CD Summit 2015: Bird & Bird's Hamish Fraser

CommsDay Summit, 2015

Can Australia's Laws Accommodate the Internet of Things?

Hamish Fraser, Partner

The Internet of Things | CommsDay Summit 2015

Page 2© Bird & Bird LLP 2015

Topics

Section 1 – IoT is here today

Section 2 – Data Protection

Section 3 – De-Identification

Section 4 –New Laws or New Liabilities



Internet of Things

“A proposed development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data” – Oxford Dictionary, 2013



Internet of Things

The term internet of things refers to the concept of a world full of connected devices, controlled through a consumer-friendly hub, like a smartphone app

– New York Times, 2015

Section 1 IoT is here today

MAMIL











Who I rode with

People who “liked” it

My social media engagement

My results

Comments & discussion

Real Time Tracking



Fitbit S Health



Health Profile



Who Might Want to Know

• Gym/Trainer

• GP/Specialist

• Insurer

• Employer

• Medicare

• Centrelink

• Friends/Family

• Police

• Litigation parties

• Identity thieves

Type of Information

• What I did

• When I did it

• Where I went

• Who I was with

• Mode of transport

• Heart rate

• Stress Levels

• Oxygen Saturation

• Sleep Patterns

• Social Media Activity

Vehicle as a Hub



• Location (Nav, theft, traffic)

• OBD (diagnose, insure, remote)

• Comms (hotspot)• Entertain (music,

weather, FB)• Assist (emergency,

collision)• Autonomous driving &

cyber-jurisprudence

Smart meter – Smart Grid

Page 16© Bird & Bird LLP 2015 The Internet of Things | CommsDay Summit 2015

Home as a hub



Section 2 – Data Protection

Security of Data in a Hyper-Connected World


Source: Robert F. Wescott, Ph.D. for Pioneer Investments


Security of Personal Information



● APP 11.1 – If an APP entity holds personal information, the entity must take such steps as are reasonable in the circumstances to protect the information from misuse, interference and loss and from unauthorised access, modification or disclosure

● Two decisions have been issued by the Piracy Commissioner in relation to this obligation. There was a breach found in both cases

Section 3 – De-Identification

De-Identification


APP 11.2 – If an APP entity holds personal information about an individual and the entity no longer needs the information for any purpose for which the information may be used or disclosed…entity must take such steps as are reasonable in the circumstances to destroy the information or to ensure that the information is de-identified


What does it mean


● Individual privacy vs. quality of data (the less personal identifiers, the less valuable the information)

● Is absolute data de-identification possible (MIT Science Journal – date and location of 4 purchases 90% chance)

● However, remains an important tool and an obligation under the APPs


See for more: http://newsoffice.mit.edu/2015/identify-from-credit-card-metadata-0129

https://www.google.com.au/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRw&url=https://responsibledata.io/practical-de-identification-techniques-for-advocacy-initiatives-and-open-data/&ei=-FYGVZ74EYuE8QXYpYCQAw&bvm=bv.88198703,d.dGc&psig=AFQjCNG2uL5UUTSppno9cLk6Fs4rDiv92A&ust=1426565231133002

https://www.google.com.au/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRw&url=https://responsibledata.io/practical-de-identification-techniques-for-advocacy-initiatives-and-open-data/&ei=-FYGVZ74EYuE8QXYpYCQAw&bvm=bv.88198703,d.dGc&psig=AFQjCNG2uL5UUTSppno9cLk6Fs4rDiv92A&ust=1426565231133002

http://www2.itif.org/2014-big-data-deidentification.pdf

Section 4 –New Laws or New Liabilities

We have the Framework

Page 24© Bird & Bird LLP 2015 The Internet of Things | CommsDay Summit 2015

● Contract allocate obligations and risk, limit liability

● Tort negligence (duty of care), trespass, privacy(?)

● Equity fiduciary obligations, confidential information

● Statute Australian Consumer Law (misleading conduct, product liability), Privacy Act, Copyright Act, Telecommunications Act

● Regulators ACMA, OAIC, ACCC

but we need to apply it



Does data create a duty of care?

Could being the holder of IoT data give rise to a duty of care?

• Why hasn't 80 year old Doris switched her light on for two weeks?

• Did the voice recognition television just hear threats of domestic violence?

• If an IoT managed stock feeder detects disease, does responsibility stop at the farmer?



Same Information – different questions

Imagine an IoT supplier had information that showed:

- An imminent terrorist threat?

- A violent crime investigation?

- A fraud investigation?

- A life threatening health condition

- A traffic offence?

Would you give that information up if a law enforcement body asked?

Do you have a duty to report it?



Same Data - Other questions

What should you do if you have data that suggests:

- An imminent explosion (gas leak)?

- A high risk of fire (short circuit)?

- Likely equipment failure (worn brake pads)?

- Deliberate nuisance (excess noise)?

- Waste of resources (tap running)?

- A likely heart attack (irregular heart beat)?

Will you be liable for any loss that flows?



Answers are not obvious

● In this way technology is outpacing the law (because its outpacing us)

● We must make educated guesses of the duty of care (and revisitthem)

● Courts and Legislatures will broaden, not narrow legal, liability

● Expect the unexpected

● Think about it now.

● Think about data that may be relevant to criminal and personal injury matters.

[email protected]

Bird & Bird is an international legal practice comprising Bird & Bird LLP and its affiliated and associated businesses.

Bird & Bird LLP is a limited liability partnership, registered in England and Wales with registered number OC340318 and is authorised and regulated by the Solicitors Regulation Authority. Its registered office and principal place of business is at 15 Fetter Lane, London EC4A 1JP. A list of members of Bird & Bird LLP and

of any non-members who are designated as partners, and of their respective professional qualifications, is open to inspection at that address.

twobirds.com

Thank you

Date post:	15-Jul-2015
Category:	Technology
Upload:	grahame-lynch
View:	69 times
Download:	4 times

CD Summit 2015: Bird & Bird's Hamish Fraser

Technology