The Internet of Things (IoT) — innovative physical products that work in connection with online networks — is on track to affect nearly every field of business and every facet of life. While the promise of these innovations seems boundless, the growing use of IoT devices raises a host of novel legal questions, many of which delve into uncharted territory.
A New Industrial Revolution With the goal of improving the efficiency, productivity, and simplicity of our everyday lives, internet-connected physical objects that surround us are increasingly embedded with technology to enable data collection and transmission about their use and their surroundings. Throughout the home and in stores and everywhere in between, these devices are tracking and gathering information, and communicating with users, other computers, and IoT objects to streamline processes and reduce waste and costs.
For the companies already exploring the innovative ways to leverage the connectivity of their products, IoT devices give businesses a deeper understanding of their customers and their products. Companies can then use these insights to modernize and create new revenue models that complement their existing businesses, or to help customers make more informed and convenient purchases. At the same time, customers can use IoT devices to automate routine, everyday processes.
IoT is potentially a win-win for both businesses and end users. But while data gathered by these connected devices presents some of the greatest opportunities, it also poses some of the bigger legal challenges.
“Across industries — everywhere from construction to agriculture, from aviation to transportation — consumer and industrial brands alike are dipping their toes into the IoT pool,” observes Stephanie Sharron, a technology transactions partner in Morrison & Foerster’s Palo Alto office. “Companies need to know that with any kind of new technology that bridges traditional industries with new innovations, planning for the legal complexities is important — product liability, regulatory compliance, intellectual property, data protection and cybersecurity all converge with the IoT.”
Read more >>>
Industrial IoT In the construction and transportation industries, industrial IoT devices provide both manufacturers and customers with more information about how their equipment is used and maintained — everything from machine hours and fuel consumption to engine load and idle time. This information is leveraged to improve operational efficiency, optimize and predict maintenance, and even open up new potential shared economies.
“Think about Airbnb and other companies that have successfully created sharing economies out of existing products,” Ms. Sharron explains. “Now imagine how other industries could leverage underutilized assets, such as sharing a piece of equipment sitting idle at a customer’s facility, which ultimately makes that equipment much more valuable but also less expensive to operate.”
Retail IoT In retail settings, IoT informs consumer brands about in-store experiences or helps improve payment experiences at point of sale. WiFi-enabled sensors placed throughout the home, such as the Amazon Dash button, enable push-to-order product purchases without ever logging onto a computer or smart phone.
Automated Technologies On the road, IoT features in automobiles are competitive differentiators, and self-driving cars are within arms’ reach. These technologies hold the promise of improving driving safety. Yet challenging questions from both a legal and an ethical viewpoint are already arising. Which choices should be left to the driver, and which should be made by the car? Courts undoubtedly will grapple with issues of allocating responsibility for harm that may arise from reliance on or use of autonomous technologies.
The Legal Complexities of Greater Connectivity Until recently, most IoT devices offered just bilateral connectivity and operability between the manufacturer and user, and the data remained siloed. Today, taking an action with one IoT device can trigger a host of actions by other IoT devices, including those manufactured by different companies. For example, a proximity sensor in your phone can cause your garage door to open. That, in turn, sends signals to your home’s IoT devices to unlock the front door, adjust the temperature and turn on the lights.
This improved interoperability between products and services and new industry standards allow data to move more seamlessly and securely. However, as Ms. Sharron cautions, “companies must consider the broad range of issues with respect to the data collected, used, and shared, including whether they have adequate rights based on current policies and contractual relationships, and take a holistic view of these issues across geographies.”
IoT innovations pose unique legal challenges as products manufacturers expand from physical products to connected devices. Manufacturers also need to consider potential failures of connected devices and analyze how novel failure modes may or may not fit within traditional forms of product liability.
“The products liability implications that will be placed on manufacturers is currently an open question,” states Erin Bosman, a partner in Morrison & Foerster’s San Diego office and chair of the firm’s Product Liability Practice Group. “As lawyers, we need to anticipate the most likely outcome of future court cases so we can help minimize potential exposure for our clients.”
One of the greatest challenges facing IoT product manufacturers centers on the data being generated and collected: What obligations and risks does that data present for manufacturers?
“Consider a household product, like a toy that is now connected to the Internet,” Ms. Bosman says. “Instead of simply having a product that is self-contained, you now have a product that is vastly different than a packaged toy. This changes the product landscape for failure to warn and other traditional torts.”
For example, how will government regulators treat a product that is both software and hardware? Software hasn’t historically been subject to product liability claims, but — as IoT becomes more prevalent — the courts may determine that software integrated into a connected product should be. Courts may also find that, because connected devices allow for more opportunities for interactions with a product’s user, IoT devices expand the manufacturer’s duty to warn users about potential safety issues.
Regardless of industry, companies need to examine the legal issues that apply to each stage of an IoT product’s life cycle, including third-party business and commercial relationships.
“As with any kind of new technology that bridges traditional industries with new innovations,” Ms. Sharron notes, “planning for these complexities is vital.”
Transforming Financial Services For its part, the financial service industry has also come to increasingly rely on IoT devices. The widespread availability of smart, inexpensive connected devices has enabled financial service providers to develop individualized products that seamlessly address their customers’ financial needs.
“This is a new frontier for banks and non-banks, such as FinTech companies,” says Sean Ruff, of counsel in Morrison & Foerster’s Washington, D.C. office and co-chair of the firm’s FinTech Practice. FinTech, or financial technology, is the marriage of financial services and technology.
Depending on the specific application, FinTech products — and their symbiotic relationship with IoT technology—can make banking more efficient, streamline the payment process, help clients manage their money and facilitate lending. Companies such as Square and Stripe deliver online mobile payment systems, Robinhood is a commission-free mobile brokerage firm and crowdfunding sites like Kickstarter all enable integration with IoT technologies.
IoT and the FinTech Revolution The growing reliance on IoT devices also seems to parallel the rise of FinTech companies in the wake of the intensified regulation of more traditional financial services.
“Since the recession, the regulatory scrutiny of banks — especially the top 10 banks—has intensified in terms of enforcement actions and supervisory controls. This has resulted in more conservative practices, which in turn has presented an opportunity for some companies in the Silicon Valley to fill the gaps,” explains Obrea Poindexter, a partner in Morrison & Foerster’s Washington, D.C. office, co-chair of the firm’s Financial Services Practice Group and co-chair of the FinTech Practice.
“We’re at a point where a number of FinTech start-up companies have been very successful,” observes Ms. Poindexter. “Many startups are receiving significant funding from bankers and venture capitalists.” They’re using the funding to branch into several sectors, including payments, marketplace lending, wealth management, and blockchain technology.
Blockchain Technology Blockchain, which is the distribution ledger underlying Bitcoin, creates a collection of data records, or blocks, stored on interconnected computers that may or may not be in the same location. Experts regard the technology as virtually unhackable, which makes blockchain an enticing solution for financial institutions seeking to authenticate users and their financial transactions.
Blockchain technology can also be used to simplify the transactional and contracting process, an approach referred to as “smart contracting.” As Ms. Sharron puts it, blockchain “creates a chain of trust that more quickly enables transactions without having to go through the same kind of back office payment process that’s required today.”
All of this will enable both those within and outside of financial services to operate in an invisible, frictionless environment.
“My kids, for example, are growing up in a world where they won’t experience debit and credit cards the same way I did,” notes Mr. Ruff. “Because of IoT, most of it will be invisible. It won’t happen overnight, but within the next year or year and a half, you’ll be seeing more IoT devices integrating such things as invisible payments and money transmissions.”
FinTech’s Regulatory Challenges Ironically, while regulatory oversight of traditional financial institutions contributed to the FinTech boom, state and federal regulations represent the biggest challenge to the future of FinTech in the United States. These regulations may raise similar questions about the use of IoT devices by financial service providers.
Today, many of the regulations affecting non-depository financial service companies are at the state level. This presents a unique legal challenge for FinTech companies. For instance, “almost every state has money transmitter laws requiring compliance by non-banking situations that move money,” Mr. Ruff explains. “As a result, companies typically need to be licensed in each state in which they operate. This means that a FinTech company that moves money, either for a business or a person, could require a license in every single state in which it operates. The licensing process can take from nine to 12 months, or even longer in some cases. It’s also expensive.”
Some FinTech companies have started to partner with banks, which in many instances would not require a company to be licensed in every state. This, too, comes with its own set of challenges. “From a business standpoint, it’s a challenge because FinTech companies have to rely on the banks, which are more conservative in their practices,” Ms. Poindexter explains. “It’s also challenging because regulators are looking closely at these partnerships between banks and FinTech companies.”
Congress has started to consider whether FinTech companies should be more strictly regulated, and the Office of the Comptroller of the Currency, an independent bureau of the U.S. Treasury Department, has issued a white paper requesting comments on what it calls “responsible innovation.”
“These are building blocks laying the groundwork for some type of rulemaking,” says Ms. Poindexter.
“The push and pull today in the regulatory space is, ‘Are we doing enough? But at what point are we doing too much and restricting innovation?’” he says. “That’s a hard, fine line to find in the United States, particularly given the non-centralized way we regulate financial services.”
Multidisciplinary Legal Approach Required Needless to say, products or services that straddle the line between FinTech service and IoT device face the dual complexity which comes from operating in not one but two areas where the law is relatively immature. Each is revolutionizing how businesses operate and how people live their lives, while also bringing about regulatory changes.
Whether it’s a long-established company or a new start up, IoT and FinTech present a confluence of legal issues — including regulatory compliance, IP management, data protection and cybersecurity and commercial and technology transaction risk mitigation ― that businesses must address before going to market with a new product.
Well-represented IoT and FinTech companies can turn these challenges into opportunities by building strong IP and compliance protections early on — when the implementation costs are lower — to ensure that they are in the strongest possible position to navigate the numerous challenges bound to arise in a strategic transaction, be it a private investment, merger, acquisition, or IPO.
Call to action?
Cross-promote Blockchain or anything else?
©1996-2016 Morrison & Foerster LLP. All rights reserved.