Date post: | 15-Jul-2015 |
Category: |
Technology |
Upload: | grahame-lynch |
View: | 69 times |
Download: | 4 times |
CommsDay Summit, 2015
Can Australia's Laws Accommodate the Internet of Things?
Hamish Fraser, Partner
The Internet of Things | CommsDay Summit 2015
Page 2© Bird & Bird LLP 2015
Topics
Section 1 – IoT is here today
Section 2 – Data Protection
Section 3 – De-Identification
Section 4 –New Laws or New Liabilities
The Internet of Things | CommsDay Summit 2015
Page 3© Bird & Bird LLP 2015
Internet of Things
“A proposed development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data” – Oxford Dictionary, 2013
The Internet of Things | CommsDay Summit 2015
Page 4© Bird & Bird LLP 2015
Internet of Things
The term internet of things refers to the concept of a world full of connected devices, controlled through a consumer-friendly hub, like a smartphone app
– New York Times, 2015
Section 1 IoT is here today
MAMIL
The Internet of Things | CommsDay Summit 2015
Page 6© Bird & Bird LLP 2015
The Internet of Things | CommsDay Summit 2015
Page 7© Bird & Bird LLP 2015
The Internet of Things | CommsDay Summit 2015
Page 8© Bird & Bird LLP 2015
The Internet of Things | CommsDay Summit 2015
Page 9© Bird & Bird LLP 2015
The Internet of Things | CommsDay Summit 2015
Page 10© Bird & Bird LLP 2015
Who I rode with
People who “liked” it
My social media engagement
My results
Comments & discussion
Real Time Tracking
The Internet of Things | CommsDay Summit 2015
Page 11© Bird & Bird LLP 2015
Fitbit S Health
The Internet of Things | CommsDay Summit 2015
Page 12© Bird & Bird LLP 2015
Health Profile
The Internet of Things | CommsDay Summit 2015
Page 13© Bird & Bird LLP 2015
Who Might Want to Know
• Gym/Trainer
• GP/Specialist
• Insurer
• Employer
• Medicare
• Centrelink
• Friends/Family
• Police
• Litigation parties
• Identity thieves
Type of Information
• What I did
• When I did it
• Where I went
• Who I was with
• Mode of transport
• Heart rate
• Stress Levels
• Oxygen Saturation
• Sleep Patterns
• Social Media Activity
Vehicle as a Hub
The Internet of Things | CommsDay Summit 2015
Page 14© Bird & Bird LLP 2015
• Location (Nav, theft, traffic)
• OBD (diagnose, insure, remote)
• Comms (hotspot)• Entertain (music,
weather, FB)• Assist (emergency,
collision)• Autonomous driving &
cyber-jurisprudence
Smart meter – Smart Grid
Page 16© Bird & Bird LLP 2015 The Internet of Things | CommsDay Summit 2015
Home as a hub
The Internet of Things | CommsDay Summit 2015
Page 16© Bird & Bird LLP 2015
Section 2 – Data Protection
Security of Data in a Hyper-Connected World
Page 18© Bird & Bird LLP 2015
Source: Robert F. Wescott, Ph.D. for Pioneer Investments
The Internet of Things | CommsDay Summit 2015
Security of Personal Information
The Internet of Things | CommsDay Summit 2015
Page 19© Bird & Bird LLP 2015
● APP 11.1 – If an APP entity holds personal information, the entity must take such steps as are reasonable in the circumstances to protect the information from misuse, interference and loss and from unauthorised access, modification or disclosure
● Two decisions have been issued by the Piracy Commissioner in relation to this obligation. There was a breach found in both cases
Section 3 – De-Identification
De-Identification
Page 21© Bird & Bird LLP 2015
APP 11.2 – If an APP entity holds personal information about an individual and the entity no longer needs the information for any purpose for which the information may be used or disclosed…entity must take such steps as are reasonable in the circumstances to destroy the information or to ensure that the information is de-identified
The Internet of Things | CommsDay Summit 2015
What does it mean
Page 22© Bird & Bird LLP 2015
● Individual privacy vs. quality of data (the less personal identifiers, the less valuable the information)
● Is absolute data de-identification possible (MIT Science Journal – date and location of 4 purchases 90% chance)
● However, remains an important tool and an obligation under the APPs
The Internet of Things | CommsDay Summit 2015
See for more: http://newsoffice.mit.edu/2015/identify-from-credit-card-metadata-0129
Section 4 –New Laws or New Liabilities
We have the Framework
Page 24© Bird & Bird LLP 2015 The Internet of Things | CommsDay Summit 2015
● Contract allocate obligations and risk, limit liability
● Tort negligence (duty of care), trespass, privacy(?)
● Equity fiduciary obligations, confidential information
● Statute Australian Consumer Law (misleading conduct, product liability), Privacy Act, Copyright Act, Telecommunications Act
● Regulators ACMA, OAIC, ACCC
but we need to apply it
The Internet of Things | CommsDay Summit 2015
Page 25© Bird & Bird LLP 2015
Does data create a duty of care?
Could being the holder of IoT data give rise to a duty of care?
• Why hasn't 80 year old Doris switched her light on for two weeks?
• Did the voice recognition television just hear threats of domestic violence?
• If an IoT managed stock feeder detects disease, does responsibility stop at the farmer?
The Internet of Things | CommsDay Summit 2015
Page 26© Bird & Bird LLP 2015
Same Information – different questions
Imagine an IoT supplier had information that showed:
- An imminent terrorist threat?
- A violent crime investigation?
- A fraud investigation?
- A life threatening health condition
- A traffic offence?
Would you give that information up if a law enforcement body asked?
Do you have a duty to report it?
The Internet of Things | CommsDay Summit 2015
Page 27© Bird & Bird LLP 2015
Same Data - Other questions
What should you do if you have data that suggests:
- An imminent explosion (gas leak)?
- A high risk of fire (short circuit)?
- Likely equipment failure (worn brake pads)?
- Deliberate nuisance (excess noise)?
- Waste of resources (tap running)?
- A likely heart attack (irregular heart beat)?
Will you be liable for any loss that flows?
The Internet of Things | CommsDay Summit 2015
Page 28© Bird & Bird LLP 2015
Answers are not obvious
● In this way technology is outpacing the law (because its outpacing us)
● We must make educated guesses of the duty of care (and revisitthem)
● Courts and Legislatures will broaden, not narrow legal, liability
● Expect the unexpected
● Think about it now.
● Think about data that may be relevant to criminal and personal injury matters.
Bird & Bird is an international legal practice comprising Bird & Bird LLP and its affiliated and associated businesses.
Bird & Bird LLP is a limited liability partnership, registered in England and Wales with registered number OC340318 and is authorised and regulated by the Solicitors Regulation Authority. Its registered office and principal place of business is at 15 Fetter Lane, London EC4A 1JP. A list of members of Bird & Bird LLP and
of any non-members who are designated as partners, and of their respective professional qualifications, is open to inspection at that address.
twobirds.com
Thank you