The Internet of Things (IoT)

in national ICT policies:

China and the European Union

Jenifer Sunrise WinterSchool of Communications

University of Hawai‘i at Manoa

Overview

• Internet of Things

• IoT and the u-societies in national ICT plans

– China’s 12th 5-year plan

– European Union’s i2010– European Union’s i2010

• Policy implications, particularly focused on

global regulation of privacy

– Global impacts of pending EU general data

protection regulation (~2014)

The Internet of Things (IoT)

• An emerging infrastructure that employs radio

frequency identification (RFID), near field

communication (NFC), and related technologies to

“enable the Internet to reach out into the real world

of physical objects” (Internet of Things Conference, of physical objects” (Internet of Things Conference,

2010).

• A variety of developments in which everyday objects

can be tagged, and using standards enabling unique

identification, communicate over the Internet.

• Next-generation infrastructure for the Internet

IoT and u-societies in

national policy strategies

• Ubiquitous Network Societies

– Japan and Korea’s “u”-strategies (2004-2010)

• IoT is increasingly seen as a priority in national • IoT is increasingly seen as a priority in national

ICT strategies, but legislation is scarce.

• EU –i2010 policy framework for the information

society and media (2005-2010)

• China – 12th Five Year Plan (2011–2015)

China and the IoT

• Strong, coordinated, national strategic development

– IoT figures prominently in China’s 12th Five Year Plan.

• Premier Wen Jiabao (August 2010) announced that IoT is central to China’s ICT plans.

– Internet of Things Center established in Shanghai (2010)

– City of Wuxi planned as IoT industrial park (and national R&D – City of Wuxi planned as IoT industrial park (and national R&D center), with other cities in Jiangsu also focused on IoT.

– Guangdong focusing on standards development, ties to Macau and Hong Kong.

– Investing 5 billion yuan ($800 million) in IoT by 2015.

– MIIT estimates China’s IoT market at 1 trillion yuan ($166 billion) by 2020.

China and the IoT: Challenges

• China aims to lead the race for international

standards development to define the market.

– Lack of standardization at various levels hinders

growth of the industry

Promote IPv6 adoption• Promote IPv6 adoption

– Currently slow

• Network security and personal privacy issues

not a key focus

European Union and the IoT

• Has focused on the IoT since 2005, when the EU’s

Directorate, General Information Society and Media

shifted from (CORDIS, 2012)

• Additional, funded research on IoT in 2009-2010 (Call

5 of FP7-ICT) and 2011-2012 (Call 7).

• From the start, linked to privacy concerns.

Privacy Challenges specific to IoT

1. Small components are not necessarily visible. One

potentially does not know when and where data is

being collected.

2. Billions of everyday objects, or even the human

body itself, can be equipped with networked body itself, can be equipped with networked

sensors. Many new types of data can be collected.

3. Machine intelligence may be used both to collect

and to analyze this data.

4. Part of a global Internet-based system, these data

can potentially be aggregated and linked to other

personally-identifiable records.

EU – Privacy and the IoT

• EU privacy directive – broad, omnibus

protections for personal privacy

• RFID-specific consideration with the Privacy

and Data Protection impact Assessment and Data Protection impact Assessment

Framework for RFID Applications (Jan 12

2011).

Pending data protection regulation

• EU general data protection regulation

– A single data protection law for the EU (~2014)

will repeal national data protection laws

– Article 3 addresses the territorial scope and – Article 3 addresses the territorial scope and

relates to processing of personal data of those

residing in the EU during activities related to

offering goods or services, or otherwise

monitoring behavior (Balboni, 2012)

Pending data protection regulation

• Lawful data processing requires (Balboni, 2012):

1. Explicit consent

2. “Right to be forgotten”

3. Data portability3. Data portability

• Entities handling EU personal data must demonstrate

compliance.

• Fines of up to 1,000,000 Euros or up to 2% of

companies’ annual, worldwide sales.

New questions arising from the EU

data protection revisions

• Questions remain as far as enforcement (as well

as the final form of the new regulation)

– Is erasing data feasible?

– How will (can) transparency work in an IoT – How will (can) transparency work in an IoT

environment?

– Will penalties be enforceable?

Conclusions/Policy Implications

• These new rules will place substantial, new

burdens on any company doing business

with citizens of the EU and will, in

particular, conflict with standards

development and business in China.

• The clash between these two approaches

Conclusions/Policy Implications

• The IoT is a complex sociotechnical system

comprised of a plurality of actors, networks,

institutions, and contexts, and efforts to

regulate privacy are likely to continue at a regulate privacy are likely to continue at a

variety of levels and contexts rather than as a

global, coordinated approach.

– Thus, a global view may be superficial

– Likely to impact standards development