Industrial IoT – Legal and Regulatory Aspects
As we are moving towards autonomous world – the lines have started blurring between machines and human. As more and more machines are taking control of the real-life situations, the topic related to legal and regulatory aspects in the new initiative rollout is becoming very significant day by day. Industrial IoT is based on the fundamental principle of collecting a lot of data about machines, about things around us, about processes and may be about humans in the process involved. Based on the stream of data captured and processed, different components of machines should be able to talk to each other, should be able to negotiate and should be able to sign and execute contracts. When such contracts are not honored and result in the loss in some form, so many different questions arise – such as:
- Is there any human representative on whose behalf, machines are negotiating the contracts with each other?
- When there are malfunctioning during the Industrial IOT process, who is responsible and liable in such a scenario? Some suppliers may be involved in the entire Industrial IoT process, how to determine the perimeter of liability of each provider? The factory management where the machines are working, or the design firms who designed or manufactured the robots, or some other supplier?
- During the Industrial IoT process, what if the data collected by the organization data is associated either directly or indirectly, to individuals, how to protect the privacy issues in such case?
- An important part of the manufacturing process is the supply-chain. Supply chain could involve critical infrastructures. In critical and sensitive scenarios, a lot of things in the supply chain is controlled by politics, people emotions, public opinions and rapid evaluation of future reputation. A lot of times, we observe the stakeholders go well beyond the contract to make things work. In the case of machines taking control, what would happen if the supply chain issues arise that are difficult to explain beyond agreed contracts.
There are many such issues around us when we are dealing with Industrial IoT. IoT in the Industrial world is growing at remarkable pace around us. As per the studies by various research groups, we could see anywhere between 40-50b devices in next 5-6 years. That will be almost 6-7 times of the average world populations.
Here is an attempt to outline related legal and regulatory aspects in the Industrial IoT and the Autonomous world. By no means, this is an exhaustive list, but it covers broad aspects that should be considered by the key stakeholders while designing and implementation of IoT systems.
Fair access to connectivity bandwidth: Net neutrality has always been a hot topic for discussion in many parts of the world. Net neutrality is about dealing with an unfair advantage to some organizations in pushing their services to the end consumer. As the number of devices grows exponentially, the bandwidth demand will outstrip available supply. If law does not protect net neutrality, there is a good chance that some business may be able to take advantage of their muscles to maneuver the data bandwidth needed by other devices
Responsibility, Accountability and Liability Issues: As machines are taking decisions and a significant autonomy and intelligence are introduced in the machinery, the questions are being asked about who will be accountable, responsible and liable for the actions taken on the fly. An obvious example of this is the autonomous car. With all the safety measures in place, there is still a remote possibility of an autonomous car involved in an accident. Now if that happens – as per law which should be accountable for this accident?
Data Handling: Privacy and information security have been very sensitive topics for the organizations. Many countries have strict rules about how privacy issues are to be dealt with by the organizations. Earlier data access was limited and was residing in closed premises of the organizations concerned, and hence it was easier to deal with issues and fix the liability and responsibility. Now the lines are blurring. In the IoT ecosystem, many organizations are collecting, sharing and using data with each other. The need is for the organizations to understand – Is the law of the land allowing the organizations to collect, store and process the data. What is the responsibility of the entity storing the data etc? Most of the countries have specific laws about whether or what kind of data can be collected, what should be stored and how the ownership of the data should be established.
Unlawful profiling: Raw data being collected by the devices related to states and behavior could lead to an accurate estimate of the aspects like race, age, IQ, personality, political views, etc. The rise of artificial intelligence and machine learning has led to precise personalization in most of the cases. Organizations should keep in mind how to prevent such profiling that is not allowed by the law of the land.
Privacy and Security: What about the privacy and security of the data under use? What are the compliance standards of the planned pilot and full-fledged implementation? Is the end user about whom the data is being collected, even aware of the situation and possible implications of this data collection? Is he/she comfortable signing for privacy standards? Has the design taken into considerations of issues like the right to deletion, the right to be forgotten, data portability, etc.?
Ownership of data: As devices are exchanging the data between themselves and the data is tons of data is getting stored in multiple places, there are many stakeholders and partners involved in the whole process. The clarity around ownership of data needs to be established and looked into very carefully.
Automated contracts: Today, the contracts are executed human to human. As part of a human to human contract, the executed and signed between humans. As things move to a machine to machine, what happens if machines start executing a contract between them? Would machines have the authority to execute such contracts? Can they be a challenge in the court of law if there is a dispute?
The article was written for IIoT World by Anil Gupta, Co-founder of Magnos Technologies LLP. He has about 23 years of experience in Connected Cars, Connected Devices, Embedded software, Automotive Infotainment, Telematics, GIS, Energy, and Telecom domain.