SEMINAR REPORT ON

INTERNET OF THINGS (IoT) - Legal Issues, Opportunities

& Challenges

SUBMITTED FOR THE PURPOSE OF SEMINAR ASSIGNMENT

THIRD SEMESTER, AUTUMN, 2018

LL.B. (HONS.) IN INTELLECTUAL PROPERTY LAW

AT RGSOIPL – IIT KHARAGPUR

UNDER GUIDANCE OF: SUBMITTED BY:

Dr. T.K. Bandyopadhyay CHINMOY MISHRA – 17IP63011

 DECLARATION

This is to certify that the present seminar paper entitled “INTERNET OF THINGS
(IoT) - Legal Issues, Opportunities & Challenges” embodies the original research work
carried out by Chinmoy Mishra under my supervision and guidance. This work is submitted to
Rajiv Gandhi School of Intellectual Property Law, IIT, Kharagpur for evaluation purpose.

..........................................
Supervisor
Dr. T.K. Bandyopadhyay,
Associate Professor,
Rajiv Gandhi School of Intellectual Property Law,
IIT, Kharagpur.

..........................................
Seminar in Charge
Dr. Padmavati Manchikanti,
Professor, Dean,
Rajiv Gandhi School of Intellectual Property Law,
IIT, Kharagpur.

ii
Acknowledgment.

I am indebted to Dr. T.K. Bandyopadhyay, Associate Professor, Rajiv Gandhi School of

Intellectual Property Law, IIT Kharagpur, for providing the precise outline to approach the topic,
inputs with respect to the preparation of skeleton and comments for improvement of the report.

CHINMOY MISHRA

30th October 2018,

Kharagpur.

iii
 Table of Contents

Cover page i
Declaration ii
Acknowledgment iii
1. What is IoT? 1
2. IMPACTS OF IoT ON MARKET 2
2.A HOME APPLICATIONS 2
2.B HEALTHCARE & MEDICAL SERVICES 3
2.C RETAIL INDUSTRY 3
2.D AUTOMOBILE INDUSTRY 4
2.E SHIPPING & LOGISTICS 4
2.F SMART CITIES 5
3 LEGAL ISSUES & CONCERNS 6
3.A PRIVACY & INFORMATION PROTECTION 6
3.B NET NEUTRALITY 8
3.C PATENTS 11
3.D INFORMATION OWNERSHIP 12
3.E FORMATION & VALIDITY OF CONTRACTS 14
3.F JURISDICTION 15
3.G SECURITY 16
3.H PRODUCT LIABILITY & CUSTOMER SAFETY 17
4 Internet of Things (IoT) Cybersecurity Improvement Act of 2017(US) 19
5 General Data Protection Regulation (GDPR) (EU), 2016 21
5.a Increased Territorial Scope 21

5.b Penalties 22

iv
5.c Consent 22
5.d Information Subject Rights 23
5.e Right to Access 23
5.f Right to be Forgotten 23
5.g Information Portability 24
5.h Privacy by Design 24
5.i Information Protection Officers 24
6 Draft policy related to IoT (INDIA) 25
6.A.a Smart City 25
6.A.b Smart Water 26
6.A.c Smart Environment 26
6.A.d Smart Health 26
6.A.e Smart Waste Management 27
6.A.f Smart Agriculture 27
6.A.g Smart Safety 27
6.A.h Smart Supply Chain & Logistics 27
6.B Governance Structure 27
6.B.a Advisory Committee 27
6.B.b Governance Committee 28
6.B.b Program Management Unit 28
7 Effect of Aadhaar Judgement 29
8 Conclusion 31
Bibliography 32

v
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 1

INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges

What is IoT?

For simple understanding, the incorporation of devices which can interact with one another and

perform jobs useful to humans, where all these devices to be linked through a sensing device and

that connection is to aid the Device to partake in a bigger system where different devices can

interact with each other can be said as Internet of Things (IoT). ‘Things’ in the IoT sense, can

mean a wide diversity of devices such as heart monitoring implants, biochip transponders on farm

animals, electric clams in coastal waters, automobiles with built-in sensors, DNA analysis devices

for environmental/food/pathogen monitoring or field operation devices that assist fire troopers in

search and rescue operations etc. These devices collect useful information with the help of many

technologies and then automatically stream the information between other devices.

A simple notice on the news regarding the IoT today will reveal that every big market

players in the field of IT and technology industry are targeting to assert its dominance in IoT. Big

names in this area are not only operating on evolving business models and vendible applications

of the IoT but also focusing on developing principles and procedures for those succeeding in their

footsteps. The Government of India also published a ‘draft on Internet of Things Policy' in 2015,

with the goal of encouraging the formation of an IoT ecosystem, and the expansion of IoT

products specific to Indian requirements in various domains like agriculture, health, water quality,

and natural disasters among many things. Similarly, many Governments today are also coming

round up to the perspective of Machine to Machine (M2M) communication in resolving urban

issues and are increasingly employing the concepts such as smart cities, smart power grids etc.

Global giants like Facebook, Google, Samsung, Apple, Microsoft and many more whether

involved in the business of manufacturing devices, providing network solutions to software

RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 2

development have financed deeply in the prospect of IoT and with estimations that IoT will see a

progress of over 400 % over a few years1, the scope for profit from such investment is

unimaginable.

Imagine the below situation:

• Your alarm clock alerts the coffee-maker as soon as you wake up, and the coffee maker is

prepared with your cup of coffee.

• The coffee maker sends the ready signal to your car, after you pick up your coffee from the

machine, to set the temperature inside it to your preferred levels by the time you are set

to drive to work.

• As soon as you enter your car, it gets the latest information from traffic management

system and displays the most efficient route to your office and also reserves a nearest

possible parking spot for you at your office.

• As soon as your car nears the office building, it, in turn, signals your offices' electrical

switches to be switched on and signal your computer to prepare your daily schedule.

There is no limitation to the above imaginary scenario and yet all of them can still become reality,

and that is the beauty of IoT.

2. IMPACTS OF IoT ON MARKET

A. HOME APPLIANCES:

From security applications such as instruments which are proficient in sensing fires and

intrusions, control doors and locks at home to luxury features that allow one to control

heating, lighting and many more of smart instruments, service providers associated to

home automation continuously have somewhat fresh to offer the customers.

1
IoT market potential for Canada, available at “http://www.marketwatch.com/story/internet-of-things-presents-
enormous-untapped-potential-for-canadian-businesses-2016”

RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 3

B. HEALTHCARE SYSTEM & MEDICAL FACILITIES:

Predictions for the use of IoT in the health care systems are very extensive and can be in

form of a device like ‘GlowCaps’2 (“internet enabled medicine bottle caps, which can send a

patient reminders about taking medicines regularly, refilling prescriptions and even

scheduling doctor’s visits”), to isolated healthcare systems which offer efficient observing

of a patient’s medical statistics, using devices that routinely collect and analyze

information on a regular interval. The usage of wearable devices which can monitor

information such as the heart rate, sleep cycles and activity logs of patients is also a vital

feature of IoT in the medical industry.

C. RETAIL INDUSTRY:

With possible uses in supply chain management, customer experience, and new channels

and revenue streams, IoT is set to transform the retail sector.3 Few of the advantages of

IoT are:

• Supply Chain Inventory/Warehouse Administration – Data about readiness,

carriage, carriage timelines, wear & tear and state of raw materials and final

products, being made accessible on a concurrent basis, by connecting the

raw materials to the retailer, using RFID.

• Marketing and In-store experiences – RFID tags and analogous catalog

management structures are already used widely in the retail domain.

• Smart Store Windows – Upsurge in smart store windows which gather and

examine data about the number of customers that stop and view a window

2
Glowcaps products, available at http://www.glowcaps.com/product/

3
Digital Disruption, available at “https://www.accenture.com/in-en/insight-internet-things-revolutionizing-retail-
industry.aspx”

RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 4

display, resulting in a better valuation of market tendencies.

D. AUTOMOBILE INDUSTRY:

In today’s domain of linked vehicles and linked drivers, IoT has led to one of its most

spoken of the topic, “the Internet of Cars”. These linked vehicles use instruments, software

applications, operating systems, information and analytics software, speech recognition

software and a numerous number of the latest technology to offer a continual stream of

data about everything from traffic and weather conditions, to driver/vehicle performance,

to both car owners and car companies.

Google has been testing a driverless car over the past few years4, and various other

technical organizations, for example, UBER and Apple are also said to be building up their

very own driverless technology.5 In the meantime, automobile manufactures have

additionally ventured into the competition, with Tesla asserting that they are just two

years from producing its own autonomous vehicles.6 Outfitted with sensors and programs

to detect objects on the streets, and drive around such objects, these vehicles are also

completely linked with their owners, with capabilities to park themselves, to be called by

their owners within a certain range.

E. SHIPPING & LOGISTICS:

The shipping and logistics business has been one of the most pertinent benefactors of the

massive progress in global trade in over last 20 years and supervision of freight whether at

4
“Google’s IoT push continues with London driverless cars, VR headset & Go AI match, available at
http://www.cbronline.com/news/internet-of-things/ smart-technology/googles-iot-push-continues-with-london-
driverless-cars-vr-headset-go-ai-match-4804528”

5
“Secrets of driverless Cars, available at http://www.theatlantic.com/technology/archive/2015/12/ driverless-
secrets/417993/”

6
“Tesla to produce driverless Cars in 2 years timeline, available at http://www.dezeen.com/2016/01/11/elon-musk-
predicts-completely-autonomous-driverless-tesla-cars-in-two-years/”

RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 5

sea or in the air, many miles away has been a vital part of the daily events of stakeholders

in this industry. Any mishandling of freight or even mishaps could result in massive losses.

IoT systems can go a great distance in reducing of the amount of mistake and over-watch

required in this business and market is gradually switching to internet and GPS based

solutions in order to track their consignments and safeguard that freight arrives in proper

condition at the terminus.

One of the primary instances of the usage of IoT in this area is in relation to the

food supply chain to control the quality of the food products. These methods can keep the

dealers conversant of the condition of the products, who can then safeguard that suitable

amounts of the products are present in a proper state for sending to consumers.7

F. SMART CITIES:

There are many big cities that have embraced IoT based systems to expand city planning.

These cities now have smart parking, lighting and traffic solutions that deliver people with

improved amenities and are moving to the objective of a totally linked “Smart City”:

“An ideal urban space where roads, street lamps, parking meters, traffic signals, toll

booths, weather instruments, waste management systems, cell phone communication

towers, and local government bodies are all able to communicate with each other.”

The Govt. of India has started on an aspiring strategy of creating 100 Smart Cities

which banks on profoundly on M2M technologies by using a smart grid, automated waste

management etc.8

7
“How the Internet of Things is Revolutionizing Food Logistics, available at
http://www.foodlogistics.com/article/11366603/food-and-more-for-thought-how-the-internet-of-things-is-
revolutionizing-food-logistics”

8
“Smart cities need institutional reforms for Pvt. participation, available at http://www.business-
standard.com/article/economy-policy/ smart-cities-need-institutional-reforms-for-pvt-participation-
116040800193_1.html”
RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 6

3. LEGAL ISSUES & CONCERNS

A. PRIVACY & INFORMATION PROTECTION

IoT’s association with Wearable devices creates tons of Information which have the

proficiency and the perspective to change everyone’s life mainly in the area of transport,

home automation, retail, and health. IoT will link more devices and more individuals to the

Internet, and ultimately enhance people to people connection. These instruments will

have the capability to know us individually, which will result in creating one of the most

debated issues of privacy. The second several machines start to interact with each other

there will be a huge volume of information that will be transmitted and conversed

between these devices and their users which will result in the disclosure of private data,

resulting concerns for privacy and data security. The key agreement that is required as

privacy laws for all states is free and informed consent. Procurement of consent from the

user in this circumstance becomes tough as a majority of programs are being run default

background settings and collecting private data as they are programmed to do so.

So the capability of the people to regulate the use of their private data or providing

informed consent results theoretically and lawfully thought-provoking. Also, the risk that

private data can be used for needs other than what it was initially planned for also rises.

The latest actions brought by the US FTC against TRENDnet gives a hint of possible mishaps

that may happen if actions are not taken to resolve the privacy issues that will damage IoT

networks. TRENDNet Company sold web integrated cameras which to be used for home

security, baby monitoring etc. The faulty software allowed unrestricted online viewing,

enabling hackers to post live videos of hundreds of customer cameras on the web,

displaying videos such as babies sleeping in their cribs and people performing their daily

RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 7

works.9

The European Commission has always been ahead in terms of addressing privacy

concerns of European citizens. The draft Data Protection Regulation was put forward by

the European Commission in 2012 and was agreed upon by the European Parliament and

the Council of the European Union in December 2015.10 The GDPR was accepted on 14

April 2016 and became enforceable since 25 May 2018. As the GDPR is a regulation, not a

directive, it does not require state govt. to pass any supporting legislation and is directly

obligatory and pertinent.11 This Draft Regulation states that “taking into account the state

of the art, the cost of implementation and the nature, scope, context and purposes of

processing as well as the risks of varying likelihood and severity for rights and freedoms of

natural persons posed by the processing’ a information controller must ‘both at the time of

the determination of the means for processing and at the time of the processing itself,

implement appropriate technical and organisational measures, such as pseudonymisation,

which are designed to implement information-protection principles, such as information

minimisation, in an effective manner and to integrate the necessary safeguards into the

processing in order to meet the requirements of this Regulation and protect the rights of

information subjects. Since IoT is still evolving, it may be cost effective for technology

developers from a compliance perspective to design wearables and its embedded software

is in such a way that they address privacy concerns. The cost of the product is an integral

9
“TRENDnet Cameras Still Have Gaping Security Holes, 3 Years After FTC Settlement, available at
http://fortune.com/2017/11/15/security-camera-hack-ftc-trendnet-dahua-belkin/”

10
“Agreement on Commission's EU data protection reform will boost Digital Single Market, available at
http://europa.eu/rapid/press-release_IP-15-6321_en.htm”

11
General Data Protection Regulation, available at
“https://en.wikipedia.org/wiki/General_Data_Protection_Regulation”

RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 8

reflection of product design”.

In the Indian context the provisions relating to information protection of individual

personal information are covered under the Information Technology Act, 2000 (“ITA”) and

the “Reasonable practices and procedures and sensitive personal information or

information Rules, 2011” issued under Section 43A of the ITA (as amended). Section 43A of

the ITA which deals with “protection of information in electronic medium by providing that

when a body corporate is negligent in implementing and maintaining ‘reasonable security

practices and procedures’ in relation to any ‘sensitive personal information or information’

which it possesses, deals or handles in a computer resource which it owns, controls or

operates and such negligence causes wrongful loss or wrongful gain to any person, such

entity shall be liable to pay damages by way of compensation to the person so affected.

The Rules, inter alia, provide guidelines to protect ‘sensitive personal information or

information’ in the electronic medium by a corporate entity which possess, deals or handles

such information.” The law order the fundamental rules of privacy law that the corporates

should get free assent together with certain security compliance. Since the law on

information protection in India is moderately modern, it does not give assurance of

individual data, in all circumstances, when utilized within the setting of IoT.

B. NET NEUTRALITY

Net impartiality is the standard that “all internet traffic is treated the same”, irrespective

of its nature or purpose. Net impartiality protects the open and uninterrupted Internet

access. As per this norm, no information can be selected over other. It means Internet

Service Providers (“ISP”) shouldn’t differentiate between varying types of data. Net

impartiality has been a much-debated topic in the USA between customer groups, govt.

officials and ISPs for more than a decade. “However, net neutrality has far-reaching
RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 9

implications outside the United States as bandwidth capacity to consumers is only

increasing, which would result in high-quality content being streamed seamlessly over the

internet. Without net neutrality, an ISP can charge a user more for using YouTube in

comparison to using Gmail”.

One of the many important facets for the success of IoT is the integration of various

systems, networks, and applications which are combined effortlessly. This will be a big

challenge without Net neutrality.12 Here, what has to be considered is how IoT and its

merger would be influenced in the event that there's no web Impartiality. There are

individuals who accept that having no web Impartiality might really be advantageous.

These groups argue that for IoT users and administrations, there's a few fascination in ISP's

being able to offer arranged activity for basic frameworks like supply chain management

and private security, where the unwavering quality of the association is fundamental.

When the systems are over-burden being able to shed non-important activity may be vital

for crisis administrations and the gadgets, they may depend upon.13 At the same moment,

there are advocates who emphatically say that not having web Impartiality will ruin future.

These groups contend that without web Independence ISP companies can find the

legitimate control to manipulate IoT gadgets that need to utilize their systems to

communicate with other gadgets. The individual who builds the chip in your car would

require the authorization of a portable carrier; so would the individual making computer

program to permit the iPhone to control all of the systems. These manufacturers of

systems and applications can have improved lawful and commercial prices, and many of

12
“What the Net Neutrality Ruling Means for The Internet of Things, available at http://www.machinetomachine-
technologyworld.com/articles/366860-what-net-neutrality-ruling-means-the-internet-things.htm”

13
“Network neutrality and the internet of things, available at http://paulwallbank.com/2014/01/16/network-
neutrality-and-the-internet-of-things/”
RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 10

these might never become a reality, which will affect the upcoming growth in our world of

devices being less connected.14

Communications and web services are still greatly regulated in India. Majority of

the laws were outlined decades ago and generally without consideration for new

conceptions. There are no precise rules that deal with web impartiality, but the Telecom

Department of Govt. of India does put a duty on all telecom operatives to deliver telecom

services in an unprejudiced manner till the govt. points opposite. This commitment is

portion of the Unified Permit which is the major permit that oversees of most the telecom

administrations in India. Bharti Airtel, one of the greatest telecom service suppliers in

India, presented a differential estimating model based on the sort of portable web. This

move was broadly described within the Indian media and got to be a petulant matter

among net web impartiality activists in India. As a result, the telecom controller

demonstrated that a method would be started to characterize the concept of web

impartiality in India and give adequate directions. The telecom controller issued a debate

paper on net impartiality and over the best services,15 getting an intense reaction from the

community, to a great extent as a result of an open campaign done by activists, and

sponsored by a number of well-known local businesses in India. After much talk, the

telecom controller as of late issued a direction that forbids ISPs from advertising data plans

to subscribers on the premise of the accessible content. The rules now prevents ISPs from

checking web traffic in an irrational manner or selecting one content over the other, thus

stopping ISPs from serving as doorkeepers to the web world.

14
“The Next Big Battle in Internet Policy, available at http://www.slate.com/articles/technology/future_
tense/2012/10/network_neutrality_the_fcc_and_the_internet_of_things_.html”

15
“The top services for net neutrality, available at http://www.trai.
gov.in/WriteReadinformation/ConsultationPaper/Document/OTT-CP-27032015.pdf”
RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 11

C. PATENTS

“In order for IoT and its convergence to exist and function properly, devices need to

communicate with each other for which devices need to use standardized technology.” This

may be required because different gadgets from different viable sources have to be

interfaced conjointly and the existing technology must permit the adding of gadgets.16 In

any case, in the event that uniform innovations are patented at this point, it'll create

obstacles for the advancement of IoT as any party receiving standardized innovation will

result in infringing patents of third-party proprietors. “Thus, it is essential that standard-

setting bodies take these factors into consideration while setting a standard and declare

such patents as standard essential patents (SEPs). The standard setting organization needs

to levy a condition on the SEP owner to license their patents to third parties on fair,

reasonable and non-discriminatory (FRAND) terms. Practice from the smartphone

business has revealed that assenting to FRAND terms is not constantly forthright. The fresh

series of lawsuits that have happened in the smartphone business is instigated by Micro-

soft, Apple and Google and also due of the point that, there are tons of 3G and LTE patents

and many of the owners are not makers but somewhat are the so-called trolls. However,

with the smartphone and telecom market providing a model, it is hoped that a suitable

way forward on some of these issues will soon be found”.17

From an Indian point of view, software applications per se are not patentable in

India. However, certain PC related creations, which include programmes could be

patentable in India but would need to be scrutinized in light of the "Guidelines for

16
“Patent issues and the Internet of Things, available at http://www.taylorwessing.com/
download/article_patent_iot.html”

17
Ibid

RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 12

Examination of Computer-Related Inventions" supplied by the Indian Patent Office.

Additionally, the Department of Industrial Policy and Promotion has issued a “Discussion

paper on Standard Essential Patents and their availability on FRAND terms”, engaging

participant remarks with a view to present an apt policy agenda to outline the onuses of

essential patent owners and their proprietors.18 It will be fascinating to see how this area

progresses when Indian patents would be examined as SEP alongside the FRAND

expressions which may be required by Indian patent owners.

D. INFORMATION OWNERSHIP

The architectural backdrop of IoT carries its peculiar set of information proprietorship

problems. As machines will be flawlessly linked and interacting with each other, a large

amount of information will be created. Google Nest is the best example to understand the

probable information ownership issues that might arise in the future. Google Nest

thermostat is a device that learns a person’s schedule, programs itself and can be

controlled from the phone. It is claimed that this technology can reduce your heating and

cooling bills up to 20%. Google Nest is currently coordinating with companies such as

Mercedes to develop cars that can constantly interact with Google Nest thermostat and

know what time a person will be arriving home and accordingly Google Nest thermostat

will adjust itself so that the instant you arrive you will have your desired temperature. Now

this communication between the car and Google Nest thermostat will involve multiple

sensors including geo-location sensors that will generate information. This information will

provide insights into a person’s habit such as preferred routes, arrival timings, fuelling

habits etc. This information could be a great treasure for advertisers which can possibly

18
Standard Essential of Patents, available at “http://www.ipindia.nic.in/Whats_New/standardEssentialPa-
per_01March2016.pdf”

RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 13

take targeted advertising to another level.

As per Indian Context, in the copyright law doctrines, a joint ownership in a

copyrighted work is created when an art is done by two or more authors with a purpose

that their efforts should be combined with each other. This rule does not look into the

angle of the number of commitments of each inventor, what is critical is the component of

intention of the inventors. One contention that can be made is that the simple reality that

two entities let their gadgets connected with each other and make data seem reflect the

deliberate of the parties to form joint possession. Be that as it may, there's no settled law

on this subject in connection to IoT and its union as per Indian laws. Again, issues may get

more complex and foggy when there are multiple devices interacting with each other

which comes about within the formation of data.

E. FORMATION & VALIDITY OF CONTRACTS

Information proprietorship, safety and confidentiality concerns hounding IoT can be

effectively resolved to a range by way of agreements between the machine creators and

the consumers and in a lot of scenarios, the agreements will be done between the

consumers and the creators by way of web based contracts such as click-wrap and shrink-

wrap agreements. “In case of a shrink-wrap agreement, the contracting party can read the

terms and conditions only after opening the box within which the product (commonly a

license) is packed. Thus, it becomes important to examine the validity of these contracts.

In the US, there have been instances where the courts have struck down specific terms of

contracts which were held to be immoral”. In the case of Comb v. PayPal, Inc19, the

California courts held that “the e-commerce agreement which obligated users to arbitrate

their disputes pursuant to the commercial rules of the American Arbitration Association

RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 14

which is cost prohibitive in light of the average size of a PayPal transaction is immoral”.

In India, e-agreements like all agreements are ruled by the rudimentary doctrines

principal contracts in India, i.e. the Indian Contract Act, 1872 (“Indian Contract Act”)

which “inter alia mandate certain pre-requisites for a valid contract such as free consent

and lawful consideration. What needs to be examined is how these requirements of the

Indian Contract Act would be fulfilled in relation to e-contracts”. In this situation, it is vital

to take note of the Information Technology Act, 2000 (“IT Act”) which provides protection

for the rationality of e-contracts. There is no obligation as per the Indian Contract Act to

get written contracts physically signed. However, particular laws do have signature

necessities. For example the Indian Copyright Act, 1957 states that “an assignment of

copyright needs to be signed by the assignor. In such cases, the IT Act equates electronic

signature with physical signatures. Further, unless expressly forbidden under any statute,

e-contracts like click-wrap agreements would be enforceable and valid in India if the

requirements of a valid contract as per the Indian Contract Act are fulfilled. In India, the

jurisprudence on the issue of whether standard form online agreements are immoral or

not is not very developed. However, Indian laws and Indian courts have dispensed with

instances where terms of contracts (including standard form contracts) were negotiated

between parties in unequal bargaining positions. However, in the case of immoral

contracts, the courts can put a burden on the person in the dominant position to prove

that the contract was not induced by undue influence”. When it comes to IoT, in common

there is tiny or no scope for debates to be held between the machine creator and the

consumers about the conditions of e-contracts.

19
218 F.Supp.2d 1165
RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 15

F. JURISDICTION

One of the key concerns that can come up in a disagreement between the machine maker

and the consumer is jurisdiction. The reason being the point at which numerous gadgets

are included there is a probability that such gadgets could be situated at various areas and

sometimes outside the territorial limits of a specific nation. In this manner, it would need

to be decided by the court (on a case to case premise) regardless of whether it has

jurisdiction to try the dispute. According to the customary rules of jurisdiction

determination, the courts in a nation have jurisdiction over people who are inside the

nation as well as to the exchanges and events that happen inside the natural borders of

the country. Hence in a web based world, if the gadget maker is offering its gadgets in a

specific nation straightforwardly to the clients, it might be required to defend any case

that may result in that nation. So, the machine maker must analyse the municipal rules

before advertising or vending its products or services as it might have the danger of being

sued in any jurisdiction where the goods are transacted or where the services are availed

of.

In the Indian context, In common many municipal laws offer for a “long arm

jurisdiction” as a result the practice of such municipal regulations have extra-territorial use

if an act or omission has caused in some unlawful or harmful consequence within the

region of the country. As per certain statutes of Indian laws which offer for extraterritorial

jurisdiction. Section 1(2) of the IT Act read along with Section 75 says that:

“-the Act shall extend to the whole of India and, save as otherwise provided under the Act,

it shall apply also to any or contravention thereunder committed outside India by any

person and

-the Act shall apply to any offense or contravention committed outside India by any person
RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 16

if the act or conduct constituting the offense or contravention involves a computer,

computer system or computer network located in India.”

Section 3 of the Indian Penal Code, 1869 says that “any person who is liable, by any Indian

law, to be tried for an offense committed beyond India shall be dealt with according to the

provisions of the IPC for any act committed beyond India in the same manner as if such act

had been committed within India.”

G. SECURITY

As IoT has become embedded in daily life, attainment by trade controls to private devices

and infrastructure such as transport and power, the safety concerns in these matters

become more composite and have severer concerns. “IoT and its convergence provide

hackers with more susceptibilities to exploit and create significant security risks. Such risks

could take a variety of forms, depending on the nature of the information and devices in

question. For example in the perspective of e-health, the collection and rapid exchange of

sensitive personal information in an interconnected and open environment not only

increases risks in respect of patient privacy, but also has the far more alarming potential to

endanger life if one takes the example of implanted medical devices administering drugs

on the basis of independent information inputs. A system failure or more sinister malicious

attack on such a device could have dire consequences”. In the area of energy, hackers can

mark smart meters to effect big shutdowns, and in the area of home-based safety, it takes

slight imagination to expect the latent effects of a system break down or a malevolent

attack.20

Big companies such as “Google and Cisco are aware of the security issues and are

20
“The Internet of Things: The Old Problem available at http://media.mofo.com/files/Uploads/Images/140320-The-
Internet-of-Things-Part-2.pdf”

RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 17

working to resolve the same. The best way to address security issues in devices is at the

designing stage itself and to frequently update the devices from potential new threats. In

addition, legal and legislative developments also need to take place in order to address the

above-mentioned security issues. The next question that needs to be answered is doing we

need a new law at the state level or is there a requirement for an international legislation.

One proponent has argued that in light of the various factual scenarios that can arise, it

appears to be hardly possible to come to a similar legal framework governing all sides”.

Besides, a diverse and different tactic might need to be accepted while outlining any law.21

H. PRODUCT LIABILITY & CUSTOMER SAFETY

Product accountability is the part of the rule in which creators, distributors, dealers, retail-

ers, and others who create goods accessible to the community are held accountable for

the damages those goods bring to property and physical harm. In the area of IoT, product

accountability has far-reaching concerns for machine manufacturers such as:

- Physical Hurt

- Property Damage

- Pecuniary Damage

If an IOT system faults, or if information or program is hacked or misplaced,

persons and trades might have overwhelming damages. Calculations of basic medications

may be missed or required medicinal treatments precluded or a breaking down fire alarm

that may not raise alarm to property holders of a fire. Such gadget malfunctions may result

from a instrumental defect as well as from a system inability to give correspondences as

required. In most common law jurisdiction product liability depends on conventional

standards of negligence or absolute liability or strict liability under tort law. A court in a

21 “Internet of Things – New security and privacy challenges, Computer Law & Security Review”
RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 18

product liability claim including an IoT gadget will utilize these standards to decide the

obligation of the producer of the gadget. Initially, product liability claims must be

demonstrated under the rule of negligence. With the end goal to demonstrate negligence

of a manufacturer, the consumer would usually need to prove a duty of care of the

manufacturer, breach of the duty of care, connection and damages. Notwithstanding, as

the law advanced courts worldwide over different jurisdiction began applying the rule of

strict liability in product liability matters, this standard is more inclined towards the

consumer. Under this rule, the maker is at fault if the item seems to be damaged,

regardless of whether the manufacturer was not careless in making that item defective.

The motive for courts embracing the strict liability principle is that a manufacturer can

foresee possible dangers in relation to the goods and take steps to protect the goods from

these threats, whereas a customer can’t. The price of a physical harm, pecuniary damage

or property harm when it comes to a customer is a adversity whereas a maker may protect

himself by way of product accountability insurance and this is an extra price of doing busi-

ness that can be circulated to the community.

In Indian the context, it might be vital for IoT system manufactures to procure and

shield themselves with product accountability protection and add this into deliberation

while doing the trade. Insurance agencies should search for offering customized product

liability insurance to IoT gadget makers, as in a few situations customary product liability

insurance may not totally secure the IoT gadget producers. In addition to strict liability and

related torts, India has a number of legislation including the Consumer Protection Act,

1986, which “protect consumers against defective products, poor services, anti-competitive

practices and prices, deceptive marketing (in the case of hazardous goods), among other

things. These consumer-oriented laws also provide for special courts/forums that work on a
RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 19

fast track basis and protect and allow consumers to sue and obtain remedies easily when

sold faulty products”.

4. Internet of Things (IoT) Cybersecurity Improvement Act of 2017(US)

The Internet of Things (IoT) Cybersecurity Improvement Act of 201722 is a bill before the U.S.

Senate that pursues to enhance the security of internet linked devices. The bill’s provisions

leverage federal purchasing power to expand the security of IoT devices by requiring, among

other things, IoT device, software, and firmware providers to certify compliance with specified

security controls and requirements relating to susceptibility patching and notification, unless such

contractors otherwise satisfy one of three waiver requirements. The bill also directs the

Department of Homeland Security (“DHS”) to issue vulnerability disclosure guidance for

government contractors; to amend federal statutes, specifically the Computer Fraud and Abuse

Act (“CFAA”) and Digital Millennium Copyright Act (“DMCA”), to exempt certain “good faith”

activities by cyber-security researchers; and require all executive branch agencies to maintain an

inventory of IoT devices active on their networks. Below is a summary and summarising of some

of the particulars of this bill.

The bill mandates that government agencies buying such products include in their procurement

contracts clauses that specify:

1. The contractor (the entity selling the IoT device) provide written certification that:

a) The device does not contain any known security vulnerabilities or defects that are listed

in the NIST information base of vulnerabilities or another such national information base.

b) All components are capable of being updated securely from the vendor.

c) Uses only industry standard protocols and technologies.

22
S.1691 - Internet of Things (IoT) Cybersecurity Improvement Act of 2017, available at
https://www.congress.gov/bill/115th-congress/senate-bill/1691/text?format=txt

RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 20

d) Does not include any fixed or hardcoded credentials used for remote administration,

delivery of updates, or communication.

2. That the contractor will notify the purchasing agency of any known security vulnerabilities

or defects subsequently disclosed to the vendor by a security researcher or of which the

vendor otherwise becomes aware for the duration of the contract.

3. Software or firmware components updated or replaced, consistent with other provisions

of the contract, in order to fix or remove a vulnerability or defect in the component in a

properly authenticated and secure manner.

4. A contractor requirement to provide repair or replacement in a timely manner in respect

to any new security vulnerability discovered through any of the “national information

bases”, or from the coordinated disclosure program.

5. A contractor requirement to provide the purchasing agency with information on the ability

of the device to be updated, such as:

a) The manner in which the device receives security updates.

b) The anticipated timeline for ending security support.

c) The formal notification when security support has ceased.

d) Any additional information recommended by the NTIA.

“Exceptions may be granted if the executive agency reasonably believes that the device has

severely limited functionality as defined. Within 180 days after enactment, NIST shall define what

this means”.

“Exceptions also exist for existing third-party security standards for devices that provide an

equivalent or greater level of security than that described above. These must be NIST qualified.

The same exceptions are available where agency security evaluations standards already exist.

The bill requires that not more than 180 days after enactment, the head of each executive agency
RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 21

establish and maintain an inventory of IoT devices used. OMB is instructed to issue guidelines for

the agencies for this inventory no later than 30 days after enactment and to work with the

Secretary of Homeland Security to do this”.

Though there are many weaknesses in this bill, it is a stride in the correct course. It is the

first of its kind bill which will deal with internet connected systems particularly. It also deals with

few limitations of the CFAA and DMCA in terms of genuine study.

5. General Data Protection Regulation (GDPR) (EU), 2016

Europe is now protected by the world's strongest information protection rules. The mutually

agreed General Data Protection Regulation (GDPR)23 came into force on May 25, 2018, and was

designed to reform laws that protect the personal information of individuals. Before GDPR started

to be enforced, the previous information protection rules across Europe were first formed during

the 1990s and had struggled to keep pace with quick technological changes. GDPR alters how

businesses and public sector organizations can handle the information of their customers. It also

boosts the rights of individuals and gives them more control over their information. The aim of the

GDPR is “to protect all EU citizens from privacy and information breaches in today’s information-

obsessed world. Although the key principles of information privacy still grip true to the previous

directive, many changes have been proposed to the regulatory policies; the key points of the

GDPR as well as information on the bearings it will have on business which can be seen below:

a. Increased Territorial Scope

Arguably the biggest change to the regulatory landscape of information privacy comes

with the prolonged jurisdiction of the GDPR, as it applies to all companies processing the

personal information of information subjects residing in the Union, regardless of the

23
“The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20
years, available at https://eugdpr.org/”

RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 22

company's location. Previously, the territorial applicability of the directive was vague and

referred to the information process in the context of an establishment. GDPR makes its

applicability very clear, it applies to the processing of personal information by controllers

and processors in the EU, regardless of whether the processing takes place in the EU or

not. The GDPR also applies to the processing of personal information of information

subjects in the EU by a controller or processor not established in the EU, where the actions

relate to offering goods or services to EU citizens (irrespective of whether payment is

required) and the monitoring of behaviour that takes place within the EU. Non-EU

businesses processing the information of EU citizens also have to assign a representative in

the EU.

b. Penalties

Organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20

Million (whichever is greater). This is the maximum fine that can be imposed for the most

serious infringements e.g. not having sufficient customer consent to process information

or violating the essential of Privacy by Design concepts. There is a tiered method to fines

e.g. a company can be fined 2% for not having their records in order (article 28), not

notifying the supervising authority and information subject about a breach or not

conducting an impact assessment. It is important to note that these rules apply to both

controllers and processors, meaning ‘clouds’ are not exempted from GDPR enforcement.

c. Consent

The conditions for consent have been strengthened, and companies are no longer able to

use long illegible terms and conditions full of legalese. The request for consent must be

given in a clear and easily accessible form, with the purpose for information processing

attached to that consent. Consent must be clear and unique from other matters and
RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 23

provided in an intelligible and easily accessible form, using clear and plain language. It

must be as easy to withdraw consent as it is to give it.

d. Information Subject Rights

Breach Notification under the GDPR, breach notifications is now mandatory in all member

states where an information breach is likely to result in a risk for the rights and freedoms of

individuals. This must be completed within 72 hours of first having become aware of the

breach. Information processors are also required to notify their customers, the controllers,

without undue delay after first becoming aware of an information breach.

e. Right to Access

Part of the expanded rights of information subjects outlined by the GDPR is the right for

information subjects to obtain confirmation from the information controller as to whether

or not personal information concerning them is being processed, where and for what

purpose. Further, the controller shall provide a copy of the personal information, free of

charge, in an electronic format. This change is a historic shift to information transparency

and empowerment of information subjects”.

f. Right to be Forgotten

Otherwise called Data Deletion, the right to be forgotten qualifies the data subject for

have the data controller eradicate the individual data, stop promote circulation of the

data, and possibly have outsiders stop using of the data. The conditions for eradication, as

laid out in article 17, incorporate the data never again being pertinent to unique purposes

for handling, or a data subject pulling back assent. It ought to likewise be noticed that this

privilege expects controllers to contrast the subjects’ rights with the public interest for the

accessibility of the data when thinking about such demands.

RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 24

g. Information Portability

GDPR presents data versatility, the privilege for a data subject to gather the private data

concerning them, which they have beforehand given in a typical utilize and machine-

readable format and have the privilege to exchange that data to another controller.

h. Privacy by Design

Privacy by design as an idea has existed for a considerable length of time, however it is just

barely ending up some portion of a lawful prerequisite with the GDPR. At its centre,

security by configuration requires the nearness of data shielded from the beginning of the

planning of frameworks, as opposed to an expansion. All the more particularly, "the

controller shall… implement appropriate technical and organizational measures… in an

effective way… in order to meet the requirements of this Regulation and protect the rights

of information subjects". Article 23 calls for controllers to collect and regulate just the data

completely fundamental for the consummation of its obligations (data minimization), and

in addition restricting the access to private data to those who want to process such data.

i. Information Protection Officers

Under GDPR it isn't important to submit notices to every local DPA of data handling

exercises, nor is it a necessity to acquire endorsement for exchanges dependent on the

Model Contract Provisions (MCCs). Rather, there are interior record-keeping necessities, as

further clarified underneath, and DPO arrangement is mandatory just for those controllers

and processors whose core exercises comprise of handling tasks which require normal and

customary checking of data subjects on an extensive scale or of uncommon classifications

of data or data identifying with criminal convictions and offenses. Vitally, the Information

Protection Officer:

RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 25

• Must be named based on expert characteristics and, specifically, master learning

on data security law and practices

• Maybe a staff part or an outside specialist co-op

• Contact points of interest must be given to the pertinent DPA

• Must be given proper assets to do their undertakings and keep up their master
information

• Must report specifically to the most elevated amount of administration

• Must not complete whatever other errands that could result in an irreconcilable
circumstance.”
To finish up, there are a critical number of prerequisites that can be identified with EU GDPR. It is

critical to comprehend these prerequisites, and their suggestions for the organization, and

execute them inside the setting of the organization. Such execution would require a committed

effort, similar to that of working on a project.

6. Draft policy related to IoT (INDIA)

A. Indian Government published its draft approach on IoT with an aim, (i) to make an IoT business

in India of USD 15 billion by 2020. This will likewise prompt an expansion in the linked gadgets

from around 200 million to more than 2.7 billion by 2020. According to the Gartner Report, the

aggregate income made using the IoT business would be USD 300 billion and the linked gadgets

would be 27 billion by 2020 all around. It has been assumed that India would have an offer of 5-

6% of worldwide in IoT industry, (ii) To create IoT items explicit to Indian requirements in the

areas of agriculture, health, water quality, catastrophic events, transportation, security,

automobile, supply chain management, smart cities, automated metering and observing of

utilities, waste management, Oil and Gas etc.

a. Smart City: “To set-up a Smart city model which would embrace deployment and display

of IoT concepts to be used in the development of Smart City. Some of the key features of a

smart city will be:

RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 26

• Smart parking.

• Intelligent transport system.

• Tele-care.

• Woman Safety

• Smart Grids.

• Smart urban lighting.

• Waste management.

• Smart city maintenance.

• Digital-signage.

• Water Management

b. Smart Water: (i) To setup Potable water checking tools to monitor the quality of tap water

in all government-owned education institutes and public places. (ii) To setup project to

spot real-time leakages and wastes of factories in rivers and other natural water bodies.

(iii) To setup project for monitoring of water level variations in rivers, dams, and reservoirs,

for upbeat disaster management.

c. Smart Environment: (i) To setup project for alarm and control of CO2 emissions of

factories, pollution emitted by cars and toxic gases generated. (ii) To setup projects to

create alarms based on circulated control in specific places like buildings, bridges, or

tremors in the country and establish a National Advance Seismic System.

d. Smart Health: (i) To setup projects for monitoring various vital parameters of patients like

subtle changes in pulse, respiration, heart condition, temperature and preventive warning

on early onset of pneumonia or other life-threatening problems, inside hospitals and at a

remote patient location including old people's home and ambulance. (ii) To setup projects

for supportive dementia and other mentally unhealthy patients from getting lost. (iii) To
RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 27

setup projects to detect & provide support to old age persons.

e. Smart Waste Management: To promote the ‘SWACH BHARAT’ initiative, we may setup

projects to create products which are solar powered trash container and trash compactor

that alerts sanitation crews of municipal authorities, when it is full.

f. Smart Agriculture: (i) To setup project for precision farming which uses information

analysis to adapt operations. The project may include monitoring of soil moisture,

vibrations, earth density and pests to detect dangerous patterns in land conditions and

create an online update mechanism for farmers. (ii) To set up a project to allow farmers to

monitor online, the temperature of grain bins and collect an alert if the temperature rises

outside of an acceptable range to help them protect grains in storage areas. This also can

be extended to alerts for pest controls requirements.

g. Smart Safety: To set up a project to build a wearable device for women, child and old

people security in public.

h. Smart Supply Chain & Logistics: (i) To set up a project for enabling universal ambulance

service at any place using any kind of device. (ii) To enable the logistics chain managed by

government for essential food items to ensuring need-based refilling and reduction in

wastage of food items.”

B. Governance Structure:

a. Advisory Committee: “To set up a High-Level Advisory Committee (AC) including

representatives from Government, industry, and academia for providing ongoing

supervision in the emerging area of IoT. The committee should comprise of:

I. Government-

a. Organizations dealing with ITU, IEEE, IETF for standards.

b. Bureau of Indian Standards

RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 28

c. Technology organizations

d. Network organizations.

e. R&D and academicians.

II. Domain ministry members.

III. Industry experts on:

a. Devices (IoT), semiconductors and Nano-electronics

b. Software dealing with a device to devise communication and integration

c. Networking

d. Sensor Technologies

e. Cloud and application security

b. Governance Committee: To set up a High powered Governance Committee (GC) chaired

by Secretary, DeitY including representatives from Government for governing all IoT

initiatives, projects, and their progress against planned timelines.

c. Program Management Unit: A Program Management Unit (PMU) will be established to be

led by Director (IoT Operations & Smart City support). The role of the PMU would be, but

not limited to,

• Provide ongoing support in the identification of various initiatives for

operationalization of the IoT Policy.

• Provide ongoing implementation support to various initiatives within the IoT policy

• Track the performance of IoT initiatives vis-à-vis planned timelines and highlight issues

(if any), suggest corrective actions to the Advisory Committee/ Governance

Committee.

• Periodic reviews of the above-mentioned policies would be undertaken with respect to

changes proposed by the advisory or governing committee.”

RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 29

7. Effect of Aadhaar Judgement:

“We may record here that (Aadhaar) enrolment is of voluntary nature. However, it becomes

compulsory for those who seek to receive any subsidy, benefit or service under the welfare scheme

of the government expenditure whereof is to be met from the Consolidated Fund of India." This

quote is from the judgment of the Aadhaar case24. Although this judgment is not related to IoT, it

is considered as a monumental step by Indian Judicial System regarding protection of privacy and

guidelines on how to use this personal information and this judgment will have significant bearing

in the minds of the Legislature when they frame the regulatory framework for IoT related matters

in future. Some of the highlights of this judgment are given below.

1. SC held that “it is very difficult to create a profile of a person simply on the basis of

biometric and demographic information stored in CIDR”. But the order does dilute some

provisions pertaining to data protection. For instance, it has directed that authentication

records are not to be kept beyond a period of six months, whereas the Aadhaar Act

permitted five years.

2. Referring to the earlier Supreme Court decision that determined privacy to be a

fundamental right, the order states that any restraint on privacy must meet three tests.

a. backed by law

b. legitimate state aim

c. proportionality

The existence of the Aadhaar Act and delivery of welfare benefits fulfill the first two

requirements. The order noted that the third test of proportionality has also been met

24
K.S. Puttaswamy and another vs. UOI, 2018 SC

RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 30

because:

a. the purpose of the act is to ensure deserving beneficiaries of welfare schemes are

correctly identified;

b. it also achieves the balancing of two competing fundamental rights,

Right to privacy on the one hand and right to food, shelter, and employment on the other.

But the majority order directs that Section 7 of the Aadhaar Act, 2016, which says proof of

Aadhaar number is necessary for receipt of certain subsidies, benefits, and services, etc.,

would cover only those benefits for which expenditure is drawn from the Consolidated

Fund of India.

3. The order stated that "any purpose" is susceptible to misuse and can only be a purpose

backed by law. It also found that allowing any corporation or person to use Aadhaar for

authentication, especially on the basis of a contract between the corporate and an

individual, would enable commercial exploitation of private data and hence held to be

unconstitutional. Regulation 27 has been struck down, which provides archiving of data for

a period of five years. Retention of data beyond the period of six months is impermissible.

Section 47 of the act, which provides that only UIDAI can file a court complaint in case of

violation of the act. SC held this section must be amended to also allow the filing of such

complaint by an individual/victim whose right is violated.

4. While SC upheld the Aadhaar-PAN Tax Linkage, at the same time SC struck down Aadhaar-

Banking linkage and Aadhaar-Mobile linkage, terming it as “violates the right to privacy of

a person which extends to banking details. It was illegal and unconstitutional.”

RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 31

8. CONCLUSION:

To sum up the above discussion on “Internet of Things” ensuring the ways of web based business,

cloud computing, and BigDATA, has resulted in a certain portion of the e-world. As the time goes

by, the life of each human being has become further entangled and reliant on an internet,

wherein e-commerce has given us facilities of online marketing, cloud computing, retrieving and

using web based services and unlimited information, the ability to collect small bits of distinct

data, to build a complete research of a whole business. Though, IoT has stirred a foot forward, it

visualizes a future where trades, productions, govt. and people are unified through machines that

considerably decrease the necessity for human involvement. This sequentially delivers an

abundant of commercial prospects and yet, there are a lot of concerns, both technology and law

related which will be required to be discussed. In upcoming future, expectation is that such

concerns would be efficiently fixed in order with an end goal to permit for an open market, where

customers have freedom and capability of using infinite number of choices that will be accessible

in the IoT compelled internet industry.

RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 32

Bibliography

1. IoT market potential for Canada, available at

http://www.marketwatch.com/story/internet-of-things-presents-enormous-untapped-

potential-for-canadian-businesses-2016

2. Glowcaps, available at http://www.glowcaps.com/product/

3. Digital Disruption, available at https://www.accenture.com/in-en/insight-internet-things-

revolutionizing-retail-industry.aspx

4. Google’s IoT push continues with London driverless cars, VR headset & Go AI match,

available at http://www.cbronline.com/news/internet-of-things/ smart-

technology/googles-iot-push-continues-with-london-driverless-cars-vr-headset-go-ai-

match-4804528

5. Secrets of driverless Cars, available at

http://www.theatlantic.com/technology/archive/2015/12/ driverless-secrets/417993/

6. Tesla to produce driverless Cars in 2 years timeline, available at

http://www.dezeen.com/2016/01/11/elon-musk-predicts-completely-autonomous-

driverless-tesla-cars-in-two-years/

7. How the Internet of Things is Revolutionizing Food Logistics, available at

http://www.foodlogistics.com/article/11366603/food-and-more-for-thought-how-the-

internet-of-things-is-revolutioniz¬ing-food-logistics

8. Smart cities need institutional reforms for Pvt. participation, available at

http://www.business-standard.com/article/economy-policy/ smart-cities-need-

institutional-reforms-for-pvt-participa¬tion-116040800193_1.html

9. TRENDnet Cameras Still Have Gaping Security Holes, 3 Years After FTC Settlement, available

at http://fortune.com/2017/11/15/security-camera-hack-ftc-trendnet-dahua-belkin/
RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 33

10. Agreement on Commission's EU data protection reform will boost Digital Single Market,

available at http://europa.eu/rapid/press-release_IP-15-6321_en.htm

11. General Data Protection Regulation, available at

https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

12. What the Net Neutrality Ruling Means for The Internet of Things, available at

http://www.machinetomachine-technologyworld.com/articles/366860-what-net-

neutrality-ruling-means-the-internet-things.htm

13. Network neutrality and the internet of things, available at

http://paulwallbank.com/2014/01/16/net¬work-neutrality-and-the-internet-of-things/

14. The Next Big Battle in Internet Policy, available at

http://www.slate.com/articles/technology/future_

tense/2012/10/network_neutrality_the_fcc_and_the_inter¬net_of_things_.html

15. The top services for net neutrality, available at http://www.trai.

gov.in/WriteReadinformation/ConsultationPaper/Document/OTT-CP-27032015.pdf

16. Patent issues and the Internet of Things, available at http://www.taylorwessing.com/

download/article_patent_iot.html

17. Standard Essential of Patents, available at

http://www.ipindia.nic.in/Whats_New/standardEssentialPaper_01March2016.pdf

18. New guidelines on information ownership and liability could be issued to address ‘internet

of things’ phenomenon, available at http://www. out-law.com/en/articles/2014/july/new-

guidelines-on-information-ownership-and-liability-could-be-issued-to-address-inter¬net-

of-things-phenomenon/

19. Comb v. PayPal, Inc, 218 F.Supp.2d 1165

RGSOIPL 17IP63011
 INTERNET OF THINGS (IoT) - Legal Issues, Opportunities & Challenges 34

20. The Internet of Things: The Old Problem, available at

http://media.mofo.com/files/Uploads/Imag¬es/140320-The-Internet-of-Things-Part-2.pdf

21. Internet of Things – New security and privacy challenges, Computer Law & Security Review

22. S.1691 - Internet of Things (IoT) Cybersecurity Improvement Act of 2017, available at

https://www.congress.gov/bill/115th-congress/senate-bill/1691/text?format=txt

23. The EU General Data Protection Regulation (GDPR) is the most important change in data

privacy regulation in 20 years., available at https://eugdpr.org/

24. Draft Policy on the Internet of Things, available at

https://www.mygov.in/sites/default/files/master_image/Revised-Draft-IoT-Policy-2.pdf

25. K.S. Puttaswamy and another vs. UOI, 2018 SC

RGSOIPL 17IP63011