The Internet Of Things: Guidance, Regulation And The Canadian Approach

The Internet of Things (IoT) has been identified as a disruptive technology, bringing with it both the promise of seamless inter-connectivity of devices and, the flip side of that inter-connectivity, single-point vulnerability of multiple systems. While businesses rush to embrace the technology, the regulators have begun considering the issues raised by it.

What is the Internet of Things?

The “Internet of Things” is a phrase that refers to everyday products that are connected to the internet that can send and/or receive communications from other devices. It includes internet-enabled products such as thermostats, fitness trackers, watches, cars, light bulbs, washers and dryers or even toasters and toothbrushes. On a larger scale, it can include industrial controls and factory machinery.

It remains to be seen how Canada will adapt to a world of connected devices. From the reports created in the EU and US it is apparent that there will be tension in the creation of new regulatory frameworks since these have the potential to stifle innovation and increase business costs. Nonetheless, the security, privacy and competition implications of the Internet of Things are equally apparent. Companies should ensure that they are continually monitoring and improving their privacy and security practices to stay in front of any legislative changes. In the long run, this will decrease compliance costs and help gain the trust of consumers.

The federal Privacy Commissioner has taken what it describes as a “keen interest” in the problems associated with the Internet of Things and notes that is conducting various research projects related to the Internet of Things. In June, 2015 Privacy Commissioner Daniel Therrien in his submission to the House of Commons Standing Committee on Industry, Science and Technology said that his Office planned to release “several reports on the Internet of Things”.

While no reports have been forthcoming, the Privacy Commissioner reiterated his Office’s interest in and concern with the Internet of Things, noting specifically that in Spring, 2016, it will produce a “discussion paper” outlining the various challenges associated with the current consent model, explore potential solutions, such as industry codes and other forms of self-regulation, and enhanced regulation. While these are not specific to the Internet of Things, the Internet of Things, and IoT-enabled devices, will be included.

The Privacy Commissioner also anticipates “providing  guidance to businesses and technology developers on how to build privacy protections into products and services; and educate users on the privacy risks associated with wearable devices” and other connected technologies.

Article by Kirsten Thompson and Brandon Mattalo