IoT Regulatory Uncertainties

By January 30, 2014Internet Law


The regulatory landscape surrounding the Internet of Things (IoT) is evolving. Although the FTC signaled that tighter regulation would be premature, recent bills introduced in Congress may hamper IoT innovations. However, given congressional timidity and the divisive nature of the subject matter, it is less than certain these bills would garner enough support.

Existing FTC Enforcement Power Is Sufficient

At the FTC IoT workshop, Commissioner Ohlhausen appeased the IoT startup community. Her statement suggests that for the time being, the FTC will use the “traditional” enforcement power of the FTC and existing “set of policy” to stop deceptive and unfair consumer harms. The workshop takeaway is that further regulation is unnecessary or in any case premature at this juncture.

FTC Green Lights IoT Experimentation With Business Models

As Commissioner Maureen K. Ohlhausen noted,

“The success of the Internet, has, in large part been driven by the freedom to experiment with different business models, the best of which have survived and thrived, even in the fact of initial unfamiliarity and unease about the impact on consumers and competitors. It is thus vital that government officials, like myself, approach new technologies with a dose of regulatory humility.”

To regulate too early carries the real threat of foreclosing some of the IoT’s benefits and missing out on the “next great wave of industrial revolution” in the words of Adam Thierer, senior research fellow at the Mercatus Center at George Mason University. Indeed, “the hard fact is [an inventor] almost never knows the full extent of the utility until years after he make his invention” ((Application of Kirk, 376 F2d 936, 955 (CCPA 1967) )) as a Court of Customs and Patent Appeals (CCPA) puts it. Thus, regulating now while IoT is still in its infancy makes little sense and would risk stifling innovation.

The President and Congress Step-In But Uncertainty Remains

The NSA scandal has put in the public eye the potential for privacy abuse. That potential turned very real this holiday season when Target was hacked and credit and debit card numbers from 40 million Target customers were stolen.

Target later said that up to 70 million other customers also had personal information stolen, including home, email addresses, names, and phone numbers.

In the aftermath of this massive hacking scandal, President Obama has formed a working group to lay the groundwork for a “comprehensive review” of “Big Data and the Future Privacy.”

On top of that, the Personal Data Privacy and Security Act of 2014 has been reintroduced for the ninth year in a row. The bill aims to, among other things, put more burdensome data privacy and security obligations on those companies holding on to “sensitive personal information” and “establish a single nationwide standard for data breach notification.” Also on the congressional docket is the Driver Privacy Act, which intends to protect drivers’ privacy by making it clear drivers owns information collected about them through tracking device.

Although none of these bills single out IoT innovations, IoT startups may fall within the broad scope of some of these bills.

However, given Congressional stalemate, who knows how likely the “comprehensive review” is to translate into law. This is especially so due to the divisive nature and complexity of the subject matter, which would require drawing new privacy lines in response to the intrusive and pervasiveness aspects of IoT applications, networks and devices.


In the upcoming months a “comprehensive review” of big data and privacy will take place and Congressional Committees will review several privacy bills. These developments stress the renewed importance of privacy in the pubic eye. Yet, because of deficiencies in the lawmaking process, none of these bills may mature into law.

In the meantime, in addition to complying with current FTC guidelines at the company level, IoT startups would be well-advised to create a privacy and security framework thereby rendering further regulation redundant. In addition to regulators, customers too will have to be reassured. As Mr. Caprio, Senior Strategic Advisor and Independent Consultant for McKenna, Long & Aldridge, said during the IoT workshop, “for the business opportunity of the Internet of Things to takeoff […] we’ve got to get the policy framework, the privacy and security, right. And it’s all about trust and confidence.”

Leave a Reply