November 19, 2014

The Internet of Things and Wearable Technology: Addressing Privacy and Security Concerns without Derailing Innovation

This paper was published in Volume XXI, Issue 2 of the Richmond Journal of Law and Technology.

The “Internet of Things”—smart devices that are connected to both the Internet and other devices—and wearable technology promise to usher in the next great wave of Internet-enabled services and data-driven innovation. The Internet will be “baked in” to almost everything that consumers own. Some critics are worried about the privacy and security implications of the Internet of Things and wearable technology, so they are proposing regulation.

In a new study for the Mercatus Center at George Mason University, scholar Adam Thierer shows that preemptive, top-down regulation would derail the many life-enriching innovations that could come from these new technologies. The study argues that permissionless innovation, which allows new technology to flourish and develop in a relatively unabated fashion, is the superior approach to the Internet of Things. Combining public education, oversight, industry best practices, and transparency in a balanced, layered approach will be the proper way to address concerns about the Internet of Things—not prospective regulation based on hypothetical scenarios.

While some argue that the worst-case scenarios that could result from emerging technology demand intervention before any harm might occur, even if the possibility is remote, Thierer concludes that other solutions—such as tort law in the legal system or the development of industry best practices—are the better approach to regulating new technology, unless there is clear evidence of direct, immediate risk to health or property. Living in fear of the worst-case scenarios and basing public policy on them can lead to the best-case scenarios never arising. Forbearance and humility by regulators is crucial to developing new products and services that could enrich the lives of all consumers.

To read the full study, see “The Internet of Things and Wearable Technology: Addressing Privacy and Security Concerns without Derailing Innovation.”

GROWTH OF THE INTERNET OF THINGS AND WEARABLE TECHNOLOGY

The Internet of Things and wearable technology simply means widespread device connectivity. Appliances and machines that consumers use on a daily basis—such as cars, refrigerators, lights, watches, jewelry, eyeglasses, and even clothing—will be networked, sensing, automated, and able to communicate with one another. These new technologies will give consumers more control over their own lives and save time by automating routine tasks and chores. Many of these changes to daily life are just a few years away, and some can already be seen today.

  • Within a few years, tens—if not hundreds—of billions of connected devices will be in use globally.
  • The biggest impact of connected devices will be seen in health care, energy, transportation, and retail services.
  • Today, wearable technology is already popular for health and fitness monitoring, allowing users to share data with others and log their daily activity and well-being.
  • Devices will also have profound implications for health care, as technology assists with surgery and emergency care, treatment, and diagnosis of disease. For example, colon cancer screening may soon become less invasive and abrasive, with patients able to swallow a pill that wirelessly transmits video images of the inside of the body back to doctors.

CHALLENGES TO PRIVACY NORMS AND LEGAL STANDARDS

As technological innovation progresses, thorny ethical and legal questions will arise, including what people should be able to do with their own bodies. Emerging technology will also challenge existing health and safety regulations imposed by government agencies. Additionally, concerns about the collection and dissemination of data, which devices routinely do as part of their design, will become particularly sensitive. Questions about how to deal with data and privacy concerns are unanswered at this time, and so are the capabilities of regulators to deal with such questions without knowing the positive implications of new technology. There are several approaches to regulating connected devices:

  • Industry best practices. In response to emerging questions relating to wearable technology and privacy, regulators have pushed device manufacturers to adopt industry-wide best practices, but these actions often run into definitional problems because the technology is so new.
  • Notice and choice. Regulators have also suggested that manufacturers notify consumers of the collection and use of data and make it easier for them to opt out of having their data used for various purposes.
  • Use-based restrictions. Restricting when and where devices can be used may be an appropriate method of regulation. For example, prohibiting use of Google Glass in restrooms or while operating a vehicle may be a potential avenue for regulation. Others want use-based restrictions limiting how data is used to make other determinations, especially when sensitive personal information is being collected.

Regulators should be cautious about implementing use-based restrictions, however. The preferences of regulators should not be substituted for the judgment and choice of consumers. Such “privacy paternalism” can make choice meaningless for consumers or remove it altogether, which limits freedom and innovation. Moreover, regulators should be mindful of First Amendment concerns when restricting use by consumers: some activities, such as photography or reporting based on data collection, may be protected by the Constitution’s guarantee of free speech.

RESISTANCE, ADAPTATION, AND ASSIMILATION:
THE CYCLE OF CONSUMER ATTITUDE TOWARD TECHNOLOGY

Attitudes toward new and emerging technology often go through a familiar cycle of resistance, gradual adaptation, and finally assimilation. In other words, citizens gradually come to accept new technology as it emerges and become more resilient in the process. As with the ultimate adaptation of photography—considered in the late 1800s to be a radical and invasive new technology with profound privacy concerns—citizens will eventually understand and seek out the benefits of technology that can improve lives. Regulators should understand that there is no one-size-fits-all approach to regulating new technology. The goal should be to encourage, rather than limit, freedom and choice for consumers.

CONCLUSION

Concerns about wearable technology can be dealt with using a combination of educational efforts, technological empowerment, social norms, public and watchdog pressure, industry best practices and self-regulation, transparency, and targeted enforcement of existing legal standards (especially tort law) as needed and appropriate. Regulators should also not underestimate the ability of individuals to adapt to these new technologies, just as they have with so many other technologies in the past. Policymakers should allow new technology to flourish and grow rather than impeding or stalling it by an overabundance of caution and concern leading to preemptive regulation.