The Internet of Things experienced a massive acceleration in 2016, but what are the predictions for 2017? What should we expect?

Below are my personal top 5 predictions on the legal issues that will affect the Internet of Things in 2017.

1. The Internet of Things is not just a technology, but will change the models of business

The general understanding is that Internet of Things technologies just rely on sensors which can lead to predictive maintenance and additional efficiency. However, this is only part of the picture. It is happening a major shift from a model of business based on the provision of products to

  1. a model of business based on the offering of services and
  2. in case of B2B transactions relating especially to Industry 4.0 technologies to a profit sharing approach.

This shift has considerable legal consequences. Indeed, sensors enable to obtain a very large number of information about customers not only in terms of personal data, but even of trade secrets and confidential information, leading to new legal issues (previously never experienced) on, among others, data protection, intellectual property, cyber security and product liability.

2. Banks and insurance companies will adopt Internet of Things technologies to survive

Connectivity, telematics and digitalisation are not an option for banks and insurance companies. If they want to “survive“, they will have to innovate and do it fast. FinTech and InsuranceTech are on the agenda of all these companies, but they require also an expeditious change in the approach to the business by the whole company.

But, as I mentioned in a previous blog post, “you cannot do I(o)T alone“. The Internet of Things requires the setting up of partnerships which need to enable interoperabilities between technologies of different suppliers. This might lead to major cyber security issuesthat shall be handled by means of appropriate technical and legal measures such as the implementation of a cyber security policy in order to test products and a cyber risk procedure to react to cyber attacks as well as through the implementation of a privacy by design approach and the performance of privacy impact assessment.

Also, when FinTech and InsuranceTech meet the IoT, new legal issues. These issues are often addressed very late by banks and insurance companies, even because they put their legal department out of their “comfort zone“. This is why both the management and the legal department of those companies need to evangelised about the new legal problems deriving from these technologies.

3. Privacy by design will protect IoT businesses

The EU General Data Protection Regulation (GDPR) poses considerable new risks on Internet of Things technologies especially in the current uncertainty as to the allocation of the responsibilities between the different parties involved and the regulatory obligations. At the same time, as showed by the recent cyber attacks that exploited IoT technologies, it is not possible to be 100% protected from potential cyber risks.

The matter cannot be underestimated given the potential fines provided by the GDPR. Also, the new principle of “accountability” prescribed by the EU Privacy Regulation places the burden of proving compliance with the regulation on the investigated party, leading to what is commonly known as “probatio diabolica” (evidence of the evil…).

The implementation of a privacy by design approach, accompanied by the performance of a privacy impact assessment, enables companies to prove the adoption of whatever was required by applicable data protection laws putting businesses in a much safer position. However, their implementation requires a continuous review in order to be a valid defence. This review shall follow not only the launch of new services and functionalities, but also the development of technologies and security requirements.

And the matter is even more complex in the case of usage of artificial intelligence technologies that will pose not only data protection and liability issues, but also new ethical issues.

4. Industry 4.0 technologies will lead to a battle on data ownership

Companies are reaching a higher level of awareness as to the value of data. This is relevant when it comes to personal data for which it is necessary to identify techniques aimed at preserving their value for the business collecting it enabling at the same time to ensure privacy compliance.

But the matter is becoming exponentially prominent when it comes to industrial data generated by Industrial Internet of Things technologies. Suppliers and exploiters of Internet of Things are assessing the best placed legal basis to protect its data. Long negotiations are expected on who is the owner of data generated by the usage of Industry 4.0 technologies. Is it more relevant to keep control on data or to have it aggregated to big data in order to ultimately gain a better service?

The above is happening during a period when European regulators are planning to expressly expand data protection and copyright regulations in order to cover that generated/collected by IoT technologies.

5. Blockchain is a resource for the IoT, but the market is still hesitant

The blockchain technology is very useful for the exploitation of IoT devices as outlined in this article. But, also because of some negative publicity around Bitcoin, there are still considerable concerns about its usage.

Companies might not be able to afford risks associated to a technology which might get out of control of its exploiters leading to issues as to the allocation of the relevant responsibilities. However, the adoption of “closed” blockchains might vanish the high level of security ensured by an open blockchain. I wonder whether the right balance will be identified in 2017.

If you found this article interesting, please share it on your favourite social media!