The Internet of Things: Redefining “Big Data” and Personal Privacy


The Internet of Things: Redefining “Big Data” and Personal Privacy

Conor Shankman, Daniel J. Mitchell, Michael R. Bosse, N. Joel Moser


The Internet of Things (IoT) will provide new opportunities with unique challenges. The global infrastructure of information where objects are connecting across networks and sending and receiving data will require society to update existing laws, create new regulatory platforms, and redefine how we interact with each other on a daily basis.


What is IoT?

You are probably hearing about the Internet of Things a lot these days. The IoT is literally the network of physical objects and devices that we use each day that collect and exchange data:

  • Vehicles
  • Buildings
  • Electronics
  • Software
  • Sensors
  • And more

All of these objects are starting to connect to one another, hopefully leading to improved efficiencies, and economic benefits for all of us. Estimates exist that by 2020, there will be almost 50 billion objects in the IoT. This massive network will create new opportunities, but also challenges and dangers. The law, through legislation, regulation, and development of the common law, will have to move fast to keep up with the development of the IoT infrastructure.

This network of “Big Data” will begin to include products that may make society very uncomfortable. TVs, tablets, Fitbits, baby monitors, refrigerators, and home security systems are collecting data and will be able to be used remotely and sometimes in an interconnected fashion.

An elementary example of this is how your Fitbit can talk to your iPhone and vice versa. The IoT will be that example on steroids. For instance, your company might provide each person a Fitbit upon hire. Employees use the Fitbit and their employer and insurer receive the data, review it, and then determine which employees might be entitled to a wellness discount for the premium on their insurance plans. Society may challenge this form of obtrusion on our privacy interests.

How could this bring about legal changes?

There are major security and regulatory hurdles that will need to be faced. One need only look at the world today, where the question of a data breach for most companies is no longer “if,” but instead “when.” The privacy threats for the IoT are enormous for businesses and individuals.

Will people be able to:

  • Provide informed consent to this massive data collection in any meaningful way?
  • Control who uses their personal data and how?
  • Have any concept of anonymity with the data, or will everyone know more about all of us than ever before?
  • Hack into the software in your car and control it from a remote location?

Many of our current laws regulating our behavior in society may become obsolete. Changes could occur quickly and some of our regulatory structures may have to change in dramatic ways. Certain privacy and information management statutes such as HIPAA, HITECH, as well as other regulatory frameworks like COPPA, FACTA, and the CAN-SPAM Act, likely will need to be modernized. Municipalities will have to decide how to interact with the IoT for its employees, and for its inhabitants. Finally, there might be major implications for some bedrock provisions of the Bill of Rights, including the First and Fourth Amendment.

What’s Next

The IoT is moving forward with or without our approval. The better informed we are, the more likely we can harness the opportunities of this seismic shift, and protect as best we can against the new dangers and risks the IoT will create. At Bernstein Shur, attorneys from the corporate, litigation, data privacy, and banking groups are devoting themselves to the legal landscape of the IoT, and will provide additional information in the coming weeks and months.


Authored by Mike Bosse, Dan Mitchell, N. Joel Moser and Conor Shankman