Whether it is our car, our watch, the systems lighting our building, or the grid powering our city, we are surrounded by things that are connected to the internet. This interconnected network of devices is the Internet of Things (IoT).
Using increasingly sophisticated sensors, IoT devices collect data, which they can communicate and process in real time, often using technologies such as cloud computing, big data and artificial intelligence. By 2020, 20.4 billion connected things will be in use worldwide according to a Gartner forecast from last February, with already 8.4 billion in 2017. Today, IoT applications are widespread in almost every major industry sector: manufacturers are using internet-connected machinery on the factory floor to collect vast amounts of data on performance, recommend process enhancements and flag potential system failures; retailers are using connected screens and billboards to measure footfall, impressions and refine advertising; and healthcare institutions are using connected devices and artificial intelligence to deliver better patient outcomes.
That said, the technology also brings new legal challenges. The first is how to collect, store and process the rapidly growing volume of data in a way that complies with increasingly stringent privacy laws. For example, the EU’s General Data Protection Regulation (GDPR), effective from May 2018, specifically seeks to tighten privacy and enhance individuals’ control over their data. Furthermore, big penalties are being introduced worldwide for those failing to comply with privacy laws. IoT manufacturers, operators, and users must all have a plan to manage such compliance obligations.
The second major challenge is cybersecurity. The 'attack surface' increases with every connected device, and governments are introducing new cybersecurity laws to address the growing threat. Organisations must have a strategy to manage such risk – from performing technical due diligence against international security standards, to developing a plan to minimize risk of attack and manage response. With recent high-profile hacks leading to substantial legal, financial and reputational exposure, cybersecurity is shifting from being a 'legal' or 'IT' issue, to a board-level priority.
A third issue is accountability. With IoT increasingly combined with artificial intelligence, decisions are made by machines in real-time, inviting complex questions of accountability. An often-used example is the one in which a self-driving car drives down a street towards a group of pedestrians and faces a choice of whether to swerve, killing the driver but saving the pedestrians, or maintain its course, killing the pedestrians but saving the driver. With multiple parties involved, including manufacturer, driver, and potentially other organizations, who is responsible? The success of IoT and artificial intelligence will depend on organizations and governments working together to build trust in these new technologies.
On the other hand, regulators are increasingly supportive of new technologies, recognizing their overall benefit to society. Additionally, the very definition of 'risk' is changing – 'risk' used to mean adopting new technologies; now 'risk' means standing still. Organizations that do so will be overtaken quickly and exposed to risks that can be addressed by new technology. Successful organizations will be those that continually innovate, while simultaneously implementing systems to manage legal and regulatory obligations.