Within a decade, analysts say, the “Internet of Things” will have transformed our lives. Billions of Internet-connected devices will monitor our homes, businesses, cars, and even our bodies, using the data to manage everything from appliances to heart monitors. Companies like Google— which recently paid $3.2 billion for smart-thermostat company Nest Labs—are already racing to build the IoT. But businesses face fundamental questions regarding the ownership of data, protecting customer privacy, liability when devices fail, and more.
The IoT will connect product developers and manufacturers in countless new ways, creating uncertainty about ownership of and rights to customer data. If a company contracts with a big data vendor to store and process consumer information, for instance, each party will need to know that its partner has the legal rights to collect or share data, says Alistair Maughan, a partner in Morrison & Foerster’s London office who is co-chair of the Technology Transactions Group. Then there is the question of who owns the data. “There is a whole supply chain the law is only beginning to grapple with,” Maughan says. “Manufacturers will need to understand the risks when there aren’t clear government standards.”
An area of major interest is how companies will protect customer privacy when so much data is in play. Companies need to make sure that what they say about their use of data collected from connected devices is accurate, complete, and up to date. “There is no one-sizefits-all approach to data security,” says Morrison & Foerster partner D. Reed Freeman Jr., who specializes in privacy matters. “The burden for a company is to consider what kind of data you have and how to protect against reasonably foreseeable, unauthorized access to personal information.”
Liability, of course, is a paramount concern when connected businesses adjust their use of data for new business or consumer products, says Stephanie Sharron, a Morrison & Foerster partner and a member of the firm’s Technology Transactions Group. Using vast sets of data to find patterns and targets will leave open all sorts of possibilities for technical and human mistakes. “There are questions about who should bear responsibility for inaccurate inferences or patterns that give rise to harm,” Sharron says. “Or who is responsible if a pattern comes from inaccurate data from a malfunctioning sensor.”
Then there is the question of who will manage and monitor the electrical systems needed to operate such vast networks—traditional public utility companies, new electricity market participants, or a combination. “Customers will want more choices to accommodate the new technologies and services they get to use” in the IoT, says Robert S. Fleishman, senior of counsel for Morrison & Foerster and an expert on energy regulation law. “Generally it will be up to state public utility commissions to decide who gets to provide the traffic control function and related activities for these things to operate within the system for distributing energy.” Some state utility commissions have already started to look at reforming their regulations and policies.