Internet of Things and the Law: Legal Strategies for Consumer-Centric Smart Technologies

Publication type Review
Status Published
Affiliation: Lomonosov Moscow State University
Address: Russian Federation, Moscow
Affiliation: Lomonosov Moscow State University
Address: Russian Federation, Moscow
Journal nameLaw & Digital Technologies
EditionVolume 2 № 1

The present work is a review of the book “Internet of Things and the Law” by Dr. Guido Noto La Diega. Unlike other analyses that tend to focus on individual issues and are US-centric, this study is an updated comprehensive reflection on the problem from a European socio-legal perspective. Having identified IoT-generated risks, the author critically assesses how these risks can be tackled by EU contract law, consumer protection law, data protection law and intellectual property law. 

KeywordsInternet of things, EU law, consumer protection, data protection, intellectual property rights
Publication date30.06.2022
Number of characters25930
Cite   Download pdf To download PDF you should sign in
100 rub.
When subscribing to an article or issue, the user can download PDF, evaluate the publication or contact the author. Need to register.
1 “Internet of Things and the Law” summarizes the many years research of Dr. Guido Noto La Diega, who is professor of Intellectual Property Law and Privacy Law at the University of Stirling, member of the European Commission’s Expert Group on AI and Data in Education and Training, director of ‘Ital-IoT’ Centre of Multidisciplinary Research on the Internet of Things, research associate at UCL Centre for Blockchain Technologies and fellow of the Nexa Center for Internet and Society. This research started as a PhD thesis (Noto La Diega 2014), further developed in a series of articles (Noto La Diega 2016; 2017a; 2017b; 2018; Noto La Diega and Walden 2016; Noto La Diega and Sappa 2020) and finally condensed in the above-mentioned book.
2 Unlike other analyses that tend to focus on individual issues like privacy, cybersecurity or competition law and are US-centric, this study is an updated comprehensive reflection on the Internet of Things (IoT) from a European socio-legal perspective. The author defines his methodology as Marxist and aims to raise awareness, or in Marxist terms, “to heighten class consciousness” about the risks of technologically-driven capitalism.
3 The three pillars on which the analysis is build upon are the following. Surveillance Capitalism by Shoshana Zuboff draws a parallel between the industrial capitalism studied by Marx and the modern IoT-powered capitalism where every IoT user becomes a data producer exploited by capitalists (Zuboff 2019). Re-engineering Humanity by Brett Frischmann and Evan Selinger highlights the IoT risks of erasing the “freedom to be off, to be free from systemic, environmentally architected human engineering.” (Frischmann and Selinger 2018, 124). Between Truth and Power by Julie E. Cohen demonstrates that both networked media infrastructures (code) and legal institutions mediate between truth and power and therefore “law is not—and never could be—simply an instrumentality for the promotion of just outcomes.” (Cohen 2019, 5).
4 Along with its significant socio-economic impact, the IoT, according to Noto La Diega, “disrupts many of the dichotomies upon which the law has been built, most notably good-service, hardware-software, tangible-intangible, consumer-trader, consumer-worker, human-machine, security-cybersecurity, online-offline.” This urges a cautious analysis of the phenomenon and a critical assessment of the existing regulation.
5 In Chapter 1 the author studies the obstacles to regulation of IoT and possible solutions proposed by the EU authorities. The first and foremost problem researchers face is the lack of a generally accepted definition of the IoT. Noto La Diega proposes to define a ‘Thing’ as “[a]n inextricable mixture of hardware, software, service, and data that has (inter)connectivity, sensing, and actuating capabilities and interfaces the physical world”. As such, features as physicality, (inter)connectivity, equipment with sensors and actuators are more or less obvious for many scholars. This fact that IoT devices (‘Things’) are ‘an inextricable mixture of hardware, software, service, and data’ deserves special attention from legal researchers and regulators since it blurs the conventional software-hardware, goods-services, and online-offline dichotomies.
6 Along with the difficulty in understanding the concept, the author reveals other reasons why IoT becomes too complex to regulate. They are:
  1. The lack of single IoT taxonomy resulting from sectoral fragmentation and partially standardised enabling technologies. For example, self-driving cars and drones both fall under the scope of ‘Things’ but are regulated by different authorities.
  2. The intrinsically transnational character of Things, which are concurrently located in many jurisdictions and are highly mobile. The EU attempted to solve this problem through various legal instruments, three of which drew the author’s attention1.
  3. The ‘relational black box’, i.e., the IoT’s complex supply chain and sophisticated ecosystem that led Thing users to enter into several relationships with different actors without necessarily being aware of it (further developed in Chapter 2).
1. Cross-Border Service Portability Regulation, Geoblocking Regulation, Free Flow of Non-Personal Data Regulation.
8 Having identified these problems, Dr. Noto La Diega further describes the EU approach to IoT regulation. The researcher expounds that the European Union has a long history of IoT regulation via soft laws. The first non-binding way to indirectly regulate the IoT was through funding of research and innovation. These initiatives included the European Research Cluster on the Internet of Things (IERC, launched in 2010) and the IoT European Platform Initiative (IoT-EPI, launched in 2016). The second step was the launch of the Alliance for Internet of Things Innovation (AIOTI) to support the creation of ‘an innovative and industry driven European Internet of Things ecosystem’ in 2015. The third initiative was the attempt to implement European values in the IoT via European Commission Staff Working Document entitled Advancing the Internet of Things in Europe. The fourth recent trend is the ethical approach which is manifested in the proposed Artificial Intelligence Act. The fifth and the most recent way to regulate IoT via soft laws is the regulation by design. First articulated by Lawrence Lessig (1999) this idea has found its followers among both researchers and lawmakers. By way of illustration the author refers to the UK Government’s Code of Practice for Consumer IoT Security. Accepting that soft law might be more efficient in burgeoning industries, Dr. Noto La Diega, however, presents several arguments against a soft approach to IoT regulation, the strongest of which is that self-regulation is not actual regulation since regulation aims “to alter the behaviour of others . . . with the intention of producing a broadly identified outcome or outcomes”, while self-regulation is self-directed. As for EU hard law relevant for IoT, it includes Sale of Goods Directive, Digital Content Directive (both discussed in Chapter 3) and European Electronic Communications Code. The author argues that IoT regulation should comprise both hard and soft laws and “the crucial point will be to find the right mix of the two”. This can be achieved via “coregulation”, where public and private actors develop the rules together. At the EU level the successful example of coregulation was the industry-led framework approved by a public law body in relation to privacy impact assessments of RFID applications. However, it is an open question which institution should supervise IoT regulation at the international level. Dr. Noto La Diega concludes that IoT regulation should be viewed as a complex strategy with a focus on hard law.

views: 205

Readers community rating: votes 0

1. Cohen, Julie E. 2019. Between Truth and Power: The Legal Constructions of Informational Capitalism. Oxford Scholarship Online.

2. Fairfield, Joshua A.T. 2017. Owned: Property, Privacy, and the New Digital Serfdom. Cambridge University Press.

3. Frischmann, Brett M., and Evan Selinger. 2018. Re-Engineering Humanity. Cambridge University Press.

4. Noto La Diega, Guido. “Il paradigma proprietario e l’appropriazione dell’immateriale.” PhD thesis. Università degli Studi di Palermo, 2014.

5. Noto La Diega, Guido. 2016. Clouds of Things: Data Protection and Consumer Law at the Intersection of Cloud Computing and the Internet of Things in the United Kingdom. Journal of Law & Economic Regulation 9(1): 69-93.

6. Noto La Diega, Guido, and Ian Walden. 2016. Contracting for the “Internet of Things”: Looking into the Nest. European Journal of Law and Technology 2019.

7. Noto La Diega, Guido. 2017a. Machine Rules. Of Drones, Robots and the Info-Capitalist Society. Italian Law Journal 2: 367-404.

8. Noto La Diega, Guido. 2017b. Software Patents and the Internet of Things in Europe, the United States and India. EIPR 39 (3): 173-184.

9. Noto La Diega, Guido. 2018. Against the Dehumanisation of Decision-Making – Algorithmic Decisions at the Crossroads of Intellectual Property, Data Protection, and Freedom of Information. JIPITEC 9(1).

10. Noto La Diega, Guido, and Cristiana Sappa. 2020. The Internet of Things at the Intersection of Data Protection and Trade Secrets. Non-Conventional Paths to Counter Data Appropriation and Empower Consumers. Revue européenne de droit de la consommation / European Journal of Consumer Law 3: 419-458.

11. Zuboff, Shoshana. 2019. The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power. PublicAffairs.

Система Orphus