Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

The Intersection of IoT and Smart Business

How can companies utilize Internet of Things solutions while avoiding the pitfalls associated with such technologies?
By Linda Rhodes and Charles King III

Current Legal Landscape
IoT lawsuits have largely focused on deficient product security and the misuse of consumer data. Plaintiffs filing these claims have alleged that IoT security vulnerabilities and data breaches have subjected them to a risk of future harm, although the bad actors have not actually exploited the security vulnerabilities or misused the information exposed to the data breach. In the absence of actual harm, plaintiffs have struggled to assert the Article III standing necessary in order to pursue these claims.

The Federal Trade Commission (FTC) has also shown its willingness to bring enforcement actions against IoT manufacturers that engage in unfair or deceptive acts affecting commerce, but has similarly struggled in such cases to demonstrate actual harm. But it is only a matter of time before a successful cyberattack occurs—presenting "fundamentally different" high-stakes IoT litigation.

Federal IoT legislation has been proposed in the United States, but the U.S. federal government has yet to pass any of it into law. The Internet of Things Cybersecurity Improvement Act was introduced in the U.S. Senate in 2017. That Act would require vendors selling IoT devices to the U.S. government to enter into certain security-centered contractual provisions. More recently, the House of Representatives passed the SMART IoT Act, which would task the Department of Commerce with conducting a comprehensive study of the IoT industry.

Although no U.S. federal legislation has become law, California recently became the first state to pass legislation directed at the IoT, focusing on device security. The California law will take effect on Jan. 1, 2020, and will require manufacturers of connected devices to equip such devices with a "reasonable security feature."

Similarly, the European Parliament recently approved the EU Cybersecurity Act, which is aimed at establishing certification schemes for ICT products, services and processes sold in the European Union. Such certification schemes applied to IoT devices would make such devices safer and more secure.

Even without IoT-specific legislation in place, the regulatory schemes of different industries may affect how companies can use IoT devices in their businesses. For example, the U.S. Food and Drug Administration regulates medical devices, which may include IoT devices depending on the product's application.

As another example, the U.S. Department of Transportation (DOT) recently released updated policies and guidance to support the continued development of autonomous vehicles, including the use of IoT data collection to enhance their capabilities. The DOT's guidance focuses on safety and providing a path forward to implementation of autonomous vehicles. There are, of course, few industries without IoT use cases and applicable regulatory schemes. Additionally, regardless of industry, companies collecting data through IoT applications are likely to be subject to various data privacy laws such as GDPR.

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

Case Studies Features Best Practices How-Tos
Live Events Virtual Events Webinars
Simply enter a question for our experts.
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations