fbpx Skip to content

FTC Report: It’s Premature to Regulate the IoT

IoTThis morning (January 27, 2014), the Federal Trade Commission (FTC) released a report on the Internet of Things (IoT), which includes recommendations for how companies may address potential consumer privacy and security concerns associated with connected devices.  Six years ago, for the first time, the number of “things” connected to the Internet surpassed the number of connected people, the report claims. “Yet we are still at the beginning of this technology trend. Experts estimate that, as of this year, there will be 25 billion connected devices, and by 2020, 50 billion,” it says.

For every branded “thing” that will be connected to the Internet, marketers must operate in a new realm of consumer expectation – and privacy or “big brother” concerns will undoubtedly continue to be forefront among them.   TopRight counsels our clients to consider this evolving expectation as we build each brand-consumer relationship.  As the realm of what is possible expands – the idea of the refrigerator sending  a message to the car (and to the local grocery!) to tell us we are out of milk is right out of  The Jetsons, but is really not that far away, and so we all must incorporate some level of digital transformation into our processes, messaging and operations. The FTC announcement today that they are not planning to immediate regulate the IoT is good news for industry, as it allows for responsible innovation and continued self-regulation.

Considering the impact of the IoT on consumers, and consistent with its mission to protect consumers in the commercial marketplace, the FTC hosted a workshop on November 19, 2013 titled The Internet of Things: Privacy and Security in a Connected World. Today’s report summarizes the workshop and provides staff’s recommendations in this area, focusing on four main topics:

  1. Security:   The report urges companies developing IoT products to implement reasonable security. “What constitutes reasonable security for a given device will depend on a number of factors, including the amount and sensitivity of data collected and the costs of remedying the security vulnerabilities,” the report says.   It recommends a “security by design” approach, where security is built into IoT devices at the outset and considers security throughout the consumer experience lifecycle.
  2. Data Minimization:  In the report, “data minimization” is defined as an approach to limit the data collected and retained, and disposing of it once it is longer needed. Such a data minimization strategy can guard against privacy risks that make large data stores more attractive targets for thieves; and reduce the risk that data be used in ways that “departs from consumers’ reasonable expectations.”
  3. Notice and Choice.  The FTC recommends clear notice and choice for every data collection instance, although the report confirms the Commissions past position that not every data collection situation requires choice.
  4. Legislation:   The report emphasizes the great potential for innovation and increased consumer value in this area, and states that that IoT-specific legislation at this stage would be premature.   It also supports that development of self-regulatory programs designed for particular industries to encourage the adoption of privacy- and security-sensitive practices. The report does call on Congress to continue efforts to strengthen consumer privacy and security enforcement tools and data breach notification laws.  Citing the current restrictions on the FTC to take any action on privacy protections absent  a specific showing of deception or unfairness, the report “Again recommends that Congress enact broad based (as opposed to IoT-specific) privacy legislation. Such legislation should be flexible and technology-neutral, while also providing clear rules of the road for companies about such issues as how to provide choices to consumers about data collection and use practices.”

Keeping an eye on regulatory actions is always a good idea for any company wanting to Stay #TopRight in your marketplace.  Associations like DMA, NRF and IAB all work with federal and state policymakers to maintain our effective self-regulated industry.   Each marketer who is responsible in the collection and use of data helps keep the industry free to innovate, on the IoT and other technology advances.

If you want to keep up with IoT regulation, please note that Senator John Thune (R-SD), Chairman of the Senate Commerce Committee, announced this week that the Commerce Committee will be holding a hearing on the Internet of Things entitled, “The Connected World: Examining the Internet of Things” on February 11, 2015. The hearing will focus on connected devices and how to keep government regulation from stifling innovation, according to the hearing announcement.

Leave a Comment