Five legal challenges for home automation and the Internet of Things – V3.co.uk
So-called ‘homes of the future’ have been a recurring theme for more than 50 years in popular culture and the technology industry.
When Hanna-Barbera created The Jetsons cartoon in 1962, for example, they had some interesting ideas about what the world would look like in 2062.
Fifty-four years later and some of those ideas don’t look so out of place; mobile phones, flat screen televisions and video calls are now all firmly established features of everyday life.
And, while we haven’t managed to mass-produce flying cars and pneumatic tube transport (yet), big steps have been made towards making automation commonplace in our homes.
Modern technology provides the ability to control third-party smart devices through a single interface. In practice, this means that people can switch off lights, lock doors, turn down thermostats and close window blinds at the push of a button.
This suggests that we are moving ever closer to a unified Internet of Things (IoT), with George Jetson’s space-age lifestyle beginning to look like an attainable reality. Inevitably, alongside the opportunities, there are a number of challenges in the sector, not least the difficulty in getting consumers to embrace smart devices.
For home automation to succeed, developers must address concerns about the reliability of smart devices compared with traditional home products and equipment.
If connected devices do not possess similar functionality to precursor products, they could create a new class of problems, such as how to ensure service continuity in the event of an unexpected breakdown or service failure.
A large-scale service outage is one thing, but a connected device or home automation vendor is also at the mercy of the consumer’s broadband connection.
If your product cannot fall back to some lower standard of useful functionality when an internet connection is unavailable, the consumer’s valuation of your product will be harmed every time their internet connection has problems. This creates a large third-party dependency for smart device companies.
Before consumers put their faith in smart home security systems, they need to be reassured that no malicious parties will be able to hack into their smart home systems, potentially giving thieves and vandals access to their data or even the ability physically to enter their homes.
With an increasing number of home automation devices, including microphones, cameras and other monitoring technologies, a compromised home automation set-up could allow cyber criminals to record householders in the intimacy of their homes.
Additionally, compromised IoT devices with weak security or set-up processes that allow consumers to use the devices with default passwords unchanged have recently been used as part of huge distributed denial-of-service (DDoS) attacks, programs which take servers offline by overwhelming them with inbound data.
Implementing strong security measures is essential for IoT vendors if their products are not to become a vector for spying, blackmail, DDoS attacks or worse. Developers need to consider solutions that force default passwords to be changed, and implement end-to-end encryption between devices.
Data collection and use
Many connected home and smart products rely on value propositions that are in part about new functionality, and in part about the ‘smarter’ use of resources. In order to achieve this, data flows between the devices and servers operated by the device providers, between devices, and to and from the consumer’s smartphone or computer.
This creates opportunities to collect data that can be used to improve the service, or be analysed by marketers to learn about consumers’ habits to build and grow existing relationships.
Much of the information being generated and collected is ‘personal data’ within the meaning of Directive 95/46/EC, and with the General Data Protection Regulation (GDPR) set to come into force in the EU on 25 May 2018, any businesses looking to take advantage of these opportunities should keep data privacy at the top of their agendas.
Even if the systems are not hacked by malicious third parties, users and consumers need to be reassured that the vendors supplying these products and services are themselves trustworthy.
Vendors need to see compliance with data protection laws as a value differentiator when developing their product offerings and marketing strategies. Vendors that fail to do this will gradually lose out in an increasingly data and privacy conscious market.
In addition, failing clearly to inform consumers about how their data is collected, stored and processed may breach the GDPR and result in fines of up to €20m or four per cent of global annual turnover, whichever is higher.
(Turn to page 2)