ICO to work with Ofcom to attempt to regulate the Internet of Things

The regulator published a report that detailed how spectrum availability, data privacy, network security and network addresses should be regulated as the world becomes increasingly connected - and businesses learn more about its customers.

Share

A common framework to give consumers more transparency over their data as devices, cars, and homes become connected, will be “critical” to the development of the Internet of Things, Ofcom stated this week.

The regulator published a report that detailed how spectrum availability, data privacy, network security and network addresses should be regulated as the world becomes increasingly connected - and businesses learn more about its customers.

The report somewhat clarified UK companies' position on handling and sharing of customer data pooled from devices or smart products – like cars, boilers or even fridges – however the regulator did not state what, or when, a framework would be enforced.

It said that data privacy concerns raised by the IoT would be covered by the Data Protection Act regulations already in place, but added: “We have concluded that a common framework that allows consumers easily and transparently to authorise the conditions under which data collected by their devices is used and shared by others will be critical to future development of the IoT sector.

“Given this, we will explore how we can support and work with the Information Commissioner’s Office (ICO), government, other regulators and industry to facilitate progress on this issue at both a national and international level.”

Data protection pitfalls

Ofcom highlighted potential pitfalls to the IoT, should it spread internationally. Data captured in one country may be hosted or stored in another country where data privacy regulation could differ. This could be problematic for the manufacturing industry, the regulator added, as often devices are produced and marketed in different countries.

Clarifying this will be crucial for manufacturers to make the most of increased connectivity, which, if adopted on an industrial level in the UK, could increase GDP by US$531billion (£349.45 billion) by 2030, according to Accenture.

However, these gains are at risk if companies and governments don’t take sufficient action to put in place necessary conditions for the wide adoption of what the analyst house describes as 'The Industrial Internet of Things'. It suggests businesses should help government identify ways to encourage greater investment in this area.

Risks to businesses

Over in the US, a report on the IoT was released by the Federal Trade Commission, which protects consumers’ rights. It said that firms developing Internet of Things (IoT) products should adopt best practices to protect the privacy and security of consumers. However, it was criticised by a former Gartner analyst, French Caldwell, now at GRC company MetricStream, for failing to emphasise the risks and security challenges for businesses.

He said: "Data aggregators will take data from the power company, your social and online activity data, data from your smartphone on your health, data from your car, your shopping history from your credit cards and data from your smart TV to create an extraordinarily complete digital profile. This profile will have extraordinary commercial value, and also value to governments for law enforcement, or in some countries for ongoing monitoring of citizens.

“The risks to businesses are not emphasised. The security challenges are mammoth. Consider right now the challenges that consumer focused companies are facing with cybersecurity. Now multiply that by a thousand times or more. It’s not just the volume of data, but the rate of creation of data, and the number of endpoints that create greater security challenges."

What is Ofcom monitoring?

Ofcom said its preliminary work to understand potential data privacy issues may include an assessment of data protection regulations against connected devices, learning more about consumer attitudes to sharing data and evaluating whether a public awareness campaign will help.

Spectrum

Many IoT applications will require short-range wireless connectivity – like wifi. Ofcom is responsible for regulating radio spectrum, and other broadcast or communications technology, and said it will monitor spectrum usage for the IoT in case demand spikes. Currently, a medium-term solution is in place, which includes freeing up spectrum licenses and making additional spectrum of 870/915MHz bands available. It is looking into the feasibility of making 55 and 68MHz bands available.

Network

As telephone numbers will no longer be needed for IoT services, Ofcom will monitor internet service providers’ migration to IPv6 connectivity as well as the public demand for a landline.  

Image: The Nest smart thermostat is an example of a useful IoT device - giving customer's real-time energy usage in their homes. Credit Flickr/Scott Cawley