.
Since May 2018, manufacturers have had a legal obligation to build using the principles of ‘privacy by design’. Businesses in this sector will therefore need to ensure that their security credentials are up to scratch. This obligation will be rarely more important than when dealing with consumers. For example, a security flaw in your internet enabled door bell could mean thieves could tell when you’re home and when you’re away. Consumers might think twice, regardless of the convenience the device would other wise bring. In such a scenario, were there to be a security compromise which resulted in a break in, the manufacturer could find themselves liable. Then you have to factor in the reputational issues.
Security goes hand in hand with privacy. Since the introduction of the GDPR those collecting data and those wanting to access and use that data have had to play by a new set of rules. Consumers need to know the detail about how, where and why data is being used, stored, and shared. For example, the dairy industry might be interested in data from a connected fridge which shows how much milk a household is consuming. Would consumers be happy with their data being used in this way? What if the data also allowed the dairy company to work out how many people were in the property, their dietary requirements or even make educated guesses about the individuals (such as religious beliefs) based from the products in this fridge? What if that data could be sold for commercial purposes? Consumers are becoming increasingly savvy about their rights.
Any business looking to use data collected from IoT devices will have work to do to ensure they are GDPR compliant.
For many of those businesses looking to be part of the IoT revolution, collaboration is going to be key. On projects such as these it is rare for one business to have all of the skills needed to build a product and to take it to market. Where this happens through collaborations, businesses will need to consider the correct legal vehicles for the project. Do the risks merit ring-fencing the venture in a new business or is some other form of joint venture or partnership more appropriate?
Businesses will also need to be aware of the risks of sharing information with collaborators. They will need to ensure that their IP is protected and properly licenced to others in the project and thought will need to be given to how any revenue can be shared.
The IoT brings exciting opportunities for consumers and businesses alike but businesses will need to ensure they abide by increasingly stringent laws on security and privacy whilst ensuring they are protected in their dealings with collaborators.
Ben Travers is a partner and head of intellectual property and IT at Stephens Scown LLP. The team is one of the largest specialist teams of its kind in the UK and advises businesses in the South West and beyond on how to protect and exploit their IP, contract issues and data protection. To contact Ben, please call 01392 210700 or email firstname.lastname@example.org.