A few important things about the "Internet of Things"

United Kingdom

This article was produced by Nabarro LLP, which joined CMS on 1 May 2017.

You've probably heard about the Internet of Things (IoT) – the tech innovation that is revolutionising the way we interact with everyday objects. But what is the IoT, where are the opportunities and what do companies need to have in mind?

What is the IoT?

The IoT is a concept where commonplace items, from toasters to TVs and cars to baby-monitors, are wirelessly connected to the Internet and capable of communicating with one another and with web-based servers.

Put at its simplest, in the IoT world (almost) anything will be capable of being connected and communicating intelligently. The IoT is not a new concept – for example 'smart' wireless enabled TVs that allow users to browse the Internet and to access on demand services have been around for some time.  As technology has moved on, smart home solutions are now available which give consumers the ability to control their home lighting or their heating remotely via smartphone apps.

Another example of something 'smart' is Amazon's 'smart buttons', called Dash Button. This is an Internet-enabled hardware device that allows customers to order common household items, such as laundry detergent, at the click of a button. Amazon announced an expansion of this service earlier this month. General Electric and Samsung have confirmed that they will integrate this technology into new models of their washing machines.

Some estimates place the current number of IoT devices at around 10 billion.  This amount is tipped to have more than doubled by 2020 to 26 billion.

What are the opportunities?                         

There are a huge number of possible applications of Internet-enabled devices in areas such as manufacturing, shopping, healthcare, home management, security and transportation. One popular application is health monitoring and there is an array of devices available which deal with everything from subjects' sleep patterns and dental hygiene to the control of serious health issues. For example, patients with chronic illnesses such as type-2 diabetes may track their blood sugar levels in real time and pass that data on to healthcare professionals.  As consumers come to expect greater intelligence and connectivity from everyday devices, businesses that fall behind risk losing out. Convenience, speed and connectivity enables businesses to provide a seamless service to its customers (see Amazon's Dash Button). Another use of the IoT is to increase business efficiency by using data to understand aspects such as supply chain, demand, logistics, consumer behaviour and trends.

Related considerations

Data protection: the IoT involves personal data being collected, processed and stored on a large scale. The protection of customers' personal data is therefore an important consideration when developing IoT devices. A privacy impact assessment should be conducted to map out exactly what data will be collected and how it will be processed and disseminated. It is advisable to consider giving customers control of how their data is collected and processed and options so that they may choose to opt out of certain data collection and processing functions. This customer friendly approach to personal data is often referred to as "privacy by design" and can not only prevent breaches of data protection laws, but can also serve as a marketing tool and reputation builder for businesses. Conversely, a laissez faire attitude to customers' personal data can, if discovered, lead to reputational harm, lost opportunities and legal sanctions. Data should therefore always be collected and processed lawfully and with appropriate user consents and privacy policies in place from the outset. Particular care should be taken when personal data is sent abroad, when it is used for marketing with third parties, and where the nature of such data is sensitive e.g. information regarding a customer's state of health or information relating to children.

Security: linked to data protection and privacy is the security of the devices themselves. Devices which are able to collect and disseminate data have shrunk as new technologies are developed. However, inbuilt security features have not kept pace with this rate of change and many IoT devices are vulnerable to security breaches.  Some IoT devices, which can be capable of the same level of connectivity as security enabled devices such as laptops and smartphones, operate with little supporting software and often with no security measures. They are therefore inherently more vulnerable to compromise by hackers or viruses.  This means that hackers could potentially interfere with aspects of a home or office environment by infiltrating IoT devices (as 'hacktivists' have proved). There are simple solutions available to mitigate the risks associated with device security e.g. requiring suitable password complexity.

Infrastructure: as use of the IoT continues to grow, so too will the volume of data being collected and processed. Companies will need to install appropriate IT infrastructure to deal with this. Disruptions to the data collection and processing systems can lead to a loss of service.

Outsourcing and liability: companies should consider early on, how and where data will be stored.  Will devices have in-built memory? Or, more likely, will there be a cloud-based system which stores user information?  Outsourcing this and the overall IT infrastructure required to offer IoT devices to specialist providers is a popular option. Companies who outsource should ensure that there are contracts in place with these providers to protect them in the event of IT failures or outages. Outsourcing does not absolve a business of risk – for example under UK data protection laws the 'data controller', which has overall liability for personal data, is the party that has the power to choose how the data is used. This will be the IoT provider and not the company providing its outsourced IT infrastructure or services. This liability may not, by law, be passed to an outsourcing service provider. These risks can be mitigated e.g. through carefully selecting outsourcing service providers, through insurance or by securing appropriate indemnities when engaging an outsourcing partner.

Interoperability and ongoing user experience: further considerations include providing software updates and appropriate customer support; providing apps that work on iOS as well as Android; ensuring that any data collected and processed by an IoT device is capable of being displayed on other devices; and making sure appropriate permissions and agreements are in place with any third parties whose devices are intended to be used with an IoT product.