On December 1, 2016 Hogan Lovells hosted their 5th Annual Winnik Forum, named after a former partner, Gary Winnik, who died in 2012. This year’s event, held in Hogan Lovells newly remodeled DC offices, focused on the Internet of Things (“IoT”) – a promising but poorly understood area of potential growth in the telecom sector. Give the recent headlines about data breaches and the potential for nearly ubiquitous IoT devices, it shouldn’t be surprising that many of the remarks touched on security and privacy related matters.
The various speakers struggled with the two competing notions. On one hand, the massive increase of sensors and data transmission on critical devices seems to require regulation to protect the public from those with malicious intent and/or bad product design. The sheer volume of devices and the often increasing sensitive nature of the data could create significant privacy as well as health and safety concerns. On the other hand, speakers did not want to handcuff innovation with rigid rules that might well be outdated by the time they are implemented.
After a full day of discussion, the second to the last panel (see Section I: Protecting your Privacy in the IoT ), seemed to offer some light towards a possible solution – at least with respect to privacy. They seemed to universally acknowledge that the traditional “notice and consent” model about how data is used is not practical given the number of sensors a person is likely to encounter in daily life. One idea involved looking to more developed social norms for guidance. Another was simply to simply assign greater liability to those who misuse or fail to appropriately protect data. This would let IoT uses figure out how to implement processes to prevent these problems with minimal need for regulatory micro-managing. The final panel, (see Section J: IoT International Considerations) however, largely blew-up any hope of simple solutions, by highlighting the complex international coordination needed.
Overall, the Hogan Lovells 5th Annual Winnik Forum was quite productive. The event was focused on legal issues, understandably, as it was sponsored by a law firm. Nonetheless, we were somewhat concerned about what we saw as an implicit acceptance by the speakers of a rapidly exploding IoT industry. We saw little acknowledgement of significant internal challenges companies face to implement organizational changes needed to act upon data from IoT-type sensor data. This issue may have a massive effect on the industry – will it explode with massive growth sustained for years? Or, will it prove to be like the Internet in the late 1990s – a bubble of early enthusiasm that burst, only to steadily grow in later years? The answer to this question will likely drive the level and nature of services, including legal, needed by the sector in the forthcoming years.