chevron-down Created with Sketch Beta.
February 23, 2015 Practice Points

What Is the "Internet of Things" and What Are Its Legal Challenges?

By 2020, it’s estimated that 50 billion things will be connected to the Internet.

By Kelly Wilkins

The “Internet of Things” is the universe of smart devices that talk to the Internet or to one another. The devices have unique identifiers and the ability to automatically transfer data over a network on their own, without human interaction.

Some examples in the home include wifi-connected home-security systems, thermostats, cameras, refrigerators, and wearable technology. Some industrial examples include smart grid utilities, patient monitoring, connected commercial vehicles, and smart buildings and factories. Cisco estimates that there are about 200 connectable things per person in the world today. By 2020, it’s estimated that 50 billion things will be connected to the Internet.

Here are some interesting legal issues and challenges posed by the Internet of Things.

Device malfunctions. Product-liability law would apply when something goes wrong with a device that causes injury or damage. You can imagine scenarios where, for example, a remotely operated device might malfunction and cause water or fire damage. Or a home-security device that malfunctions and leaves doors or window open, allowing intrusions or burglaries. In this kind of instance, likely any company in the product chain (manufacturer, seller, app developer, installer, monitor) could potentially have some share of liability. User error could also play a role in incidents or malfunctions.

Data protection.Businesses and industries using data collected by the Internet of Things devices will need to manage and safeguard that data. They will need to have robust systems to protect against data breaches or misuse of data. They will need to ensure that data is only used for the original purpose consent to by the data subject (here, the end user). It may be especially challenging for companies to address consent by end users when they are using a product without a screen, for example. With applications running autonomously, end users may not even be aware of data processing that is happening.

Evolving regulations.Governments and regulators are paying attention to the Internet of Things. The U.S. Federal Trade Commission (FTC) is taking a serious look at what kind of regulations are needed for personal and home devices that collect and transmit user data. In 2013, the FTC took well-publicized action against a company whose web cameras were routinely hacked due to faulty software. The European Union published a report in 2013 on the results of its public consultation on the topic. It’s likely that there will end up being different regulations in different countries over the Internet of Things.

Kelly Wilkins, Snell & Wilmer L.L.P., Phoenix, AZ

Copyright © 2015, American Bar Association. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or downloaded or stored in an electronic database or retrieval system without the express written consent of the American Bar Association. The views expressed in this article are those of the author(s) and do not necessarily reflect the positions or policies of the American Bar Association, the Section of Litigation, this committee, or the employer(s) of the author(s).