April 11, 2016

As the IoT evolves, so do regulation and enforcement experts say at IP Law conference

From smartphones and smart cars, to smart TVs, smart watches and even smart concrete (yes, embedded chips that measure its strength over the years), the hundreds of thousands of connected devices that make up the universe called the Internet of Things continue to evolve and change the way we live our lives — even while we are asleep.

According to a report by the McKinsey Global Institute, the IoT is expected to have a worldwide economic impact of $3.9 trillion to $11.1 trillion per year by 2025, which will represent an estimated 11 percent of the world’s economy. While the technology is moving at lightning speed, it has taken a few years for the regulatory framework to catch up with this relatively new industry and the legal issues it has spawned such as competition, security and privacy.

“The Internet of Things: What’s on the Horizon for Copyright and Privacy Practitioners?” featured a panel of experts discussing these intellectual property and related data security and privacy issues at the 31st Annual Intellectual Property Law Spring Conference on April 7 in Bethesda, Md. Led by moderator Steven Emmert of RELX Inc. of Washington, D.C., the panelists addressed topic ranging from copyright and ownership, to data security, privacy and government regulation. They assessed the issues developers and end-users should consider and will likely encounter as new technologies continue to expand into the processes of business and the consumer.

Christina D. Frangiosa, with Semanoff Ormsby Greenberg & Torchia LLC in Huntingdon Valley, Pa., spoke about the copyright issues surrounding the IoT. Her presentation covered such areas as what statutes would prevent users interfering with the way software works in a device, including computer programs in your car, and who owns the personal data that devices collect. She said many assume that because they own a device the data it collects is theirs. “That is not exactly true, certainly not from a copyright perspective,’’ Frangiosa said. “We have a long line of cases that talk about how raw data does not garner copyright protection.” Instead, the protection applies to the compilation of selected data.

Panelist John Pavolotsky, a senior counsel with Intel Corp. in Santa Clara, Calif., talked about drones and data licensing and how they are connected to the IoT. He noted the technology is so new that federal and state regulators are still formulating policy and guidelines. The FAA issued proposed regulations in February 2015 while states (26 have laws on the books) and local jurisdictions are also very active in drafting guidelines and regulations. Some concerns are IP law, privacy and product liability. “Right now, there is nothing specific about product liability for drones on the federal level but there probably will be,’’ Pavolotsky said. He said novel issues to keep an eye on are drone data ownership and industrial espionage.

Kenneth K. Dort of Drinker Biddle & Reath LLP in Chicago spoke of data security and privacy issues generated by the Internet of Things. He said for all the benefits of this new technology there is an accompanying set of risks. “On the consumer side, the biggest risk is unauthorized access and misuse of the information,” Dort said. “You typically are going to have third parties handling the underlying process of the data.  You need to be very aware of who has access to that data.” On the commercial side, Dort said companies need to focus on privacy and security when designing their products. “You need to know what data is being collected, how it is going to be used, how it’s being stored and how it’s being protected.”

The final panelist was Kelly A. DeMarchis, an attorney with Venable LLP in Washington, D.C. She provided an overview of the regulatory framework around the IoT. “What I think is really interesting in this emerging technology phase is how data security issues are being regulated and talked about really mirrors the broader privacy debate that is happening in Washington,” DeMarchis said.

The Federal Trade Commission is the traditional regulator and enforcement agency of privacy and data security but DeMarchis said there is a turf war around privacy, which she said has become “politically popular.” She said the rise of the Consumer Financial Protection Bureau has usurped some of the FTC’s traditional authority in privacy. The Federal Communications Commission and the Department of Commerce are other players in the privacy space, according to DeMarchis. The FTC has issued two enforcement actions against companies around the IoT and has issued several reports, including one on the Internet of Things, which highlights the benefits of the technology and the potential risks. The Senate Commerce Commission also has held hearings on the IoT.

DeMarchis declined to predict what’s ahead on the regulatory front for the IoT, citing the ongoing turf wars, the presidential election and an understaffed FTC (down two of its five commissioners). “I do think that industry will become more responsive,” she said, noting that the auto industry last year distributed to its members the first self-regulatory coded IoT driving data collected from connected vehicles. “So I think other industries will gather their forces and put forth their best practices,” she said, “which is what you generally see when there is sort of a regulatory vacuum at the top.”