Upload
prashant-gandhi
View
215
Download
2
Embed Size (px)
Citation preview
The Internet of Things (IoT)
in national ICT policies:
China and the European Union
Jenifer Sunrise WinterSchool of Communications
University of Hawai‘i at Manoa
Overview
• Internet of Things
• IoT and the u-societies in national ICT plans
– China’s 12th 5-year plan
– European Union’s i2010– European Union’s i2010
• Policy implications, particularly focused on
global regulation of privacy
– Global impacts of pending EU general data
protection regulation (~2014)
The Internet of Things (IoT)
• An emerging infrastructure that employs radio
frequency identification (RFID), near field
communication (NFC), and related technologies to
“enable the Internet to reach out into the real world
of physical objects” (Internet of Things Conference, of physical objects” (Internet of Things Conference,
2010).
• A variety of developments in which everyday objects
can be tagged, and using standards enabling unique
identification, communicate over the Internet.
• Next-generation infrastructure for the Internet
IoT and u-societies in
national policy strategies
• Ubiquitous Network Societies
– Japan and Korea’s “u”-strategies (2004-2010)
• IoT is increasingly seen as a priority in national • IoT is increasingly seen as a priority in national
ICT strategies, but legislation is scarce.
• EU –i2010 policy framework for the information
society and media (2005-2010)
• China – 12th Five Year Plan (2011–2015)
China and the IoT
• Strong, coordinated, national strategic development
– IoT figures prominently in China’s 12th Five Year Plan.
• Premier Wen Jiabao (August 2010) announced that IoT is central to China’s ICT plans.
– Internet of Things Center established in Shanghai (2010)
– City of Wuxi planned as IoT industrial park (and national R&D – City of Wuxi planned as IoT industrial park (and national R&D center), with other cities in Jiangsu also focused on IoT.
– Guangdong focusing on standards development, ties to Macau and Hong Kong.
– Investing 5 billion yuan ($800 million) in IoT by 2015.
– MIIT estimates China’s IoT market at 1 trillion yuan ($166 billion) by 2020.
China and the IoT: Challenges
• China aims to lead the race for international
standards development to define the market.
– Lack of standardization at various levels hinders
growth of the industry
Promote IPv6 adoption• Promote IPv6 adoption
– Currently slow
• Network security and personal privacy issues
not a key focus
European Union and the IoT
• Has focused on the IoT since 2005, when the EU’s
Directorate, General Information Society and Media
shifted from (CORDIS, 2012)
• Additional, funded research on IoT in 2009-2010 (Call
5 of FP7-ICT) and 2011-2012 (Call 7).
• From the start, linked to privacy concerns.
Privacy Challenges specific to IoT
1. Small components are not necessarily visible. One
potentially does not know when and where data is
being collected.
2. Billions of everyday objects, or even the human
body itself, can be equipped with networked body itself, can be equipped with networked
sensors. Many new types of data can be collected.
3. Machine intelligence may be used both to collect
and to analyze this data.
4. Part of a global Internet-based system, these data
can potentially be aggregated and linked to other
personally-identifiable records.
EU – Privacy and the IoT
• EU privacy directive – broad, omnibus
protections for personal privacy
• RFID-specific consideration with the Privacy
and Data Protection impact Assessment and Data Protection impact Assessment
Framework for RFID Applications (Jan 12
2011).
Pending data protection regulation
• EU general data protection regulation
– A single data protection law for the EU (~2014)
will repeal national data protection laws
– Article 3 addresses the territorial scope and – Article 3 addresses the territorial scope and
relates to processing of personal data of those
residing in the EU during activities related to
offering goods or services, or otherwise
monitoring behavior (Balboni, 2012)
Pending data protection regulation
• Lawful data processing requires (Balboni, 2012):
1. Explicit consent
2. “Right to be forgotten”
3. Data portability3. Data portability
• Entities handling EU personal data must demonstrate
compliance.
• Fines of up to 1,000,000 Euros or up to 2% of
companies’ annual, worldwide sales.
New questions arising from the EU
data protection revisions
• Questions remain as far as enforcement (as well
as the final form of the new regulation)
– Is erasing data feasible?
– How will (can) transparency work in an IoT – How will (can) transparency work in an IoT
environment?
– Will penalties be enforceable?
Conclusions/Policy Implications
• These new rules will place substantial, new
burdens on any company doing business
with citizens of the EU and will, in
particular, conflict with standards
development and business in China.
• The clash between these two approaches
Conclusions/Policy Implications
• The IoT is a complex sociotechnical system
comprised of a plurality of actors, networks,
institutions, and contexts, and efforts to
regulate privacy are likely to continue at a regulate privacy are likely to continue at a
variety of levels and contexts rather than as a
global, coordinated approach.
– Thus, a global view may be superficial
– Likely to impact standards development