Skip to 0 minutes and 8 seconds One of the things that we’ve been seeing over the last few years is that there is still quite a gap between some countries’ perceptions of what they can do with personal data and the rights of individuals on the one hand, and other countries who feel that there should be laws that strictly control those rights. So on the one hand you’ve got, for example, the United States, where I think it was Scott McNealy from Sun Microsystems, way back when, who famously said, you have zero privacy, get over it. And that’s very much a US type approach, is that we can do pretty much anything with anybody’s information.
Skip to 0 minutes and 47 seconds But of course, you can bring class actions if you don’t like what we do. And then you look at what’s happening in Europe for the last 20 years, where you’ve had a very bureaucratic approach in Europe, where for historical reasons and ethical reasons, governments have said, personal information is something that is protectable. In fact, it’s probably a human right. And indeed, there is human rights laws that protect what can be done with people’s information, and what the rights of individuals are. But that has layers and layers of bureaucracy, and very difficult in the world, now, of big data and so on, to be able to just make the maximum use out of it, without breaking the law.
Skip to 1 minute and 30 seconds But then we’re equally seeing in Southeast Asia, you’ve also got countries there, South Korea has one of the most bureaucratic laws in the world. Malaysia has some of the biggest prison sentences for directors who do not comply with data privacy rules. So there’s differences around the world, and I guess the question is, is that going to last? And are we going to see some international standard? Well, we’re already seeing that anyway. We’ve got the OECD guidelines on data privacy. The United Nations is building up privacy guidelines. There is a international consortium of privacy commissioners around the world, who are meeting every year in one part of the world or another, to try and come up with broad principles.
Skip to 2 minutes and 23 seconds And in fact, I am seeing that even the US is starting to follow very much the EU approach, and I think the EU approach has been seen as the gold plated standard. And it probably is. But that is influencing what happens around the world. So one of the things that the regulators have been looking at in the last few years is to come up with guidance for those businesses that develop internet of things technology, or are building apps that are interacting with a general internet of things framework, or the users of the internet of things, whether it’s at a governmental level, or whether it’s business to business, and so on.
Skip to 3 minutes and 4 seconds There is guidance out there that says, for one thing, we need to be transparent with individuals as to what is going to happen with their data, or what may happen with their data, or what their rights are in relation to what is happening. There needs to be transparency by businesses that are developing these wonderful tools to tell people, here’s how we protect your rights, and here’s what your rights are, and here’s what you can do, if you’re not comfortable. But then there’s also guidance that says when you start developing internet of things solutions, you should be baking privacy by default, or by design, we sometimes call it, into those applications.
Skip to 3 minutes and 46 seconds What tends to have happened in the last few years is the technology races ahead of the rights of individuals and the law, and then everybody has to bake in or retrofit privacy after everything’s out there. But that’s almost closing the stable door after the horse has bolted. Where we’re moving now is to regulators saying, we need to think ahead, or we should be thinking ahead before we launch these devices, because individuals have rights. We’re seeing the Federal Trade Commission in the US taking this position, and we’re seeing the regulators in Europe doing the same. Japan is starting to pass new laws to think ahead about how to benefit the internet of things, without reducing the rights of individuals.
Skip to 4 minutes and 34 seconds Another interesting aspect to the internet of things is the fact that you’ve got the coming together of the law relating to devices– electronics– and the law relating to software. Obviously, devices such as mobile phones, and what have you, have had an awful lot of software for a long time. But we’re seeing this in very stark terms in the internet of things, in that in devices, in electronics, there’s a much stronger reliance on patent law. And patent law establishes a full monopoly to the patent holder, in terms of the technology solution, whereas software is generally protected by copyright law, and copyright just gives protection from copying. It’s in the name.
Skip to 5 minutes and 16 seconds And so it’s possible, under software copyright law, for people to create independent solutions with the same functionality, as long as they are not copying the other person’s software. When you put those things together within the internet of things devices, then there is probably more likelihood that we’re going to see patent law starting to come to the forefront, which then means that there’s the risk that monopolies will be created through patent protection, and the first movers there, the people with the patent protection, may be able to monopolise the technical solutions. So that’s a risk issue. It’s also an opportunity for lawyers. I know our patent lawyers are looking at that issue very carefully.
UK and Global Privacy Laws & Initiatives
In this video, two lawyers discuss privacy laws and considerations relating to the Internet of Things.
© King’s College London