New legislation may be needed to address the challenges presented by the growth of the internet of things (IoT), according to a European Commission official.
Opening the discussion on IoT policy during a debate in Brussels on Thursday, Thibaut Kleiner, the head of unit of network technologies at DG Connect, said the EU was at a “key moment in policy in relation to IoT”.
Kleiner questioned if a “horizontal data approach” was needed, asking, “Do we need essential elements in terms of privacy in general or something specific for IoT?” Some important privacy questions may be covered in general, but “others deserve attention in terms of policymaking and possible legislation”, he told the event.
His comments came at a conference organised by the Digital Enlightenment Forum, Huawei and the Parliament Magazine.
Kleiner noted that the IoT had been mentioned in the EU’s recently unveiled digital single market (DSM) strategy, with its potential in helping build a telecoms single market among the aspects highlighted.
While the EU had presented a strategy on cloud computing, data and the DSM, there had been little focus on IoT since the 2009 action plan, he said, adding that the Commission would now consult with industry on possible next steps.
For Robert MacDougall, chair of the Alliance for Internet of Things Innovation (AIOTI) policy working group and head of enterprise regulation at Vodafone, the DSM is the key policy initiative. He told the conference that the 200 members of the working group includes companies, academic institutions, law firms, and sectoral trade associations.
He said the range of members is particularly important because of the group’s objective – to represent supply and demand and to make horizontal policy recommendations.
Another key aim was to “identify existing or potential market barriers that prevent the take-up of IoT in the context of the DSM,” said MacDougall, highlighting a focus on privacy, security, liability and net neutrality
He added that new law and regulation was not required in terms of privacy, and that the general data protection regulation was sufficient.
However, with concerns that devices could eventually make decisions for themselves, he stressed that engineers must be able to design in privacy safeguards as required.
Cornelia Kutterer, a Microsoft policy director and member of AIOTI, spoke of transformation of the industry as a result of cheaper hardware and new innovative scenarios, among others.
She said that Microsoft was not so active in the policy debate because it was more focused on software than devices.
For Kutterer, IoT device connectivity and management, analytics and operational insight and connecting these insights to business are all important.
“As we moved to the cloud and became active in IoT, we are coming closer to businesses,” she said.
She added that Microsoft’s entire sale structure has changed as it becomes much closer to customers. “The fact that every company is a data company is key,” she said.
Data access, surveillance and law enforcement should all form part of the privacy debate, she argued, noting that the ePrivacy directive would be opened for revision.
Policy areas for further consideration include privacy principles and data access, as well as contractual and IP considerations, market regulation and the importance of ethics in terms of, for example, behavioural experimentation and discrimination, Kutterer said.
She added, “If we want to move on with IoT adaption, we need to bring citizens along with us.”
Sébastien Ziegler, of Mandat International IoT forum, used his presentation to set out changes in the IoT landscape.
He said IoT was becoming “highly scalable but also very pervasive”. That it is distributable everywhere brings important consequences for the privacy debate, he added.
He also spoke of a “paradigm shift towards end-users”, and how to combine technical research with this end-user focus. This is important for citizens as the drivers for IoT, he said.
Ziegler highlighted a new vision from the research cycle in terms of bridging the gap between researchers and end-users.
The privacy requirements contained in the April 2016 general data protection regulation represents a big shift because of its global scope and legal and financial risks it brings for companies, he said.
Setting out his recommendations for the Commission, he called for a cross-domain IoT approach. “There is a feeling that we’re moving from silo to a cross-domain eco-system,” he said. He also called for Internet Protocol version 6 (IPv6) to be a requirement for IoT, urged a focus on 5G R&D in terms of IoT requirements and said greater international cooperation and global presence was needed.
Follow today's Future of Internet of Things in Europe Live Stream