LEGAL CHALLENGES RAISED BY IoT:
Ø Privacy and Security: With massive quantities of data flowing between databases, and
sensitive information being shared between devices, a profile of the person
gets created automatically and is exposed to the risk of privacy encroachments.
Information obtained by such interconnected systems get disseminated without
seeking express consent of the person at each stage, and it is difficult to
curb this if the whole process is to work in a coordinated manner, as the
connection and sharing of information is the pre-requisite of such automation.
Ø Data Protection: The free flow of data makes it prone to being intercepted and transferred
to other databases, and if the in-built security systems are hacked, the
personal information may pass on to any outsider. The current Information Technology
Law regime addresses data protection through the need for informed consent, and
reasonable security compliances that data handlers must follow.
Ø Intellectual Property
Rights: The functioning
of IoT systems rely heavily on interconnection, requiring that the products and
technology developed by different companies and industries must pool their innovations
and work on an integrated platform. This blurs the boundaries of IPR protected
technologies, and creates issues as to what extent of rights each party is
Ø Data Ownership: When seamless integration of data from various technologies and
devices takes place, the question as to who owns the end product (information)
created, is an intriguing question. Where a wearable gadget like watch senses
the pulse/body temperature and directs the AC to adjust the room temperature to
a comfortable level; or where the navigation system in a car could predict to
the home appliances when the person would be arriving home, the ownership of
the data generated regarding that person (his travel route, time, habits, etc.)
become a question of concern. Does the person own the data (because it relates
to him) or do the devices (because they created it)?
Ø Jurisdiction: The IT world has its own jurisdictional issues, as it cannot be
attributed to any limited geographical area; and the advent of IoT only creates
a more complex scenario. The jurisdiction in cyberspace is determined on the
basis of several considerations like minimum contacts, long-arm statutes,
agreements between parties, etc. Since IoT involves the interconnection of
various technologies and services of different companies which may be within
different jurisdictions individually, the fixing of a common jurisdiction for
IoT related disputes would involve various considerations.
Ø Deciding Liability: If a consumer dispute arises on an IoT issue, or any injury is
caused to a party, it becomes difficult to precisely state which aspect of the
interconnected devices malfunctioned, and who is to be held liable. The flow of
information is continuous, and it is sometimes not practicable to pin-point
where the flaw occurred.
THINGS TO KEEP IN MIND IF YOU ARE INTO IoT
Ø Go through laws of a country carefully before expanding into their
market; pay attention to laws and regulations on Consumer Protection, Contracts, IPRs, IT
Laws, Criminal liability relating to such matters, etc.
Ø When entering into collaborative projects with other companies, make
sure you liability is limited and not open to expansive interpretation by
Courts; also write the Contract with clear terms and conditions as to rights
and obligations of each party in the collaboration.
Ø While introducing the service in the market, train suppliers and
retail sellers to educate customers about the nature of the information that
will flow through the device; and how to limit the access to personal information.
Ø Put in place efficient and 24x7 customer care services to address
grievances and answer queries.
Ø Make sure that your contracts with the customers contain all details
as to the extent of information that will be accessed and communicated by the
device, and that it is accepted by the customer while purchasing the product.
Use clear terms and conditions to ensure that customers give an “informed
Ø Use high-efficiency data protection systems to ensure that hackers
and third parties don’t compromise your devices to steal information.
Ø Engage lawyers to ensure compliance with laws, and consult with the
regulatory Authorities, if in doubt regarding any Regulation.
Legalresolved lawyers can help you in comprehending those legal
challenges and provide you a strategy to Overcome them
Ø Introduce internal grievance redressal mechanisms in company; or
include arbitration clauses within the contract with customers, to avoid
litigations in Court to the best possible extent.
STATUTES TO KEEP IN MIND (INDIAN KANOON)
Indian Contract Act
Information Technology Act
Internet of Things Policy,
2015, by Govt of India
The above list is far from being conclusive,
and only gives a brief view on the legal implications of IoT; the law is still
only developing to the needs created by the rapid growth of technology. Legal
Policies are created, revised, and amended from time to time, and one must
always look up at all concerned legislations and regulations, to have a
comprehensive knowledge on the matter.
Still Have Questions? Please get in touch with us