The law and the Internet of Things


The Internet of Things or the IOT is all around us, whether we realise it or not. Common devices that we see everyone wearing such as fitness bands, to smart grids that provide sustainable energy solutions are all part of the IOT ecosystem. A whole range of devices are becoming internet enabled or ‘smart’ such as smart lights, smart homes, smart refrigerators etc. These Internet-enabled devices facilitate interaction between themselves (machine-tomachine or M2M interaction), which require minimal human intervention. Minimal human intervention is a desired trait for many industries and sectors, as this can increase efficiency and productivity. However, like any other new technology, the law is still coming to grips with the challenges posed by the emergence of IOT.

The emergence of IOT has led to large-scale interaction between the various ‘internet enabled’ devices and exchange of huge volumes of data between them. This in turn has resulted in the existing laws and norms on privacy, data security, intellectual property and product liability being challenged or posing challenges to IOT in ways described below.

  1. Privacy and data security       

The IoT ecosystem is heavily dependent on data collection and transmission. Ordinary devices with connected sensors collect terrabytes of data through the Internet, enabling M2M interaction and processing of data for particular services. This data includes personal as well as sensitive personal information of the users such as bank account details, blood group of an individual etc. Before such data is collected from the users, express notice is given and consent to collect the data is obtained as required under the law. Privacy laws also requires giving an option to the user to withdraw consent, change the information in case of a mistake etc. This is easy to follow in case of ordinary smartphones and computers with a readymade interface where it can be done. However, in an IOT ecosystem, ordinary devices such as a wearable or a thermostat (with no proper interface) collect this data. Obtaining consent and adhering to the other requirements of privacy in these situations become difficult. Ensuring the security of this data in these devices also becomes an issue.

  1. Intellectual Property
  • The interconnected devices in the IOT ecosystem connect and communicate using standardised technology. Mostly the patent in these technologies are owned by third parties, the use of which may result in infringement of the rights of such third-party patent holders. Further, the parties holding these patents licence out the technology at exorbitant prices, making it difficult for small IOT manufacturers to have easy access. Every time the technology is used, it is a potential dispute for infringement. Technologies that are used widely in the development of the IOT infrastructure must be available to the industry without any such barriers or obstacles.
  • There are multiple stakeholders in an IoT transaction chain, with each stakeholder either collecting, processing or generating new data. These are generally large volumes of data that are extremely useful in analytics and further development of the IoT, with a commercial value of its own. As a result, questions on who owns this data will come up in these scenarios. This data may be further compiled in unique ways or databases, which will again be considered valuable intellectual property.
  1. Product liability

               An IoT device usually comprises of various components such as hardware, software and other service elements. Each of these components come with their own set of warranties and disclaimers. Therefore, any defect or deficiency in the IoT device is a complex issue, as it is difficult to pinpoint which component or who is responsible for the defect. This becomes difficult for the user/consumer to determine who he/she must go to for claiming compensation or repair. If all stakeholders in the transaction are disclaiming responsibility for the defect, it is possible that the consumer may not have a way out at all.

  1. M2M contracts      

The IoT devices interact among themselves without the user’s intervention and sometimes act on behalf of users. For example, an IoT refrigerator will place an order for milk from the local grocery store when the milk is about to get over. The refrigerator in this case is transacting on behalf of the owner every time it places an order for milk, without his/her interference or express orders. In effect, the IoT device is entering into a contract for the user, without his knowledge or express consent. However, the owner of the refrigerator may not realise that it he is entering into a contract, every time the refrigerator does so. In this regard, the question of whether the user is aware and has agreed for the device to enter into transactions on his behalf becomes crucial.

Clearly, there are significant legal challenges for the advancement of the IoT ecosystem, which will require a convergent view of law and technology and its impact on society in order to address these challenges. In subsequent conversations we will try and amplify the issues in the different legal impact factors we have discussed here. Part II to the series will attempt to address concerns around the first issue highlighted above i.e., privacy and data security.

This is Part-I to a four part series on The Law and the Internet of Things. This part provides a bird’s eye view on some key legal factors that will play a role in the growth of IoT in India. Each of the factors highlighted here will be discussed in detail in subsequent parts to the series.

Disclaimer: The views expressed in this article are the personal views of the authors and are purely informative in nature. The information provided does not constitute legal advice.

(Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the views of YourStory.)


Updates from around the world