TSM - Interconnections in IoT – a (quasi) juridical perspective

Claudia Jelea - Avocat & Consilier in domeniul marcilor

Internet of Things or IoT is already here and cannot be ignored. The concept is becoming increasingly used in Romania as well, and it refers to the connection among various physical devices - via Internet and software applications, which allow them to communicate with one another (and with us, the users). In brief, IoT brings together the physical world and the virtual world.

It is estimated that - by the year 2020 - we will have 200 billion interconnected devices, according to Intel, which is approximately 26 devices for each individual on Earth. What do you think about these numbers?

Of course, this interconnection of people and objects gives rise to unlimited possibilities. Yet, at the same time, I get chills down my spine when I think of how different the society my daughter will live in will be.

IoT has already influenced many aspects of our life - the houses and the cities tend to become more "intelligent", the cars are connected, targeted advertising doesn't leave much room for breathing space, technology monitors our pulse, daily activities or our sugar level with the help of wearable devices etc. The element that binds everything together or the "access gate", as you wish, is the omnipresent mobile phone … which is also intelligent. This shouldn't surprise us if we think that smartphones appear in the most varied social and human aspects, some being incredible for some.

In addition to the development potential and the ethical aspects (which are hard to neglect), IoT unveils several juridical risks never encountered before. It's not only our lifestyle and business that will be revolutionized by IoT technology. The legislation in various industries will also change.

Which are the industries where we can find the greatest number of "intelligent" devices?

IoT and personal data

Why do we need to bring personal data in the IoT discussion? This is so because the intelligent phones and the wearable devices which lie at the basis of IoT technology collect personal information from and about its users on an ongoing basis.

Starting this year, we have a new EU legislation regarding the protection of personal data. This legislation is meant to apply to the new Internet-related technologies and it will apply starting May 2018 in Romania as well.

In addition to a series of changes related to the IoT sector, the regulations enforce penalties which cannot leave us indifferent: fines of up to 4% deducted from the gross turnover.

In the case of IoT-based technologies (which "feed" on huge amounts of data), the implementation of the "privacy by design" and "security by design" principles becomes more than an obligation stipulated by the new law. The only problem which is yet to be solved is the protection against the potential penalties.

Let us take the example of the eHealth Medopad platform. This is meant to create a bridge between doctors and patients, by giving doctors access to clinical information (therefore, special categories of personal data for patients, data whose analysis is subject to strict rules and regulations). Doctors can monitor their patients' state of health, can access their file or test results etc. Now, can you imagine the magnitude of the public scandal which would emerge if there were a security breach or a live attack on the IoT tehnology used by Medopad?

Because … as we all know … there is no software or platform that is 100% secure on the Internet

Despite the enhancements and the investments in security, there will probably always be some errors that will make the software vulnerable to hacking. IoT technologies raise the probability for such attacks to happen.

It is for this reason that companies should adopt and implement internal practices and policies regarding liability should such a hack compromise the data. A hack is a matter of when, not of if - as it has recently been confirmed in the case of one of our customers.

The key resides in being able to prove that all the necessary measures were taken to observe the incumbent legislation, to offer a prompt response in the case of a hack or of a security breach. Keeping your customers may be influenced by this as well.

Where are the most smart devices? "inteligente"? (source)

Security measures

Among the obligations stipulated by the current legislation regarding personal data and privacy there is also a law which relates to observing an adequate security risk which can result from data handling.

What does this adequate security standard actually entail? This has many times been a concept that is relative or subject to interpretation. In this context, an idea was promoted: certification should be given by a body that self-regulates the local IT industry - which can indeed be a solution, even if such a procedure can be cumbersome and difficult. On the other hand, investments in the IoT industry require a degree of trust among players, as well as a given degree of certainty and security - which could be achieved by standardizing security measures and certifying them by the self-regulating body.

We will soon value the details that we leave behind in the Internet's ether more.

October 2016 marked the IoT Solutions World Congress (one of the most important IoT event).

Among the ideas launched there, I read about an interesting perspective: in a couple of years, we will own very few things. The cars, the houses, the daily things will become "services", as a result of adopting the IoT paradigm at a global scale. Therefore, our main active asset will be our "digital identity". Two consequences derive from this state of affairs: first, people are expected to care more about their personal data, and, second, companies will try to educate their own consumers (so that the costs, regarding legal conformity, remain sustainable).

I almost unconsciously place this perspective near the huge percentage of people who have access to a smartphone, but not to decent toilet facilities. We live in a strange, segregated world. I will bid you good bye with this image in mind, especially in the context of this month's elections. Chronologically speaking, these are closer and more real for us.