Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
Jan. 27 — The Federal Trade Commission Jan. 27 issued an Internet of things staff report that instead of calling for industry-specific privacy and security legislation urged the private sector to adopt best practices.
The report recommended that companies build security into devices in the design process—rather than as an afterthought—and ensuring that any outside service providers are capable of maintaining “reasonable security.”
“The FTC got it right by opposing industry-specific legislation and understanding that not all information on the Internet of things is personally identifiable,” Daniel W. Caprio Jr., a senior strategic adviser and independent consultant at McKenna Long & Aldridge LLP in Washington, told Bloomberg BNA Jan. 27.
Christopher Wolf, a partner at Hogan Lovells US LLP in Washington, said the report reflects the fact that prescriptive regulation might stifle the Internet of things market, which is in its infancy.
“The report focuses on cybersecurity and recognizes that application of fair information practice principles needs to be flexible, taking into account the nature of the technology and the context of the data collection,” Wolf told Bloomberg BNA Jan. 27.
However, Susan Grant, director of consumer protection at the Consumer Federation of America, said that industry self-regulation won't be enough to protect consumers.
“It is important to underscore the need for baseline privacy legislation, a point that the FTC has made before and reiterates in this report,” Grant told Bloomberg BNA Jan. 27. “No multistakeholder processes, voluntary codes of conduct, or best practices can effectively help to protect consumers’ privacy and security unless they are based on fundamental rights and responsibilities set by law.”
Meanwhile, Sen. John Thune (R-S.D.), chairman of the Senate Commerce, Science and Transportation Committee, has announced plans for a Feb. 11 hearing on the Internet of things.
“By engaging early in this debate, Congress can ensure that any government efforts to protect consumers are tailored for actual problems and avoid regulatory overreach,” Thune said in a Jan. 26 statement.
“The only way for the Internet of Things to reach its full potential for innovation is with the trust of American consumers,” FTC Chairwoman Edith Ramirez said in the FTC's Jan. 27 statement announcing the report. “We believe that by adopting the best practices we’ve laid out, businesses will be better able to provide consumers the protections they want and allow the benefits of the Internet of Things to be fully realized.”
According to the report, analysts estimate that there will be 25 billion connected devices as of this year, and 50 billion by 2020.
The FTC held a workshop on privacy concerns surrounding the Internet of things in 2013.
The commission voted 4-1 to approve the resulting staff report, with Commissioner Joshua Wright, a Republican, dissenting. Wright said the report's recommendations weren't backed by appropriate analytical support.
“An economically sound and evidence-based approach to consumer protection, privacy, and regulation of the Internet of Things would require the Commission to possess and present evidence that its policy recommendations are more likely to foster competition and innovation than to stifle it,” he said in a dissenting statement.
Although the report didn't urge legislation to regulate the Internet of things specifically, it reaffirmed the commission's support for general data security breach legislation. It also renewed a call for Congress to pass a broad-based privacy bill. However, Commissioner Maureen Ohlhausen, the other Republican member of the commission, issued a concurring statement saying that she didn't see the need for such legislation.
President Barack Obama Jan. 12 renewed calls for Congress to pass stalled proposals, such as an updated data breach notification law proposal, which has been considered by federal lawmakers for over a decade in various forms, and a nearly three-year old consumer privacy bill of rights.
Besides ensuring security by design and maintaining oversight of outside service providers, the FTC report urged companies to take steps such as:
• training employees in the importance of security and ensuring that security is managed at an appropriate level in the organization;
• considering measures to keep unauthorized users from accessing a consumer’s device, data or personal information stored on the network; and
• monitoring connected devices throughout their expected life cycle, and where feasible, providing security patches to cover known risks.
Commission staff also recommended that companies consider data minimization—that is, limiting the collection of consumer data and retaining that information only for a set period of time, not indefinitely.
In addition, the staff recommended that companies notify consumers and give them choices about how their information will be used, particularly when the data collection is beyond consumers’ reasonable expectations.
TechFreedom, a Washington-based think tank, criticized the report.
“At best, this is just another exercise in Workshop Theater; at worst, the FTC is trying to regulate the Internet of Things by stealth,” TechFreedom President Berin Szoka said in a Jan. 27 statement.
The day after the release of the staff report, FTC Commissioner Terrell McSweeny discussed the Internet of things during a data privacy day event in California.
To contact the reporter on this story: Alexei Alexis in Washington at firstname.lastname@example.org
To contact the editor responsible for this story: Heather Rothman at email@example.com
The FTC staff report, “Internet of Things: Privacy & Security in a Connected World,” is available at http://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf.
Wright's dissenting statement is available at http://www.ftc.gov/system/files/documents/public_statements/620701/150127iotjdwstmt.pdf.
Ohlhausen's concurring statement is available at http://www.ftc.gov/system/files/documents/public_statements/620691/150127iotmkostmt.pdf.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)