The Secure Times

An online forum of the ABA Section of Antitrust Law's Privacy and Information Security Committee

FTC Announces Internet of Things Workshop

Leave a comment

The FTC recently announced a public workshop to examine the privacy and data security implications of the Internet of Things (IoT). The workshop, which will take place on November 21 this year, indicates a growing interest – both here and in Europe – in the policy issues raised by this rapidly emerging business model. The FTC announcement follows a signal from new FTC Chairwoman Edith Ramirez that she intends to include IoT in her privacy agenda.

The Internet of Things describes a world in which machines can communicate with one another via the Internet without human intervention. The Swedish mobile device vendor Ericsson estimates that around 50 billion devices worldwide will be IoT enabled by 2020.

The business model has many positive applications. Included here are energy efficient smart grids, which have the proven potential to promote energy efficiency. Another interesting IoT application concerns auto insurance. If the key variables used to calculate insurance premiums are distance driven, location, time of day, and driving style, and these variables can be measured with precision using IoT technologies, then drivers and insurance providers may be positioned to better calculate bespoke insurance rates.

These and other IoT applications look set to become more and more ubiquitous as the technologies underpinning them – data storage, mobile data transfer, and cloud computing – look set to come down the cost curve in the coming years. However, as with Internet enabled technologies generally, IoT raises potential privacy and data security concerns. The FTC is therefore requesting public comments on the following issues prior to the November workshop:

• What are the unique privacy and security concerns associated with smart technology and its data? For example, how can companies implement security patching for smart devices? What steps can be taken to prevent smart devices from becoming targets of or vectors for malware or adware?
• How should privacy risks be weighed against potential societal benefits, such as the ability to generate better data to improve health-care decision making or to promote energy efficiency? Can and should de-identified data from smart devices be used for these purposes, and if so, under what circumstances?

FTC staff welcomes submissions to its IoT email account before June 1, 2013.

Meanwhile, on the other side of the Atlantic both the EU and the OECD are tracking IoT from a policy standpoint in general; and a privacy and security standpoint in particular. The EC Commission launched a public consultation similar in nature to the FTC’s in April last year, and recently published its findings. According to the Commission, these findings will be relied on in “future policy initiatives.”

Author: Abigail Slater

Abigail Slater: Abigail Slater is a member of the New York Bar and a Solicitor in England and Wales. She is currently employed as an antitrust attorney by the Federal Trade Commission (FTC) in Washington D.C. Prior to the FTC, she worked in several offices of the international law firm Freshfields Bruckhaus Deringer. All views expressed are the author’s own and do not represent the views of the FTC or any individual Commissioner.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s