Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: Internet of Things

Posted in Consumer Privacy

FTC Schools “Smart” Toys with Updated COPPA Compliance Guidance

The Federal Trade Commission released an updated guidance document for complying with the Children’s Online Privacy Protection Act. The revised guidance, released on June 21, 2017, explicitly identifies connected toys and other Internet of Things devices as being covered under COPPA and adds clarity to web operators’ responsibility for the activities of third parties, such as ad networks and plug-ins, that collect personal information protected under COPPA. It also includes recently approved methods for obtaining verifiable parental consent.

Posted in Cybersecurity & Data Breaches

Bipartisan Group of Senators Introduce Bill to Impose Baseline Security Requirements for IoT Devices Provided to U.S. Government

On August 1, a bipartisan group of four senators introduced a bill that would impose specific cybersecurity requirements on providers of Internet of Things devices when doing business with the U.S. Government and provide liability protections for security researchers who disclose vulnerabilities affecting these devices. Though the bill’s security requirements would apply only in cases where entities are acting as contractors to the U.S. Government, if enacted, it likely would be influential on IoT vendors operating in the consumer context as well. The bill is largely consistent with an ongoing multistakeholder effort led by the National Telecommunications and Information Administration aimed at developing voluntary security standards for Internet-connected devices.

Posted in Cybersecurity & Data Breaches

The FTC and Industry Propose Best Practices for IoT Security Updates

How do you ensure that an Internet-connected sensor or device—often inexpensive and designed for lifespans of up to 20 years or more—can be secured against not only the intrusions of today but also those of the future? This question has taken on new urgency as low-cost Internet-connected devices are increasingly being co-opted into massive networks, known as “botnets,” that are capable of causing widespread disruption.

Posted in News & Events

Upcoming Webinar on Cybersecurity & the Internet of Things

“Connected” products—not just traditional IT products—are increasingly subject to cyber attacks globally. The question companies are (and should be) asking is no longer whether there will be an attack involving Internet of Things devices and infrastructure, but when. Join us on May 24 for the third installment of our 2017 IoT webinar series and get practical guidance from our international team of cybersecurity lawyers, who will present key elements of Hogan Lovells’ well-received client workshop on this rapidly evolving topic.

Posted in News & Events

Your Cyber Minute: Watch Our Topline Digest of Today’s Cybersecurity Issues

With cybersecurity issues evolving rapidly, every minute counts. Our new video series, Your Cyber Minute, is specifically designed for busy in-house counsel to gain practical perspectives – fast. This multi-part series is an extension of our Ready, Set, Respond resource portal and highlights today’s hottest topics in cybersecurity. Tune in to watch the first two installments and get the latest in what you need to know and how to better be prepared.

Posted in Consumer Privacy

NTIA Highlights Promise and Policy Challenges of IoT, Seeks Additional Comments

On January 12, 2017, prior to the new administration taking power, the National Telecommunications and Information Administration within the Department of Commerce released a Green Paper on “Fostering the Advancement of the Internet of Things,” which assesses the technological and policy landscape of the Internet of Things. The Green Paper is expansive in scope, reflecting the broad range of issues raised in comments submitted by stakeholders in the private sector, academia, government, and civil society following NTIA’s April 2016 request for public comment. The Green Paper identifies key issues, and provides recommendations and assessments on the potential benefits and risks that IoT portends. The NTIA identifies cybersecurity, privacy and cross-border data flows as the most significant policy issues. It also proposes four principles for future policy engagement in which the Department would play a central role in creating conditions that would foster IoT growth. The agency also requested additional comments on the issues raised by the Green Paper.

Posted in International/EU Privacy

DSM Watch: European Commission’s Data Package Explores Data Ownership, Localization, Liability and Portability, Highlighting Tensions with GDPR

On January 10, 2017, the European Commission released a Communication, a fact sheet, a working document and a public consultation relating to Europe’s “data economy”. The fact sheet states that “data is a new type of economic asset”, which is essential for innovation and growth. The Commission’s objective is to remove “unjustified restrictions” and “legal uncertainties” in order to facilitate data sharing and innovation.

Posted in International/EU Privacy

Privacy in 2017 – From Challenges to Opportunities

After all of the 2016 drama, the start of a brand new year is a welcome development in itself – a clean sheet for a script yet to be written. However, 2017 will not be without challenges and the same applies to the world of privacy and data protection. Many of the big issues that arose during 2016 will need to be addressed in 2017. In addition, new questions will no doubt emerge. Here is an overview of the privacy challenges that lie ahead and what can be done about them.

Posted in International/EU Privacy

European Commission Outlines Data Sharing Strategy for Connected Vehicles

Connected vehicles today are rolling computers able to exchange information wirelessly with manufacturers, other vehicles, and third party service providers to significantly improve safety, efficiency, and comfort for drivers. Many entities are interested in the data these connected vehicles generate and transmit. These entities include dealers and repair shops, vehicle fleet service providers, end-users, infrastructure operators, diagnostics providers, researchers, financial services companies and insurance companies. The European Commission and industry actors in Europe, while recognizing the challenges of wide-spread deployment of these technologies, have taken further steps to develop a regime that facilitates information sharing for vehicle to vehicle, vehicle to infrastructure and other communications by delineating specific actions to take in the near future.

Posted in Cybersecurity & Data Breaches

US Agencies Release Guidance for Securing the Internet of Things

The Internet of Things continues to draw broad interest from policymakers and regulators around the globe. Following on the heels of a major distributed denial-of-service attack in October 2016 that leveraged potentially millions of compromised IoT devices, members of Congress have sent letters to US federal agencies regarding the risks posed by insecure IoT devices and held a hearing about what if anything should be the US federal response to such IoT-driven cyberattacks. Against that backdrop, in November 2016 two US federal agencies have issued guidance on securing IoT.

Posted in Consumer Privacy, Cybersecurity & Data Breaches

Online Trust Alliance Releases Privacy and Security Checklist for IoT Consumers

Some of the largest cyber attacks in recent memory have employed an army of connected home devices to achieve their goals. This co-opting of connected home devices owned by consumers around the world occurs without those consumers’ knowledge or consent. For example, in mid-September, several thousand devices—home routers, Internet-connected video cameras, and digital video recorders—were used to create a “botnet” that collectively pounded the security researcher Brian Krebs’ website with 620 gigabits of data per second. At the time, the attack was thought to be the largest in history. An even larger army was assembled a few days later for an attack on the French hosting provider OVH that peaked at over one terabit of traffic per second. These distributed denial-of-service attacks were successful because they exploited basic security vulnerabilities in connected home devices, such as default passwords used to access administrator settings.

This week, the Online Trust Alliance turned its attention from manufacturers to consumers by releasing a checklist of basic steps that consumers can take to improve the privacy and security “hygiene” of their connected home and wearable devices. Just as smoke detectors require periodic battery changes, the OTA warns that IoT devices also benefit from regular checkups.

Posted in International/EU Privacy

Global Sweep Finds Shortfalls in Privacy Protections of IoT Devices

The fourth annual Global Privacy Enforcement Network sweep, which focused on Internet of Things devices, found that privacy communications in relation to such devices were generally poor and companies demonstrating good practice were in the minority. Here, we summarize and explore the key findings of the fourth annual GPEN sweep .

Posted in Consumer Privacy

Deirdre Mulligan, Hogan Lovells, Discuss Relations Between Tech Community and Government at Silicon Valley Dinner

On July 25, 2016, Hogan Lovells hosted a Silicon Valley dinner as part of its 2025 dinner series. The theme of the dinner was “I’m from Mars, You’re from Venus: The Tech Community and its Future Relationship with Government”. The discussion, moderated by Deirdre Mulligan of UC, Berkeley, focused on the tech community’s view of regulatory, law enforcement and national security issues, here in the U.S., as well as in Europe; and how the tech industry will be impacted by the upcoming U.S. elections as well as Brexit.

Posted in International/EU Privacy

Regulators Announce International Investigation into Practices of Internet Connected Devices

A number of data protection authorities around the globe have issued press releases confirming their involvement in the 2016 global privacy “sweep”, which kicked off on April 11th. This year’s initiative involves a coordinated investigation by 29 DPAs into the practices of internet-connected devices, such as fitness and health trackers, thermostats, smart meters and TVs and connected cars. The work is being coordinated by the Global Privacy Enforcement Network under the leadership of the UK Information Commissioner’s Office.

Posted in Consumer Privacy

NTIA Commences Internet of Things Proceeding

On April 5, 2016, the National Telecommunications and Information Administration initiated an inquiry to review the potential benefits and challenges presented by the Internet of Things. In its Notice and request for public comment (RFC), NTIA is seeking input on the current IoT technological and policy landscape with a goal of developing recommendations—in the form of a Green Paper—as to whether and how the federal government should play a role in fostering the advancement of IoT technologies.

Posted in News & Events

April 2016 Privacy and Cybersecurity Events

Please join us for our April 2016 Privacy and Cybersecurity Events, including discussions on the Internet of Things, big data in healthcare, the Telephone Consumer Protection Act, international data flows, and more.

Posted in Consumer Privacy

Principles to Consider for your IoT Privacy and Security Program

Fifteen months after forming an Internet of Things working group, on March 2, 2016, the Online Trust Alliance released a final version of its IoT Framework along with a companion Resource Guide that provides explanations and additional resources. The voluntary Framework sets forth thirty suggested guidelines that provide criteria for designing privacy, security, and sustainability into connected devices. The creation of the OTA IoT principles represents a potential starting point for achieving privacy- and security-protective innovation for IoT devices.

Posted in Consumer Privacy, Cybersecurity & Data Breaches

FTC Says Listen Up When Vulnerability Reports Come In

The FTC wants companies to listen. More precisely, the FTC wants companies to pay attention to and promptly to respond to reports of security vulnerabilities. That’s a key takeaway from the Commission’s recent settlement with ASUSTek. In its complaint against the Taiwanese router manufacturer, the FTC alleged that ASUS misrepresented its security practices and failed to reasonably secure its router software, citing the company’s alleged failure to address vulnerability reports as one of the Commission’s primary concerns. The settlement reiterates the warnings contained in the FTC’s recent Start with Security Guide and prior settlements with HTC America and Fandango: the FTC expects companies to implement adequate processes for receiving and addressing security vulnerability reports within a reasonable time.

Posted in Cybersecurity & Data Breaches

Privacy, Security, and IoT Prominent Themes at Silicon Flatirons DBM Conference

On January 31, 2016, the Silicon Flatirons Center for Law, Technology, and Entrepreneurship at the University of Colorado hosted its annual Digital Broadband Migration Symposium. The theme of this year’s conference was “The Evolving Industry Structure of the Digital Broadband Landscape.” The two-day conference brought together an array of leaders from government, academia, and industry to examine the role of regulatory oversight, antitrust law, and intellectual property policy in regulating industry structure and to discuss what policy reforms may be appropriate for the constantly changing digital broadband environment. As outlined below, a recurring topic throughout this year’s conference was the relationship between privacy, security, and the evolving digital landscape.

Posted in International/EU Privacy

Hong Kong Privacy Regulator Issues 2015 Report, Outlines 2016 Focus

On 26 January, Hong Kong’s Privacy Commissioner for Personal Data published his annual report on 2015 complaints and enforcement activity under the Personal Data Privacy Ordinance. The report reveals that 871,000 Hong Kong individuals were affected by data breaches in 2015, compared with 47,000 in 2014. The report is noteworthy that the number of reported breaches continues to increase at a rapid pace notwithstanding the fact that Hong Kong’s data breach notification regime is at the moment a voluntary one. The report is also notable for setting out the Commissioner’s statement of priorities for 2016.

Posted in Consumer Privacy, Cybersecurity & Data Breaches

Online Trust Alliance Releases Internet of Things Trust Framework

One of the most common devices in the emerging Internet of Things (IoT) was reportedly discovered to have a bug. According to the research firm Fortinet, a popular fitness tracker was vulnerable to wireless attacks through its unsecured Bluetooth port. A savvy attacker could install malware wirelessly within ten seconds—simply by coming within a few feet of the tracker. When the device’s owner returned home to sync daily activity with a computer, the malware could, in principle, infect the computer as well.