HomepageCommercial LawPrivate LawPublic Law & Human RightsCriminal LawEU & International LawCareers


Have Irlen Syndrome, or need different contrast? Click the button below for options.

Background Colours


Enter you email address below to subscribe to free customisable article notifications.

Alternatively, click the button below for our various RSS Feeds (available journal wide, or per section).

Living in an Interconnected World – A Legal Conundrum

Article Cover Image

About The Author

Matt Bogdan (Former EU & International Law Editor)

Matt graduated with an LLB (2:1) from Durham University in July 2014. Most recently, he has been assisting with research on comparative company law at the Durham Law School. Matt is primarily interested in the TMT sector, but has also been involved in matters of public international law through Durham United Nations Society.

Image © SamsungTomorrow

When I first wrote about the growing phenomenon of the ‘Internet of Things’ (IOT) two years ago, I remember portraying it this way:

… imagine yourself coming back from work in a self-driving car that navigates with reference to the current traffic congestion levels, only to arrive at home where the heating has already been automatically turned on by the incoming car, tea was already brewed in accordance with your online-stored brewing preferences and music was set to match your current physical condition and mood, as extracted from sensors embedded in your watch.

Two years in, I believe that while we may not yet be there, we are getting closer and closer each year. The UK tech sector – as one should readily anticipate these days – is booming; businesses of all sizes are growing and multiplying, and are always on the lookout for that elusive, breakthrough technological trend that will prove disruptive enough to give them an edge over the competition (n.b. technology is disruptive when it displaces an established industry, usually through economic efficiencies. For instance, Uber is disruptive of the traditional taxi industry). It is now beyond any doubt that the ‘Internet of Things’ is such a disruptive trend and has a good shot at becoming the technological landmark of this decade.

At this stage the purpose behind this article should have already become apparent to any legally minded person – as it is the case with most technological developments, the law has to play the perennial game of catch-up. The IOT raises some contentious questions in relation to privacy and net neutrality protection, as well as in the fields of criminal, tortious and contractual liability. However, before we delve into those, let us first consider what exactly will an interconnected world of devices mean to us and whether we should be more excited or wary about it.

IOT: Letting Your Fridge Chat With The Kettle, Or Something More?

We live in a connected world – the Internet allows us to connect with each other instantly through a plethora of online platforms. Meanwhile, the fundamental idea behind the Internet of Things is to allow inanimate devices to attain similar levels of connectivity, both on a machine-to-machine and a machine-to-human level. To achieve that, devices are equipped with sensors which gather data from their surroundings, and by means of the Internet, send the collected data to cloud-based applications, which in turn process, interpret and transmit the data further. This way, devices can interact with each other based on pre-set algorithms and adjust their functionality accordingly, and also provide their owners, us, with the relevant information.

Even though the idea of connecting things, rather than humans, through the Internet was first coined by pioneers such as Kevin Ashton in the early 1990s, the IOT trend has only recently attracted considerable attention from businesses and consumers alike. This is primarily owing to the fact that prices of technological components (and by extension, of devices, sensors, etc.) have been gradually dropping over the past few decades. Consumers can increasingly afford multiple IOT-compatible devices and with the Internet being more widespread than ever, IOT is becoming a seriously viable area for business development and investment. The best, yet probably also the least scientifically sound indicator of IOT’s commercial potential is that googling ‘IOT news’ never leaves us with old news on consecutive days; market activity is ramping up with businesses being more eager than ever to edge out the competition.

Perhaps the most noteworthy headline-hitting activity in the IOT market came from Google. In terms of pure M&A, last year the search engine giant acquired Nest Labs, a smart home appliances producer that is now offering IOT-enabled thermostats, smoke alarm systems and home surveillance cameras. Meanwhile, the company is also working on its own operating system Brillo, which is designed to function as an IOT platform to which low-powered, Internet-enabled devices can connect in order to take advantage of Google’s existing technological infrastructure. And to put a cherry on top of Google’s growing IOT cake, just recently the company has revamped its logo, which apparently reflects the growing importance of IOT in the technology industry (though whether this truly is the case you will have to assess on your own, since I personally cannot really see that much of a difference).

More importantly, Google’s eagerness to lead the IOT market is not unwarranted; the scope of potential applications of IOT devices is mind-boggling. Smart-home appliances aside, one of the most exciting applications of IOT may be found in the health industry; sensors embedded in medical equipment, such as heart rate straps or implants, would allow doctors to remotely monitor their patients’ well-being and react promptly to any needs of assistance, particularly from elderly patients who would otherwise find themselves unable to call for help. The list goes on and on, and since it would be rather impractical to keep on listing potential applications here, you may refer yourself to this list of 50 potential applications of IOT for a smarter world to get a general idea of the possibilities.

Lets Not Get Carried Away

However, all things considered, it is difficult to deny that the arguments endorsing IOT seem to be coming around suspiciously easily, which is perhaps the best reason for us to be taking the IOT hype with a pinch of salt. As the Economist rightly points out, there is a vast difference between industrial and consumer-focused IOT. For IOT to work effectively and truly make a difference, both the front-and-back ends of the infrastructure (i.e. the devices/sensors and the cloud-based systems processing the data) need to be compatible and in sync. At entrepreneurial level this can be achieved by ensuring that the hardware and software used is compatible, and by hiring a knowledgeable team of IT professional who promptly resolve any technical issues that may arise. To put things in a practical perspective, IOT should work well for industrial companies who invest in IOT infrastructure and staff in order to remotely control the conditions in their factories as well as monitor the functionality of their machines.   

The same cannot be said of consumer-based IOT. Aside from the aforementioned legal issues, which always become more urgent when consumers are involved (and which we will delve into shortly), there will also exist issues with compatibility. With businesses such as Apple sporting closed platforms and the market growing both in scale and diversity, consumers are bound to experience computability issues unless they sell their souls to a single platform exclusively. In practical terms, using a selection of Google and Samsung devices connected by Sky broadband to an Apple cloud computing service which is accessed from a Windows phone may not represent your best shot at setting up your dream, seamlessly integrated smart home. Compatibility and interoperability considerations are in fact common themes in many markets in the tech industry and have often been at the forefront of European Commission’s challenges to anti-competitive actions by dominant tech businesses.

The Key Difference Lies in Scale

Even with all the scepticism regarding IOT taken into account, it remains difficult to downplay the potential of IOT, which stems from the growing amount of connected devices. Research companies predict that by 2020 the number of connected devices will reach between 26 and 50 billion.

Currently we have nearly five exabytes (equivalent of five billion of gigabytes) of data on the Internet, most of which has been created by human beings through typing, making recordings, taking pictures etc. IOT is likely to change that. Connected devices will transform the physical world into an information system, from which data is continuously sourced, processed and communicated in real time by sensors embedded in inanimate devices. Arising from it will be an enormous data resource, which in our current age of ‘Big Data’ is nothing other than a highly marketable commodity. Businesses gaining access to such resource, whether by sourcing it from their native devices or purchasing off other companies, will have a much easier way of learning their customers’ habits and personalising their products to individual needs. On a fairly rudimentary level, even now some Apple Stores are equipped with in-store location and proximity detection sensors based on Bluetooth technology (‘iBeacons’), which detect registered consumers entering the store and send them relevant notifications. Not being privy (unfortunately) to how Apple uses its iBeacons data, I can only reasonably assume that the information on which stores a customer enters, and where within the store he walks, are used in improving both Apple’s in-store and direct marketing.

Undeniably, IOT’s potential to produce large quantities of data solidifies the close relationship between connected devices, cloud computing and ‘Big Data’. Gathering vast amounts of data and analysing it through online-based applications should allow firms to detect consumer behaviour trends that may not even be obvious to consumers themselves; after all, it is the relatively inconspicuous machines that are watching us. However, before all that is possible, the IOT community must first address several legal issues that are imperative to the trend’s existence, and ultimately, its success.

The Privacy Campaign

It is safe to assume that any privacy-conscious reader has probably felt an itch or two when reading the passage above about devices collecting unrestricted amounts of data on behaviours and surroundings. This is exactly where the counterweight to IOT’s unrestricted potential lies. Consumer confidence is essential for any business wishing to succeed in the IOT-related markets since consumers who fear that their personal data may be used irresponsibly will usually avoid devices and services that do not appear trustworthy. Quite logically then, the most effective way of establishing trust is to address consumers’ common concerns about privacy.

The issue of privacy with regard to IOT is a two-pronged problem. First, we have the concern over how the data collected by sensors in connected devices is used by the data collectors (i.e. device or cloud computing platform owners) and for what purpose. Second, there is also the issue of whether the collected data is stored securely and protected from external breaches.

The former concern is currently being addressed by the draft General Data Protection Directive (GDPD) in the EU, which is designed to harmonise data protection laws across the EU, including the UK. Given the borderless nature of the Internet (in the sense that the data collector need not be located in the data owner’s place of residence), this move can be only seen as the obvious and most logical approach. Allowing for disparate data protection regimes across all Member States would cause confusion among consumers (what laws am I and the business collecting my data bound by?) and excessive costs for businesses who will have to ensure compliance with a variety of legal systems.

But the key question in this privacy debate vis-à-vis the IOT is that of how should we classify the data collected by connected devices. If classified as ‘personal data’, it will attract significantly more regulatory protection than with normal data. Some readily propose that the collected data should be treated as ‘personal’ because it may often contain some particularly sensitive information about an individual (e.g. health condition), but this approach presents itself as too simplistic. Given the vast scope and quantity of data collected by IOT devices, it is safe to assume that not all of this data can be considered ‘personal’ or ‘sensitive’ under the GDPD (e.g. data from your thermostat). Thus, perhaps a more selective approach where the devices are first classified according to the type of data gathered would be more practical and would draw a better balance between the reasonable expectations of the consumer and business communities.

Another important aspect of the GDPD, which is particularly relevant to IOT, is that the new Regulations impose stricter requirements for consent. Thus, any privacy policies pertaining to IOT devices will have to be explicitly accepted by consumers. The technological obstacle in this instance is that often storing extensive privacy policies on small and basic IOT devices may prove impractical if not impossible, since with every major software update such policies will have to somehow be accepted consumers. Furthermore, the GDPD also imposes on data controllers the requirement to have ‘transparent and easily accessible policies with regard to the processing of personal data and for the exercise of data subjects’ rights’. The privacy requirements contained in GDPD may indeed slow down the implementation of IOT, at least within the EU, but are also crucial for protecting consumers who may often find themselves unaware of what data exactly is being collected from their own devices. For a more detailed look at the forthcoming Regulations, see my previous Keep Calm Talk Law article ‘The EU Data Protection Regulation and UK Business’.

The other prong of consumers’ concerns involves data security. Creating a trustworthy brand requires investments in security and privacy precautions. The risk of IOT devices being compromised should be of particular concern to consumers because those devices usually represent the ‘weakest links’ in your average household network. Thus, if you own a ‘smart home’ network that is connected to your laptop and phone, the easiest path for any online intruder is to attack the fridge, the car, or even recently the ‘connected’ light bulb. In a similar fashion, the sheer number of IOT devices owned by consumers can be turned against them; a year ago Proofpoint, a security-as-a-service provider, allegedly uncovered the first ever terrorist cyber-attack targeting enterprises and individuals worldwide, which utilised 100,000 connected devices to send over 750,000 phishing and spam emails. Admittedly, later on Symantec, a technology conglomerate specialising in security has denied Proofpoint’s findings, but nonetheless admitted that the possibility of IOT devices being hacked is a real one.

All things considered, paradoxically, the area of privacy itself may become a point of fierce competition between the market leaders, though will only occur when consumers are informed of the risks associated with mass collection and exploitation of data. Explicit and clear privacy policies on IOT products should encourage consumers to search for most trustworthy services. In this way, consumers’ data would actually turn out to be somewhat automatically protected by the self-regulating market conditions. Though it must be said that self-regulation on that basis can only occur in a market where there are no dominant market players and competition is healthy, something that can never be safely presumed in market such as IOT, where big businesses with closed platforms are striving to take the lead. It therefore seems apparent that ensuring adequate privacy for consumers and maintaining good reputation will be absolutely imperative to businesses’ success in the forthcoming years influenced by ‘Big Data’ and cloud computing.

Net Neutrality in the IOT Debate

With the exponentially rising numbers of IOT devices which all transmit data through the Internet, it is apparent that broadband providers will find themselves at the centre of IOT. Fast and unrestricted access to the Internet will be a must for any wannabe smart home. Further, whenever broadband speeds are at question, the principle of ‘net neutrality’ comes to the forefront. On its most basic level, net neutrality ensures that all content on the Internet is treated equally by all Internet Service Providers (ISPs), both in terms of accessibility and speed of access. Thus, once you pay your ISP for access to the Internet, all content should be readily available to you and all traffic should be treated equally, irrespectively of what you are doing.

This should raise concerns particularly in the EU, where the principle of ‘net neutrality’ is currently being challenged, as explained in my previous Keep Calm Talk Law article ‘How to Save the Internet 101: Net Neutrality & Competition’. Allowing ISPs to provide superior quality service in the form of higher download speeds to select few businesses would create an anticompetitive two/multi-tiered IOT environment, where only the IOT devices owned by businesses that can afford faster connection speeds would make sense. For now, however, this should be treated as a long-term consideration since currently IOT devices do not put heavy enough pressure on Internet bandwidths – something that may be quickly changing with IOT development as fast as it is these days.

Concluding Thoughts

The ‘Internet of Things’ opens up a completely new world to us, one that offers considerable opportunities to simplify our lives but also to lose our sense of privacy completely. Whether through legislation or self-regulation, it is apparent that IOT’s success is subject to it being appropriately controlled. It is crucial to begin addressing consumers’ concerns now when IOT is still in its infancy, as otherwise we risk finding ourselves legally exposed in a world where information about us is being sourced from every corner of our own home.

For the latest articles straight to your inbox, you can subscribe for free. Alternatively, follow @KeepCalmTalkLaw on Twitter or Like us on Facebook.

Tagged: Commercial Law, Competition, Privacy Law, Technology

Comment / Show Comments (0)

You May Also Be Interested In...

Competition Law in the Computer Age: Examining Microsoft v Commission

19th Jan 2018 by Konstantina Michalopoulou (Guest Author)

Poor Relations and Proportionality: The Flaws of TfL’s Uber Decision

13th Oct 2017 by James Mulligan (Guest Author)

The Ashley Madison Scandal: It’s About More Than Infidelity

14th Oct 2015 by Rachel Dean

How to Save the Internet 101: Net Neutrality & Competition Law

12th Aug 2015 by Matt Bogdan

Google to get a slap on the wrist for ‘stalking adverts’?

25th Jan 2014 by Chris Bridges

Data Privacy: Due Diligence Due?

13th Nov 2013 by Chris Bridges

Section Pick May

Coronavirus and Contracts: Is Frustration in Play?

Editors' Pick Image

View More


Keep Calm Talk Law: Moving Forward

3rd Sep 2019

Changing of the Guard: Moving Keep Calm Talk Law Forward

12th Aug 2018

An Anniversary or Two: Four Years of Keep Calm Talk Law

11th Nov 2017

Rising from the Ashes: The Return of Keep Calm Talk Law

18th Nov 2016

Two Years On, Keep Calm Talk Law’s Legacy is Expanding

11th Nov 2015


Javascript must be enabled for the Twitter plugin to function. Click below to visit us on Twitter.

Free Email Subscription

Subscribe to Keep Calm Talk Law for email updates, and/or weekly roundups. You can tailor your subscription on activation. Both fields are required.

Your occupation / Career stage is used to tailor your subscription and for readership monitoring.

Uncheck this box if you do not want to receive our monthly newsletter.

By clicking the Subscribe button, you agree to our privacy policy and terms of service. Please ensure you read these in full.

Free Subscription