The Internet of Things (IoT) in national ICT policies: China and the European Union

Jenifer Sunrise Winter School of Communications University of Hawaii at Manoa

Overview
Internet of Things IoT and the u-societies in national ICT plans
Chinas 12th 5-year plan European Unions i2010

Policy implications, particularly focused on global regulation of privacy

Global impacts of pending EU general data protection regulation (~2014)

The Internet of Things (IoT)

An emerging infrastructure that employs radio frequency identification (RFID), near field communication (NFC), and related technologies to enable the Internet to reach out into the real world of physical objects (Internet of Things Conference, 2010). A variety of developments in which everyday objects can be tagged, and using standards enabling unique identification, communicate over the Internet. Next-generation infrastructure for the Internet

IoT and u-societies in national policy strategies

Ubiquitous Network Societies
Japan and Koreas u-strategies (2004-2010)

IoT is increasingly seen as a priority in national ICT strategies, but legislation is scarce.
EU i2010 policy framework for the information society and media (2005-2010) China 12th Five Year Plan (20112015)

China and the IoT

Strong, coordinated, national strategic development IoT figures prominently in Chinas 12th Five Year Plan. Premier Wen Jiabao (August 2010) announced that IoT is central to Chinas ICT plans. Internet of Things Center established in Shanghai (2010) City of Wuxi planned as IoT industrial park (and national R&D center), with other cities in Jiangsu also focused on IoT. Guangdong focusing on standards development, ties to Macau and Hong Kong. Investing 5 billion yuan ($800 million) in IoT by 2015. MIIT estimates Chinas IoT market at 1 trillion yuan ($166 billion) by 2020.

China and the IoT: Challenges

China aims to lead the race for international standards development to define the market.
Lack of standardization at various levels hinders growth of the industry

Promote IPv6 adoption

Currently slow

Network security and personal privacy issues not a key focus

European Union and the IoT

Has focused on the IoT since 2005, when the EUs Directorate, General Information Society and Media shifted from (CORDIS, 2012) Additional, funded research on IoT in 2009-2010 (Call 5 of FP7-ICT) and 2011-2012 (Call 7). From the start, linked to privacy concerns.

Privacy Challenges specific to IoT

1. Small components are not necessarily visible. One potentially does not know when and where data is being collected. 2. Billions of everyday objects, or even the human body itself, can be equipped with networked sensors. Many new types of data can be collected. 3. Machine intelligence may be used both to collect and to analyze this data. 4. Part of a global Internet-based system, these data can potentially be aggregated and linked to other personally-identifiable records.

EU Privacy and the IoT

EU privacy directive broad, omnibus protections for personal privacy RFID-specific consideration with the Privacy and Data Protection impact Assessment Framework for RFID Applications (Jan 12 2011).

Pending data protection regulation

EU general data protection regulation
A single data protection law for the EU (~2014) will repeal national data protection laws Article 3 addresses the territorial scope and relates to processing of personal data of those residing in the EU during activities related to offering goods or services, or otherwise monitoring behavior (Balboni, 2012)

Pending data protection regulation

Lawful data processing requires (Balboni, 2012): 1. Explicit consent 2. Right to be forgotten 3. Data portability Entities handling EU personal data must demonstrate compliance. Fines of up to 1,000,000 Euros or up to 2% of companies annual, worldwide sales.

New questions arising from the EU data protection revisions

Questions remain as far as enforcement (as well as the final form of the new regulation)
Is erasing data feasible? How will (can) transparency work in an IoT environment? Will penalties be enforceable?

Conclusions/Policy Implications
These new rules will place substantial, new burdens on any company doing business with citizens of the EU and will, in particular, conflict with standards development and business in China. The clash between these two approaches

Conclusions/Policy Implications
The IoT is a complex sociotechnical system comprised of a plurality of actors, networks, institutions, and contexts, and efforts to regulate privacy are likely to continue at a variety of levels and contexts rather than as a global, coordinated approach.
Thus, a global view may be superficial Likely to impact standards development