Public authorities 'must consider trade-offs' before setting Internet of Things regulation
The government must proceed with caution when considering regulation of the Internet of Things and realise a one-size-fits-all approach may not be appropriate, an academic from a leading IoT research group has said.
Internet of Things technology has huge potential, but regulation involves trade-offs - Photo credit: PIxabay
Irina Brass, a researcher at University College London’s PETRAS IoT research hub, told PublicTechnology that various sector-specific rules, such as health regulations add “layers of complexity” to any regulatory landscape.
Brass was responding to a recent report from research organisation RAND, which looked at how to use policy to support increased use of the IoT.
The RAND report looked at IoT take-up across sectors and identified a number of opportunities and challenges, such as working to increase trust in the security and processes involved with IoT.
It said that there were “mixed perceptions” among IoT innovators of the ability public policy has to accelerate the market, and urged public bodies to consider themselves as strategic purchasers of new technologies.
Overall, Brass said that the review offered a valuable assessment of the challenges of IoT for public service delivery, which looked at a number of essential trade-offs in the system, such as procurement practices, value-for-money and privacy and security considerations.
However, she said that there was more work to be done on the regulatory side, especially when considering one of the report’s statements, that “clear, unambiguous and standardised processes for personal data governance” should be a prerequisite for linking up systems, and making them interoperable and trustworthy.
“There is the need for a more detailed analysis of the current regulatory landscape in which IoT is emerging before prescribing, for instance, clear, unambiguous and standardised processes for personal data governance,” she said.
Brass said her group’s research showed that IoT was emerging in a complex regulatory landscape made up of different rules for governing electronic communications, competition, data protection, security and risk management. On top of this, there are sector-specific rules, such as those around healthcare, to deal with.
“Consequently, a one-size-fits-all approach might be premature at this stage and altogether inappropriate,” Brass said.
For instance, she said, it could be difficult to apply existing data and privacy protection guidelines, such as ‘privacy-by-design’ or ‘security-by-design’, uniformly across an IoT system.
Brass noted that increased security specifications could have major implications on the battery life or affordability of sensors – which are only small units of an IoT system. But, at the same time, vulnerabilities at this unit level could transfer risks across larger parts of the system.
“Consider, also, the costs of regular risk assessments that users of IoT systems have to factor into their business decision-making,” she said.
“It is essential to understand these trade-offs, which derive from the complexity and heterogeneity of the IoT ecosystem, before we can confidently proceed with policy prescriptions.”
Nesta’s Flying High Challenge is working with five UK cities to explore the use of drones in the delivery of public services. PublicTechnology talks to programme manager Nishita...
Sarah Timmis of think tank Reform discusses how digital can have a transformational impact for the emergency services
Following a major cyberattack and revelations of shared passwords, the team charged with protecting Parliament has been on a drive to help MPs stay safe
Report from MPs says that, a year on from the cyberattack, government and the NHS must now take action
BT brought together CIOs from well known organisations to identify the key threats and opportunities that new technologies are presenting
Hartley was a senior officer in the RAF and now works in cyber security for BT. Ahead of the BT Cyber Security Careers Insight, the Officers' Association asked him to...
BT's Andy Rowland on technological risk, and how the systems fundamental to modern life are under attack
BT's Mike Pannell on the different ways of anonymising information and their application to IoT data