Abstract

The rapid proliferation of connected devices has the potential to transform and enrich our lives and to drive significant productivity gains in the broader economy. However, the lack of sufficient security in many “Internet of Things” (IoT) devices creates a meaningful risk to consumers and to the basic functionality of the Internet. The increasingly frequent and high-profile cyberattacks, often fueled by insecure IoT, are driving governments globally to develop responsive policy measures. This paper provides a qualitative survey of the current public policy and emerging regulatory frameworks facing consumer IoT devices in the European Union (EU) and the United States (US). For each geography, we provide an overview of the current regulatory landscape, as well as emerging policy developments, primarily in the area of IoT security and to a lesser extent IoT privacy. In so doing, we develop a broad comparison of the two jurisdictions that draws out the commonalities and differences. We accomplish this through a survey of each jurisdiction’s “hard” and “soft” law applicable to IoT as well as an examination of proposed or otherwise developing policies in the jurisdiction. While existing surveys of individual jurisdictions help develop a clear picture for those countries or regions, a broader perspective on IoT security and privacy policy is needed, given the global nature of the security challenges posed by insecure IoT as well as the global market for IoT devices. It has become clear that no single government or industry actor will be able to alone address the problem of insecure IoT, and cooperation and consensus across borders and industries are needed to more fully address the problem and to fully realize the promised benefits of IoT. This paper provides a first step in developing that broader perspective through a survey and comparison of the current policy approaches in the EU and US. This understanding is essential to formulating coherent and effective policy responses to the problems that arise from insecure IoT. We find that although there is broad recognition of the risks associated with insecure IoT among policymakers in the EU and the US, each government is approaching how to address these risks quite differently, particularly in how they view the role of government visa vie the role of industry and market forces. Not surprisingly, US policymakers currently see industry-led initiatives and a close partnership with industry as the preferred approach, while the EU is approaching these challenges through more centralized, government-led efforts. However, looking beyond the “how,” there is substantial agreement on the “what” – the specific technical areas that must be addressed to improve IoT security. We conclude by identifying the risks these varied approaches create to the promised benefits of IoT as well as the need to expand the analysis to include Asian jurisdictions, particularly China.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.