The Internet of Things and a Balanced Approach to Regulatory Intervention
To say that the Internet has changed and penetrated our lives is without doubt an understatement. As cliché as it may sound, Internet technology has already had an effect of historic proportions for humanity. What is even more amazing is the fact that the real impact is yet to be seen and is only a few years away.
Today, using and benefiting from the wonders of the Internet typically involves a communication device—like a PC, a tablet or a mobile phone—that serves as an interface mechanism for the user. Browsing the web, shopping online and communicating by e-mail have become second nature to anyone with access to a device connected to the Internet, and the fact that this can happen on the move in all but the most remote places on the planet only makes the whole experience more ordinary.
But the truth is that we have seen nothing yet! A few glimpses of our current technological development show what is likely to happen next and the potential reach of the next stage in the evolution of the Internet.
The idea that things we do in the offline real world—like making breakfast, going to school, commuting to work, buying groceries, watching the telly and so on—could somehow be interconnected with each other through Internet technology in a sort of automatic way has the flavour of a 1960s science fiction cartoon. However, that was precisely the kind of thing that a group of visionary engineers had in mind when, in the late 1990s—as the Internet was starting to catch on—they came up with the concept of the “Internet of Things.”
Their vision was that rather than having to rely on constant human intervention for feeding the Internet with instructions and information, everyday items—coffee machines, cars, fridges, central heating systems, TVs, tooth brushes…you name it—could rely on the power of the Internet to provide even greater value and more convenient uses to their users. Before we start thinking of this as a prequel for “Terminator,” this vision was not about machines running wild and taking over our lives, but about exploiting relatively straightforward and widespread technology to make our lives…easier, more pleasant, more productive, lazier???
It is early days for some of the immediately graspable applications of the Internet of Things to become the norm. I still text my neighbour on my last day of holiday asking him to pop into my house and turn on the heating rather than log onto my gas company smart console device to do it remotely. We still rely on weekly shopping lists rather than ask our fridges what we have run out of.
Our everyday offline life is basically still pretty offline.
On the other hand, data from trains, crops, water pipes, smart meters and even running shoes is now being digitally collected for our efficiency and enjoyment. As technology evolves, every object on the planet could end up being a node in a truly ubiquitous network of networks. Not even the sky is the limit. The possibilities are as wide as our imagination and for the more sombre thinkers, so are the risks. Privacy and security are at the top of the risk list and that has not gone unnoticed to policymakers.
In 2012, the European Commission carried out a public consultation which sought views on an appropriate policy approach to foster a dynamic development of the Internet of Things. The commission has recently published its report on the consultation and the findings reflect an unfortunately common polarisation of views. The commission's report shows that far from being consensus as to the need for and scope of public intervention in connection with the Internet of Things, there are two clearly distinguishable factions: the so-called industry camp and the interested citizens, civil society and consumer organisations camp. The industry argued strongly against any kind of intervention in a sector which is still in its infancy and claimed that Internet technology should develop further before appropriate policy measures can be devised. The other side claimed that a new and stronger data protection framework was needed so that people can be fully in control of their data.
According to the civil society group of respondents to the commission's consultation, the required new framework needs to incorporate elements such as consent, purpose limitation, data anonymisation, transparency, privacy by default and by design, system security, data deletion, accountability and regulatory audits. A real mouthful of measures, which according to this group must override any economic considerations given that fundamental rights like privacy, security and other ethical issues are at stake.
As is often the case, the views expressed will be seen as antagonistic by each other and, worst of all, could have the regrettable effect of deafening the debate and preventing a balanced approach to regulatory intervention.
We cannot afford that to be the case.
Not just because of its potentially unreasonable effect on economic prosperity, but because there is a correct level of intervention that must be found and applied for everyone's benefit. As the Internet evolves, so does the need for privacy and security public policy. The most appropriate outcome may be debatable, but one thing is clear: Responsible policies and norms must take into account real and likely opportunities as well as threats, not greedy dreams or extreme conspiracy theories.
About the Author
Eduardo Ustaran, CIPP/E, is a dually qualified English solicitor and Spanish abogado based in London and an internationally recognised expert in privacy and data protection law. He has been named by Revolution magazine as one of the 40 most influential people in the growth of the digital sector in the UK and is ranked as a leading individual for data protection by Chambers UK. Ustaran is also the author of The Future of Privacy, a book aimed at reshaping the global debate around data and privacy. Ustaran advises on the impact of EU data privacy law on the operational activities of all types of organisations and has assisted data protection regulators from different countries to align their positions and interpretation of the law. He is editor of Data Protection Law & Policy and a member of the panel of experts of DataGuidance. Ustaran is co-author of E-Privacy and Online Data Protection and of the Law Society’s Data Protection Handbook.