Little Things and Big Challenges: Information Privacy and the Internet of Things

Abstract

IntroductionThe of (IoT) is part of our lives in countless ways- some are welcome and intentional, such as trackable fitness devices, home security alert systems, or cars that can be unlocked and started remotely; others are unintentional and may cause concern to consumers, such as connected toys that can listen to our kids, or technologies capable of tracking our whereabouts or our shopping habits without our knowledge. The rapid growth of IoT has prompted incredible technological advances along with thorny regulatory issues, specifically in area of information privacy. Traditional regulators of privacy, specifically Federal Trade Commission (FTC), have stretched to apply traditional tools to regulate unprecedented technological advances and privacy challenges they bring. An analysis of latest FTC cases and outcomes reveals an independent agency retooling investigative and enforcement methods and priorities to establish new expectations for how fair information practices and principles will be applied to new technologies.The FTC, like technological advances it has stretched to keep pace with, has been increasingly progressive in its recent decision-making terminology. This Article uses recent, seminal FTC cases and outcomes to demonstrate how FTC has developed new information privacy framework, most recently expressed as concept of unfair tracking, by modifying traditional legal concepts. The FTC has significantly expanded its role as primary reviewer of information privacy matters raised by IoT, while attempting to balance philosophy not to impede advance of technology comprising IoT. This Article reviews recent FTC efforts to regulate IoT and provides critical commentary on how FTc might proceed.To best understand genesis of recent FTC actions on IoT data collection, Part i describes what makes up ioT, how pervasive ioT has become in our lives and, perhaps most importantly, how it will continue to innovate at rapid pace. Parts II and III of this Article describe some unprecedented benefits and unprecedented challenges confronting regulators of information privacy in today's IoT age, including how to protect individual privacy rights without undermining innovation and promise connected world of IoT brings.Part IV provides an in-depth critical review of four key FTC cases attempting to strike this sort of balance: In re Nomi Technologies, Inc.,1 United States v. InMobi Pte Ltd..,2 In re Turn, Inc.,5 and FTC v. VlZIOi Initially, FTC applied its traditional section 5 deception jurisprudence in novel way to advance traditional notions of privacy, but it has recently transitioned to new paradigm in form of cause of action for unfair tracking, starting with VIZIO. However, this Article concludes that this new standard could prove either too anemic or, alternatively, overbroad, without proper shepherding by FTC. It is only with proactive guidance to supplement its traditional reactive enforcement that little things of IoT can overcome big information privacy challenges IoT creates.I. IoT: A Big Connection of Little ThingsThe term Internet of Things (IoT) has been defined in variety of ways. In broadest sense, phrase encompasses everything connected to [I]nternet, but it is increasingly being used to define objects that 'talk' to each other.5 A simple definition of IoT is the concept of basically connecting any device with an on and off switch to (and/or to each other).6 Oxford Dictionaries define it as [t] he interconnection via of computing devices embedded in everyday objects, enabling them to send and receive data.7 Others define IoT as the ability of one device to connect to other devices through wireless data infrastructure8 or a system of devices and things that are implanted with sensors, software and electronics to initiate exchange and collection of data and information. …