The Internet of Things: The big Q&A - Annual Review 2015

This article was produced by Olswang LLP, which joined with CMS on 1 May 2017.

This article is an extract from our Annual Review 2015.

Cars that warn about congestion… Wearables that update you on your personal wellbeing... The Internet of Things (IoT) is touching every part of our lives. With legislation still catching up, how can companies make the most of the IoT's opportunities - and avoid its pitfalls?

By Purvi Parekh, Anthony Waller, Justin Hill, Christoph Enaux, Blanca Escribano

What is the IoT?

The IoT is a network of everyday object that are connected to the internet via telecoms and technology.

What can it do?

What can't it do? It has the potential to touch almost everything in our personal and professional lives; how we live, work and play. It brings social and economic benefits and operational efficiencies.

For example?

1. Health
Doctors can proactively monitor patients' illnesses remotely to ensure that treatment is given in time to avoid further deterioration in health.

2. Social
If you are en route to an engagement, be it a meeting or a school pick-up, telematics information can automatically anticipate traffic problems and reroute you to avoid them.

3. Growth
Now that the technology is mainstream and consistency of standards a focus area for stakeholders and industry bodies, more providers are entering the market.

4. Product proliferation
Until recently, there was a lack of devices and infrastructure required to make the IoT a reality. Now, hardly a day goes by without a new IoT device being profiled. There are currently about 200 potentially connectable devices per person. By 2020, analysts expect that there will be 26 billion connected objects around the world. Cisco predicts that the value of the 'Internet of Everything' (which brings together not just things but also people, processes and data) will be $14.4trn by 2022.

What is 'machine to machine' (M2M)?

M2M is the technology that sits underneath the IoT and makes it work. It is the IoT's basic building block.

Why has the IoT's time come now?

1. Convergence
We first spoke about convergence in the 1990s; now, it is finally happening. The technologies behind telecoms infrastructure and electronic devices are talking to each other.

2. Business
Regulatory intervention has made it difficult for telecoms companies to sustain revenue. They need to innovate and grow into new areas of business. Their search has led them to the IoT, which works by transmitting small amounts of data. Opening up increasingly redundant 2G spectrum to IoT makes commercial and financial sense.

What are the big issues?

1 .Data protection
Not all IoT applications have a privacy component but, where they do, the volume and detail of data collected can introduce new risks to privacy. Data encryption, device authentication and adequate protection against false requests for information become key. User profiling or targeting become even greater concerns.

2. Security
Every IoT device is connected to the internet, making them vulnerable to hackers. As the IoT blurs the line between private and public, the possibility of someone hacking into your connected car or home becomes a more serious matter. How will the IoT be patrolled and protected? Will there be a consistent approach to security standards?

3. Capacity
The IoT will transmit and generate currently unimaginable amounts of data. The sharing and combination of data through cloud services will increase, and with it the locations and jurisdictions where data resides. Is there enough bandwidth and storage capacity to handle this data explosion?

What is the existing legal framework in the EU?

1. Five EU directives
Despite legal scrutiny, there is no tailormade legislation for the IoT (yet); it is mainly governed by existing law and regulation. The package of EU directives governing electronic communications services and networks is the starting point. In the UK, this package is implemented via the Communications Act 2003.

2. EU Data Protection Directive
Adopted in 1995, this regulates the processing of personal data and is at the heart of EU privacy and human-rights law. It applies to all member states.

3. EU Consumer Rights Directive
A new EU Consumer Rights Directive that beefs up protection for consumers who buy products or services remotely came into force on 13 June 2014. In the UK, the directive will be implemented through the Consumer Contracts Regulations 2013, which will replace the Distance Selling Regulations.

Are regulators interested?

Yes! The IoT has captured the attention of regulators and lawmakers across the world.

1. The OECD
In January 2012, the OECD published a report called Machine-to-Machine
Communications: Connecting Billions of Devices. The report considered what governments can do to promote the IoT as a new source of economic growth.

2. The US
In November 2013, the US Federal Trade Commission (FTC) looked at the IoT and put forward a case for targeted regulation to help the industry to develop.

3. BEREC
BEREC, the European regulatory body for electronic communications, undertook a similar exercise to the FTC and came to similar conclusions.

4. Ofcom
In July 2014, Ofcom, the UK communications regulator, called for inputs on the promotion of investment and innovation in the IoT. The consultation followed an Ofcom-commissioned report on the future demand for IoT applications and their likely spectrum requirements.

Are there specific laws in the pipeline?

'Connected Continent' is a package of proposals currently going through the European Parliament that is designed to create a single European market in electronic communications. While the draft regulations do not specifically mention the IoT, it is an influential driver behind the reform.

When the package passes into European Law - anticipated to be as soon as the end of 2014 - there will, in theory at least, be fewer barriers to entry combined with more efficient spectrum use. Significantly, the Connected Continent package will be passed as regulation, not as a directive; as such, it will be directly applicable in all of the EU's member states as soon as it is adopted.

Reforms to the EU Data Protection Directive are also expected to be agreed in the next 12 months. The revised legislation, which is also likely to take the form of a directly applicable regulation, will deal with digital-era issues such as user-profiling.

In addition, the output of Ofcom's call for inputs may lead to the implementation of specific legislation in the UK.

What is the opportunity?

The huge potential growth, combined with the lack of regulatory intervention, is an opportunity for every player in the IoT value chain.

1. Structure
You can structure your business model innovatively. Intellectual-property protection at the outset is paramount.

2. Future-proofing
You can future-proof your contracts against upcoming regulation.

3. Liability chain
Liability across the IoT value chain can be complex. You can be smart about recognising and handling these issues head-on in commercial negotiations.

Who are we working with?

We are working with businesses that are innovating, whether they are creating new products and services or building the infrastructure or services to facilitate and support the IoT. We particularly work with mobile businesses, tech companies, telematics players and investors.

What are they doing?

They are developing IoT-related technology in a range of areas, including:

• Smart-metering
• Life sciences
• Connected homes
• Wearables
• Transport and infrastructure
• Telecoms services and networks.
• Innovation as a competitive advantage

As technology and telecoms teams build and test the first real-world IoT systems, they create possibilities and overcome new technical problems. These activities can generate valuable intellectual property.

We help IoT businesses to protect their investment in innovation using smart patenting strategies, prudent management of copyright and know-how and brand protection. Patenting can protect connected devices and control and communications systems as well as software functions in ways that prevent 'technology followers' implementing them later. Copyright alone only deters followers from accessing and directly copying the code.

Leading telecoms and technology businesses use patents as part of a strategy to secure their own freedom to operate in the markets in which they choose to do business.

Click here to view an electronic copy of our Annual Review 2015.