Keep up with the latest developments and legal issues in the telecommunications and emerging technology sectors, with exclusive access to a comprehensive collection of telecommunications law news,...
Jan. 27 — A staff report unveiled by the Federal Trade Commission urges best practices to address data privacy and security concerns surrounding the “Internet of Things,” while stopping short of calling for industry-specific legislation.
The report released Jan. 27 recommends that companies take steps such as building security into devices in the design process—rather than as an afterthought—and ensuring that any outside service providers are capable of maintaining “reasonable security.”
“The FTC got it right by opposing industry-specific legislation and understanding that not all information on the Internet of Things is personally identifiable,” Dan Caprio, a senior consultant for McKenna Long & Aldridge LLP, told Bloomberg BNA.
The report reflects the fact that prescriptive regulation might stifle the Internet of Things market, which is in its infancy, according to Christopher Wolf, a partner at Hogan Lovells LLP.
“The report focuses on cybersecurity and recognizes that application of fair information practice principles needs to be flexible, taking into account the nature of the technology and the context of the data collection,” Wolf told Bloomberg BNA.
However, Susan Grant, of the Consumer Federation of America, said that industry self-regulation will not be enough to protect consumers.
“It is important to underscore the need for baseline privacy legislation, a point that the FTC has made before and reiterates in this report,” Grant told Bloomberg BNA. “No multistakeholder processes, voluntary codes of conduct, or best practices can effectively help to protect consumers’ privacy and security unless they are based on fundamental rights and responsibilities set by law.”
Meanwhile, Sen. John Thune (R-S.D.), chairman of the Senate Commerce, Science, and Transportation Committee, has announced plans for a Feb. 11 hearing on the Internet of Things.
“By engaging early in this debate, Congress can ensure that any government efforts to protect consumers are tailored for actual problems and avoid regulatory overreach,” Thune said in a statement.
The Internet of Things refers to the ability of everyday objects to become connected to the online world and to send and receive data. While such connected devices have the potential to offer benefits such as improved health monitoring, safer highways, and more efficient home energy use, they also raise numerous consumer privacy and security concerns, according to the FTC report.
“The only way for the Internet of Things to reach its full potential for innovation is with the trust of American consumers,” FTC Chairwoman Edith Ramirez said in a statement announcing the report. “We believe that by adopting the best practices we’ve laid out, businesses will be better able to provide consumers the protections they want and allow the benefits of the Internet of Things to be fully realized.”
Experts estimate that there will be 25 billion connected devices as of this year, and 50 billion by 2020, the report noted.
The FTC held a workshop on privacy concerns surrounding the Internet of Things in 2013. The commission voted 4-1 to approve the resulting staff report, with Commissioner Joshua Wright, a Republican, dissenting. Wright said the report's recommendations weren't backed by appropriate analytical support.
“An economically sound and evidence-based approach to consumer protection, privacy, and regulation of the Internet of Things would require the Commission to possess and present evidence that its policy recommendations are more likely to foster competition and innovation than to stifle it,” he said in a dissenting statement.
While the report did not urge legislation to regulate the Internet of Things specifically, it reaffirmed the commission's support for general data security breach legislation. It also renewed a call for Congress to pass a broad-based privacy bill, although Commissioner Maureen Ohlhausen, another Republican, issued a concurring statement saying that she didn't see the need for such legislation.
Besides ensuring security by design and maintaining oversight of outside service providers, the FTC report urges companies to take steps such as:
• training employees in the importance of security and ensuring that security is managed at an appropriate level in the organization;
• considering measures to keep unauthorized users from accessing a consumer’s device, data, or personal information stored on the network; and
• monitoring connected devices throughout their expected life cycle, and where feasible, providing security patches to cover known risks.
Commission staff also recommended that companies consider data minimization—that is, limiting the collection of consumer data, and retaining that information only for a set period of time, not indefinitely. In addition, staff recommended that companies notify consumers and give them choices about how their information will be used, particularly when the data collection is beyond consumers’ reasonable expectations.
The report was slammed by TechFreedom, a Washington-based think tank and staunch critic of the FTC.
“At best, this is just another exercise in Workshop Theater; at worst, the FTC is trying to regulate the Internet of Things by stealth,” said TechFreedom President Berin Szoka.
To contact the reporter on this story: Alexei Alexis in Washington at email@example.com
To contact the editor responsible for this story: Heather Rothman at firstname.lastname@example.org
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)