Privacy & Cybersecurity Law Blog

On April 17, 2013, the Federal Trade Commission issued a press release seeking public input on “The Internet of Things” – the ability of numerous “everyday devices to communicate with each other and with people.” The FTC will accept comments through June 1, 2013, in advance of a public workshop to be held in Washington, D.C. on November 21, 2013.

The FTC acknowledges that the rapidly accelerating capability of consumer goods to interact with other consumer goods, customers and businesses offers numerous benefits. For instance, consumers can use mobile devices to remotely start their cars, turn off the lights in their homes or instruct their televisions to record particular programs. Similarly, physicians can remotely monitor a patient’s blood pressure, blood sugar levels and other vital signs to provide better health care. That said, having data flowing between connected devices also poses unique privacy concerns. Accordingly, the FTC is seeking public comments on the privacy and security concerns implicated by the Internet of Things. Specifically, the FTC has raised several questions including:

• What technologies enable this connectivity?
• What are the types of companies involved in the Internet of Things?
• How can companies implement security updates for devices that are connected to other devices?
• What can be done to prevent connected devices from becoming targets and conduits for malware and adware?
• How should the societal benefits be measured against the privacy risks?
• Can and should de-identified data be used? If so, under what circumstances?

But other questions not raised by the FTC may be equally important. For example:

• How should organizations think about risks to individuals when monitoring the output from the Internet of Things?
• How does the Internet of Things link to emerging big data processes?
• Is the Internet of Things just a subset of larger issues related to a fully networked world, or is it significantly different?
• Who should be responsible for personal data as the universe of parties that touch the output from the Internet of Things expands?

Various projects at the Centre for Information Policy Leadership at Hunton & Williams LLP will explore those questions in preparation for the FTC’s November 21 workshop.

Responses may be submitted to the FTC via email to iot@ftc.gov or by postal mail to 600 Pennsylvania Avenue N.W., Room H-113 (Annex B), Washington DC 20580.

Update: The FTC has rescheduled the workshop for November 19, 2013. For more information, please visit the FTC’s website.