The IoT unveils the potential of data, but regulatory boundaries cannot be ignored. This is my message as part of SAP’s Insights on the Future of the Internet of Things.
The IoT is a business of trust
Businesses are not investing yet in creating a “culture of data’s value” among their customers.
Many businesses are just trying to find ways to collect as much data as possible, in the most hidden and business-oriented manner, to avoid the risk that customers might object to that.
This is because they see a potentially massive source of income in IoT and the data generated through it, and they prefer to opt for the shortest route to the goal. However, this is, a self-destroying strategy. Sooner rather than later, customers will lose trust in their providers that are stealing their data in a surreptitious manner. At the same time, such a strategy might lead to reactions from regulators that increase applicable sanctions.
On the contrary, if a business is able to convey to its customers the value that their data has for it and the service which it is providing in exchange of such data, a much stronger link of trust will pay off in long term.
SAP’s Insights on the Future of the Internet of Things
The above is my contribuition to SAP’s Insights on the Future of the Internet of Things which is an ebook containing intuitions about the IoT and its impact on the future of busines from 21 experts including, in addition too myself, Christina CK Kerley, Ian Gertler, Ronald van Loon, Yves Mulkers, Dion Hinchcliffe, Evan Kirstel, Christian McMahon, Maribel Lopez, Bob Egan, Bob McCabe, Ahmed Banafa, Eric Kavanagh, Ken Herron, Joan Carbonell, Jim Harris, Daniel Newman, Chuck Martin, Dez Blanchfield, Isaac Sacolick and Brian Solis.
It is interesting, and maybe it is not a coincidence, that I am the sole lawyer contributing to this thought leadership manual. A privacy by design approach and therefore the need to consider data protection implications from the very beginning of the designing of a product is still far from becoming a reality. The sanctions prescribed by the General Data Protection Regulation will be an incentive, but the real incentive will be that the designing of a privacy compliant IoT technology will enable to grant a competitive advantage.
Likewise, cybersecurity is often seen as just a technical issue. But the IoT cannot be 100% secure. It is necessary to read cybersecurity obligations also under a compliance perspective. This is in order to prove to have adopted the most appropriate measures to protect the business from a cyberattack, also through a cyber security insurance policy for instance, and to be able to react to a data breach.
Finally, once you get the IoT data, you need to be able to exploit it. And identifying the most appropriate legal basis to retain the exclusivity and the exploitation rights is a major challenge in a business where data is becoming considerably valuable.
What is your view on the above? As usual, if you found this article interesting, please share it on your favourite social media!