Internet of Things: the possibilities and legal risk in media & entertainment

iotThe Internet of Things (IoT) describes the connection of devices — any devices — to the Internet using embedded, software and sensors to communicate, collect and exchange data with one another. With IoT, the world is wide open, offering a virtually endless array of opportunities and connections at home, at work or at play.

However, for all of the opportunities that IoT offers, there are some significant risks that Media & Entertainment (M&E) companies need to address before they adopt IoT in full measure.

Regulatory hurdles

Around the world, legislators are trying to plug the regulatory holes that IoT is creating.

In late 2014, the European Commission published an opinion on IoT specifically focused on wearables and smart home devices. Among its recommendations was the requirement that users remain in complete control of their data; the opinion also addressed the activities that organizations need to consider to remain compliant with European Union data protection laws.

Early in 2015 in the US, Congresswoman Suzan DelBene (D-WA) and Congressman Darrell Issa (R-CA) announced the launch of a Congressional caucus on IoT. Its purpose is to educate members about both the opportunities and challenges IoT poses for health, transportation, home and work, and subsequently to find the balance between collecting data that IoT creates and protecting consumer privacy. Around the same time, the Federal Trade Commission released a report that recommended data minimization and self-regulatory programs to improve privacy and security practices.

Privacy in the age of IoT

In almost every consumer survey, privacy emerges as the No.1 concern. In an IDC US consumer survey, close to 55% of respondents identified “ensuring my privacy” as their top expectation of third-party providers of home automation services. Similarly, a Forrester’s survey of global enterprise decision-makers identified security and privacy among the top five concerns to IoT adoption and growth. Privacy is a major challenge that organizations need to overcome as the IoT ecosystem seeks to collect enormous amounts of data and contextual inputs from sensors and other IoT solutions.

New targets for hackers increase pressure on cybersecurity

Cybersecurity remains a leading challenge for consumers and businesses alike — something that will become exponentially more difficult as IoT connects more devices, software, machines and humans. In a recent EY publication Creating trust in the digital world: Global Information Security Survey 2015, 88% of study respondents indicate that they do not believe their information security fully meets the organization’s needs. And yet, when asked about IoT, 68% do not consider monitoring their business ecosystem as an information security challenge. Similarly, 67% do not see managing the growth in access points to their organization as a challenge to their information security. These numbers would seem to indicate that many organizations underestimate the impact IoT may have on their business.

The setting of new legal precedents

IoT lives in the physical world. Operational failures resulting from connectivity loss or device malfunction are inevitable. These failures also create legal risks for M&E companies. Lawyers and judges across jurisdictions are grappling with some tough legal questions:

  • Who is responsible for a connected device malfunction or resulting accident?
  • Who is responsible for a data breach?
  • How much are companies liable vs. the consumers themselves?

As individual cases make their way through the legal system, many of these questions remain unanswered.

Intellectual property rights

One of the biggest questions on everyone’s mind is: Who owns the data? Is it the company that manufactures the sensor, the company that manufactures the device, the individual whose data is being measured and collected? Certainly, EU legislators are emphasizing the rights of the individual to own their data, but this is not the case in all jurisdictions. Even in instances where data ownership is clear, the duration for which owners can own the rights of collected data still needs to be addressed.

Standards — or a lack thereof

For IoT to progress, connectivity standards need to evolve. Similar to the communication challenges that people from different parts of the world face, in today’s IoT ecosystem, devices, sensors, machines and people are often speaking completely different languages with one another. Without a common language or standard of implementation, IoT will remain limited in its application.

Scaling to reach critical mass

In the same way, the IoT ecosystem needs standard protocols and a single language to expand. It also needs consistency in device architecture for large-scale adoption. Only when IoT reaches critical mass can M&E companies reap the full financial benefits of their personalized content investments.

Excerpts taken from EY report, Internet of Things: Human-machine interactions that unlock possibilities – Media & Entertainment.

EY Legal Services contacts:

Peter Katko –  EY Global Digital Law Leader and Law Sector Leader for Media & Entertainment