Internet of Things Archives - IPOsgoode /osgoode/iposgoode/tag/internet-of-things/ An Authoritive Leader in IP Mon, 19 Dec 2022 17:00:00 +0000 en-CA hourly 1 https://wordpress.org/?v=6.9.4 Sisvel’s Cellular IoT Patent Pool: Paving the Way for More Effective IoT Integration /osgoode/iposgoode/2022/12/19/sisvels-cellular-iot-patent-pool-paving-the-way-for-more-effective-iot-integration/ Mon, 19 Dec 2022 17:00:00 +0000 https://www.iposgoode.ca/?p=40376 The post Sisvel’s Cellular IoT Patent Pool: Paving the Way for More Effective IoT Integration appeared first on IPOsgoode.

]]>

Amin Hosseini is an IPilogue Writer and an LLM Candidate at Osgoode Hall Law School.


On , Sisvel International S.A. announced its Cellular IoT , consisting of 20 patent owners. By establishing this patent pool, the participating patent owners will create an offer to license all of their Patents required to implement the LTE-M and NB-IoT standards. Interestingly, Huawei Technologies and Nordic Semiconductor have also entered into a patent license agreement on , related to a portfolio of standard essential patents (SEPs) for LTE-M and NB-IoT owned by Huawei.

and are radio communication technology standards created by for Internet of Things (IoT) applications. The cellular LPWAN IoT standards LTE-M and NB-IoT evolved from the 4G LTE standard.

LTE-M is a subset of LTE technology designed specifically for machine-to-machine communication. LTE-M enables IoT devices to send and receive enormous volumes of data without depleting their batteries. It has a latency of about 10-15 milliseconds and can enable cell handovers. On the other hand, NB-IoT employs shorter frequency bands, allowing this technology to exploit the more effectively. For NB-IoT, latency is roughly 10 to 100 times lower, and coverage is far broader.

Cellular networks exist to facilitate connection between devices. To keep the device connected to the nearest towers, they often ping cellular devices around them to acquire location. The battery is depleted by these constant . Thus, most IoT devices require substantially long-lasting batteries, and they consume a significant amount of energy.

LTE-M and NB-IoT provide IoT applications with effective connectivity. Batteries in LTE-M devices can survive ten years or longer because of features called and . IoT devices can employ their power-saving mode with these standards, allowing them to sleep when not in use. Additionally, they can prolong their sleep, so they do not have to wake up to send the location update. Devices can employ extended discontinuous reception with LTE-M. When the device is not in PSM mode, it frequently checks for downlink data. With extended discontinuous reception, the frequency of radio check-ins is extended, which lowers power usage.

In addition to the technological effectiveness of these standards, Sisvel’s patent pool helps makers of IoT devices by providing a clear structure for getting licenses under the pool's portfolio of LTE-M and NB-IoT SEPs. Generally speaking, bilateral licensing would be costly between a vast and rising number of businesses and holders. By setting up this patent pool, it is expected that transaction costs will be decreased for IoT projects.

With this Cellular Patent Pool, licensees can finalize a single license for various licensor portfolios and prevent royalty reporting and payments for each licensor. And, with multiple licensees, a fair, reasonable, and non-discriminatory () license for such SEP portfolios is feasible. Moreover, by providing licenses with standardized, pre-established terms and conditions, we may lessen prejudice among licensees. Due to the fair total royalties provided by patent pools, the potential patent hold-up by individual licensors could not be a grave concern.

A large percentage of IoT projects do not produce the anticipated results, or simply put, they fail. Recently, in-depth research on IoT initiative failure has been published by . The research concludes that nearly three-quarters of IoT projects are not considered successful.

However, this unsuccessful rate has nothing to do with the IoT concept. IoT businesses have to deal with many challenges and risks such as unanticipated costs including litigation, inaccessibility to required technologies, and failure to develop a properly-designed business model. This Patent pool, along with other measures, is a viable solution to such concerns. Sisvel’s cellular IoT patent pool is a giant leap for IoT businesses which is set to encourage competition, market involvement, and greater commercial and legal certainty in the IoT industry.

Further reading:

To read more about the transaction costs savings engendered by patent pools, please see Measuring the Costs and Benefits of Patent Pools, Available at

The post Sisvel’s Cellular IoT Patent Pool: Paving the Way for More Effective IoT Integration appeared first on IPOsgoode.

]]>
Canadian IP Scholars Submit their Recommendations to the Federal Government on AI, the Internet of Things, and the Modernization of the Copyright Act - Part 1 /osgoode/iposgoode/2022/02/21/canadian-ip-scholars-submit-their-recommendations-to-the-federal-government-on-ai-the-internet-of-things-and-the-modernization-of-the-copyright-act-part-1/ Mon, 21 Feb 2022 17:00:00 +0000 https://www.iposgoode.ca/?p=39091 The post Canadian IP Scholars Submit their Recommendations to the Federal Government on AI, the Internet of Things, and the Modernization of the Copyright Act - Part 1 appeared first on IPOsgoode.

]]>

Photo by fauxels ()

Emily Prieur is an IPilogue Writer and a 3L JD Candidate at Queen’s University Faculty of Law

Background

In July 2021, the Government of Canada launched a consultation on Artificial Intelligence (“AI”) and the Internet of Things (“IoT”). The goal was to balance the realities of developing technologies with the interests and needs of artists, innovators, and consumers. In the , the government stated its aim of “making sure that our digital and data-driven economy is built on a strong foundation of trust and that AI is developed and used responsibly to the benefit of all citizens”.

In response to the call to submissions, thirteen scholars in Intellectual Property, including Osgoode Hall Professor Carys Craig and Queen’s Law Professor Bita Amani, for how the government could address these concerns. The submissions are divided into the categories of AI policy reform and IoT policy reform. In Part 1, I will summarize some of the key points presented by the group concerning AI, and in Part 2, I will focus on their suggestions concerning the IoT.

Balancing the Public Interest

The scholars acknowledged the government’s commitment to “keep pace” with technological developments in AI while through Federal statute (the Copyright Act). In so doing, they relied on , where the court described copyright laws as “a balance between promoting the public interest in the encouragement and dissemination of works of the arts and intellect and obtaining a just reward for the creator”. The group also stressed the importance of technological neutrality and referenced . In that case, the court grappled with the importance of developing copyright legislation independently, without prioritizing one form of technology over another. The court placed further emphasis on the importance of drafting copyright legislation impartially, without making specific objectives concerning AI, as the technology will likely continue to develop and change.

Text and Data Mining

The group highlighted their concerns regarding the regulation of text and data mining (TDM) activity under the Copyright Act. TDM is important to the public interest, as it supports AI research and development. Moreover, TDM plays a role in scholarly and commercial research, education, and journalism.

The authors pointed to current legal barriers for those who participate in TDM. Included in these barriers was the uncertain applicability of section 3(1) of the Copyright Act. The confusion arises from . The Supreme Court concluded that the creation of electronic copies through “cashing” did not implicate the interests of copyright owners. Yet, the scholars suggested that the legislature leaves room for confusion, as it is not clear whether the interpretation of TDM would be considered prima facie infringement by the courts.

The group proposed that the Government of Canada create a fair dealing doctrine to accommodate activities, such as research to accommodate TDM activities. Further, they suggested that the Government enact specific statutory provisions that allow for legal TDM activities that require the use of copyrighted works.

Authorship and Ownership of Works Generated by AI

One burgeoning issue within intellectual property law is legal protection for AI-generated works and inventions (see IPilogue posts regarding inventorship rights for AI , , here, and ). The scholars rejected the notion of copyright protection for AI-generated works. As such, they suggested the government make amendments to the Copyright Act delineating the requirement of human authorship to gain copyright protection.

Final Recommendations

In outlining their concerns about the future of Copyright legislation and its potential to protect the interests of Canadians, the group provided their final recommendations to the government, which included amending the Copyright Act to include a broad statutory provision that allows the use of TDM without the concern of copyright infringement. The provision should apply to all technology users, including those using TDM for commercial and non-commercial purposes. The scholars also suggested amending section 29 of the Copyright Act to include a purposes list and an enumerated purpose for TDM or data/informational analysis.

Another final recommendation asked the government to clarify the definitions in section 2 of the Copyright Act to specify that an author is a human being or natural purpose. Further, it was suggested that the Government of Canada amend section 5 of the Copyright Act to specify that copyright shall not be granted to a work unless its author is human.

Public consultations are touted as one of the . Canadians can remain sanguine that the Government of Canada will heed the suggestions provided by the 13 IP scholars to protect and promote the interests of Canadians while also acknowledging the benefits that come with technological advancement. Contribution to the consultation through scholarly insight and expertise is also commendable.

The post Canadian IP Scholars Submit their Recommendations to the Federal Government on AI, the Internet of Things, and the Modernization of the Copyright Act - Part 1 appeared first on IPOsgoode.

]]>
Telecom Network Innovation: XaaS and New Business Models in the 5G Era /osgoode/iposgoode/2018/07/25/telecom-network-innovation-xaas-and-new-business-models-in-the-5g-era/ Wed, 25 Jul 2018 19:05:46 +0000 https://www.iposgoode.ca/?p=31999 The 17th Annual Canadian Telecom Summit (CTS2018)must have set the “innovation skeptic's" expectations high by centering on the fifth-generation (5G) network theme and related developments. For example, the “Network Innovation: Transforming networks & applications for nexgen services” panel’s discussion touched on automation, network virtualization, data monetization, and Internet of Things (IoT) commercialization. However, despite the […]

The post Telecom Network Innovation: XaaS and New Business Models in the 5G Era appeared first on IPOsgoode.

]]>
must have set the “innovation skeptic's" expectations high by centering on the fifth-generation (5G) network theme and related developments. For example, the “Network Innovation: Transforming networks & applications for nexgen services” panel’s discussion touched on automation, network virtualization, data monetization, and Internet of Things (IoT) commercialization. However, despite the different versions of innovation the panelists put forward, they all conceded the fact that 5G opens the door to different business models, with a strong consensus on the necessity for a Public Private Partnership (3P) to bootstrap the 5G initiative.

The 5G network

The Next Generation Mobile Networks (NGMN) describes 5G as “an end-to-end ecosystem” that is expected to “enable a fully mobile and connected society”. The most prominent include fixed-wireless access, ultra-reliable low-latency (high volume of data messages with minimal delay) communications, enhanced mobile broadband and massive . The effective implementation of the 5G vision could translate into driverless cars, virtual or augmented reality experiences, , robotics and . However, the proposed 5G use cases rely on , pertaining notably to latency, throughput, reliability and transmission character.

To address all of these use cases, networks need to become more flexible. This is achieved through , a form of virtual network architecture built on common shared physical infrastructure. Each network slice consists of an independent set of logical (software-based) network functions that support the requirements of the specific use case. For instance, the driverless car will rely on vehicle-to-anything (V2X) communication, which requires low latency but not necessarily a high throughput, while a streaming service being watched while the car is in motion will require a high throughput and is susceptible to latency. are thus employed to optimise the use of the physical network. This can also enhance , by isolating attacks on the network slice, given that security poses the biggest challenge as these networks evolve, according to Ray Lahoud, Chief Operating Officer at Allstream.

Network slicing relies on and . SDN the data and control planes, which, along with the management plane, constitute the three basic components of a telecommunications . By removing the control plane from network hardware and implementing it in software, SDN enables programmatic access, making network administration much more flexible.While SDN enables network slicing, the NFV architecture is employed to and its constituent resources, and orchestrating their allocation to realize the virtual network functions (VNFs) and network service. In a nutshell, NFV provides the ‘what’ (virtualization architecture) and SDN provides the ‘how’ (Application Programming Interfaces and control protocols) to .

SDNs can be deployed today leveraging existing Application Programming Interfaces (). APIs constitute a point of interaction between a number of systems. From the users’ point of view, APIs allow them to complete the action . APIs speed up the communication between apps and platforms, allowing service providers to deploy innovative high-quality services by bypassing one-on-one, costly and time-consuming proprietary integration. As Ibrahim Gedeon, Chief Technology Officer at Telus, described it, before embarking on any technological transformation journey we need to “speak the same language to talk about innovation”, which in turn translates to the need for a .

Network softwarization is paving the way towards X-as-a-Service (XaaS). XaaS refers to the concept that , including the functions that control a telecom network, notably Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). With these resources made available by , telecom service providers maintain a major influence over the services they buy, while offloading the costs of Research and Development (R&D), security and optimization. XaaS extends , with Transportation-as-a-Service offered by Uber and Lyft, Grocery-as-a-Service by Safeway and Whole Foods, and Accommodation-as-a-Service by Airbnb.

 

New Business Models

According to the NGMN , 5G is expected to “empower value creation towards customers and partners, through existing and emerging use cases, delivered with consistent experience, and enabled by sustainable business models.” Essentially, this means that telcos will start shifting from their traditional Business-to-Customer (B2C) to a Business-to-Business (B2B) business model, by opening their networks to other stakeholders and allowing the latter to reuse their capabilities in order to deliver new services to customers.

Communication Service Providers (CSPs) can monetize new data-intensive Over-the-Top (OTT) services through partnerships with OTT providers or by charging them for access to their networks. In fact, operators have already started to leverage to deliver packaged services to end users. OTT players are expected to deliver more applications that require higher quality, lower latency, and other service enhancing capabilities, namely proximity, location, quality of service (QoS), authentication, on demand and in a highly flexible and programmable way.

In addition, as James Buchanan, Senior VP & General Manager of Ensemble ADVA Optical Networking, framed it, monetization of data is key to proving that it is worth investing in 5G. While telcos are now relying only on data to improve customer experience and QoS, with 5G network services combined with IoT and AI, new business models of monetization will arise, namely . New business opportunities will thus emerge for telcos not only through data monetization but also from the value delivered to enterprises via application and network intelligence layers.

 

IPR, RnD and Investment in 5G

The realization of the 5G vision, especially in terms of IoT-related applications, will require extensive R&D and investment. Robust intellectual property protection is an to this end. Based on the NGMN , the IP based business objective is to make 5G access affordable for all types of devices. The proposed NGMN recommendations include improving 5G Standard Essential Patent (SEP) Declarations, establishing Independent 5G SEPAssessments, and exploring and establishing Patent Pool licensing for 5G. All industry partners are expected to develop implementation plans for each of these recommendations.

Overall, this panel’s speakers strongly agreed on the fact that the 5G endeavor cannot be taken exclusively on by the private sector. This was consequently addressed by the Honourable Navdeep Bains, PC, MP, Minister of Innovation, Science and Economic Development in his , during which he announced the launch of ,, the Evolution of Networked Services through a Corridor in Québec and Ontario for Research and Innovation, which is a 3P between the governments of Ontario and Quebec and private sector partners. Minster Bains described ENCQOR as “a 5G test bed that will advance the development of 5G networking solutions and next-generation technologies and applications”. In addition, he proclaimed the launch of two consultations regarding 5G deployment, one of which pertains to the . Based on the aforementioned, the plan toward the 5G seems clearly drafted and in line with the telecom industry’s mantra of “flexibility, scalability and cost”, as epitomized by Mr. Lahoud.

 

Yonida Koukio is an IPilogue Editor and an LL.M. Candidate at Osgoode Hall Law School.

The post Telecom Network Innovation: XaaS and New Business Models in the 5G Era appeared first on IPOsgoode.

]]>
Highlights from Canadian Telecom Summit 2018 /osgoode/iposgoode/2018/07/23/highlights-from-canadian-telecom-summit-2018/ Mon, 23 Jul 2018 16:54:52 +0000 https://www.iposgoode.ca/?p=31964 The Canadian Telecom Summit has been one of the largest annual meetings of telecom professionals in Canada for nearly twenty years. This year’s summit, from June 4 – 6 in Toronto, featured wide-ranging discussions including leading telecom executives from Canada, the U.S. and Europe and government officials on the major issues and goals facing the […]

The post Highlights from Canadian Telecom Summit 2018 appeared first on IPOsgoode.

]]>
The has been one of the largest annual meetings of telecom professionals in Canada for nearly twenty years. This year’s summit, from June 4 – 6 in Toronto, featured wide-ranging discussions including leading telecom executives from Canada, the U.S. and Europe and government officials on the major issues and goals facing the many players in telecommunication. These included panels focusing on: 1) preparing Canada for 5G data coverage; 2) the need for telecoms to partner with big data firms as households become increasingly digitally connected (or “smart”); 3) the future of privacy and data security for customers, and; 4) the Federal Government’s priorities for the sectors, including bringing greater access to affordable data for urban, rural, and Indigenous communities.

I. Preparing Canada for 5G Coverage

5G data coverage, which is the next generation of wireless data services, promises to make it possible for cities to become , as buildings, utilities, and people will be able to constantly share data. This connectivity can make cities more efficient by allowing businesses and government to mine this data, discover inefficiencies and redundancies, and correct them. Canada promises to be a major part of this initiative, with Google’s intention to build a , which will feature a fully interconnected neighbourhood.

The jurisdictions that can achieve 5G coverage will have a competitive edge in attracting new technologies and business opportunities that can take advantage of this new interconnectivity. , the CTO of Telus, noted that Canada needs a fully allocated 5G spectrum to take advantage of these opportunities. Mr. Gideon lamented that the Canadian Radio-television and Telecommunications Commission (CRTC) has not yet fully auctioned the 3.5 – 4GHz spectrum, where 5G will be broadcasted, and this puts Canada at risk of falling behind other jurisdictions. Not only have Western counties like the US, UK, EU and New Zealand allocated or planned out this spectrum, but so have Saudi Arabia, India, China, Japan and South Korea have as well. In his keynote, Mr. Gideon called on the Federal Government to create a clear strategy and timeline on how the 5G spectrum will be allocated and when; only once this is done can businesses seize on the new opportunities that 5G offers.

II. Big Data Firms – The Home Invaders

, EVP of , a major US business-to-business telecom service in the Internet of things (“IoT”) space, spoke of the need for telecoms to partner with large technology companies like Apple and Amazon so that Internet service providers are not left behind by the coming technology changes.

As major technology firms develop new IoT applications, like Amazon with Alexa and Google with Home, these companies are creating new interactions inside their customers’ homes, which are new opportunities to connect with their customers and build goodwill. Since these IoT devices rely on Internet connections to work, telecoms are a crucial part of this experience. However, Amazon and Google will reap the rewards of positive customer interactions and when they don’t work, the telecoms are blamed.

This leads to a situation where technology firms will benefit from the goodwill and telecoms will continue to be viewed as a necessary evil to facilitate online-based services. Telecoms suffer from as no customer loyalty is developed when IoT devices work, but when the devices don’t work the telecoms take the blame. One solution is for telecoms to partner with these firms, allowing them to piggyback off the brand building they are engaged in. If Rogers can offer a “Rogers + Google” service, there is more likely to be a positive customer association with the Rogers brand every time Google Home helps a consumer. This strategy is increasing with Fido packaging a with their phone plans and a in 2014.

III. Privacy and the Digital Footprint

While Mr. Weening’s presentation opened up many interesting possibilities for the future of telecom service, as a law student I couldn’t help but be concerned by the . The panel on privacy and information security focused on the implications for these new services and the need to evolve consumers’ digital footprint beyond a mere email and password combination.

, a Senior Fellow at Ryerson University’s Ted Rogers Leadership Centre and the former Privacy Commissioner of Ontario, noted that over the past two years, the percentage of consumer concerned about the privacy of their information has . Ms. Cavoukian pointed out that is more important and profitable for telecoms to build trust with their customers regarding the integrity and privacy of their personal information than to collect as much data as possible. She noted that when customers are informed that their data is private and only used for a specific purpose, they are more likely to consent to future requests for uses of their data in different ways.

Other panelists noted that since Canada adopted the Internet earlier than most countries, its and out of touch with the internet. Jurisdictions that were slower to adopt the Internet, like the EU, have observed the effects the Internet has on society and have had an easier time legislating accordingly.

A related panel, “Cultivating an Innovation Economy” discussed how telecoms need to help facilitate a revolution in digital identity. One of the biggest cybersecurity problems is that people protect their valuable data with an easily hacked email and password combination. However, smartphones are complex computers capable of acting as a digital fingerprint for online services. Telecoms that can create a secure digital identity for their customers could have a strong competitive edge as privacy and information security becomes a greater concern for consumers.

IV. Minister Bains on Connecting the Arctic and Rural Canada

The 2018 Canadian Telecom Summit ended with a keynote speech from the Honourable , Minister of , the department in charge of the Telecommunications Act.

Minister Bains spoke of the government’s partnership with Bell to bring , connecting Inuit communities to the rest of Canada. The construction of over 15 cell towers across the Northwest Territories and Nunavut could also help stimulate commercial investment in Canada’s North beyond the traditional natural resource extraction industries.

Minister Bains also introduced the new , where the government is planning to extend data coverage to many remote rural communities in Canada that currently have no data coverage. This initiative will also provide up to 50,000 low income families with a personal computer and access to a low-cost public internet plan for $10 per month. The goal of this initiative is to help alleviate isolation and poverty in rural communities by connecting them with urban Canada and creating new opportunities in their community.

V. Conclusion

This year’s Canadian Telecom Summit showed that the commercial opportunities created by telecommunication continue to broaden and that Canada is far from a global leader in this area. At the same time, there is a clear sense that the current government wants to make Canada’s technology economy more competitive and ensure that issues of privacy and accessibility are addressed. There is great promise in the commercial opportunities in this space, but measures like a clear spectrum allocation strategy and more competition in the telecom space is needed to spur more growth in this area.

The post Highlights from Canadian Telecom Summit 2018 appeared first on IPOsgoode.

]]>
Privacy Commissioner Seeks Public Input on Consent Model /osgoode/iposgoode/2016/07/05/privacy-commissioner-seeks-public-input-on-consent-model/ Tue, 05 Jul 2016 14:00:50 +0000 http://www.iposgoode.ca/?p=29409 The re-posting of this article is part of a cross-posting agreement with CyberLex. On May 11, 2016, Privacy Commissioner Daniel Therrien announced the Office of the Privacy Commissioner of Canada (“OPC”) would seek public input on the issue of how Canadians can give meaningful consent to the collection, use and disclosure of their personal information […]

The post Privacy Commissioner Seeks Public Input on Consent Model appeared first on IPOsgoode.

]]>
The re-posting of this is part of a cross-posting agreement with .

On May 11, 2016, Privacy Commissioner Daniel Therrien announced the Office of the Privacy Commissioner of Canada (“OPC”) would seek public input on the issue of how Canadians can give meaningful consent to the collection, use and disclosure of their personal information in an increasingly digital age. The OPC has released a (“Report”) on considerations related to “enhancing” the consent model under the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and a inviting all interested parties to answer specific questions related to the Report and also to provide any thoughts on issues raised. The deadline for submissions is July 13, 2016.[1]

The Report – An Overview

The Report considers the approaches taken by other jurisdictions to the issue of consent, including the , and the US approach, as governed by the Federal Trade Commission.

The Report also focuses on challenges that both businesses and individuals face when it comes to providing meaningful consent in an era of Big Data and the Internet of Things (“IoT”):

The consent model of personal information protection was conceived at a time when transactions had clearly defined moments at which information was exchanged. Whether an individual was interacting with a bank or making an insurance claim, transactions were often binary and for a discrete, or limited, purpose. They were often routine, predictable and transparent. Individuals generally knew the identity of the organizations they were dealing with, the information being collected, and how the information would be used…[N]ew technologies and business models have resulted in a fast-paced, dynamic environment where unprecedented amounts of personal information are collected by, and shared among, a myriad of often invisible players who use it for a host of purposes, both existing and not yet conceived of. Binary one-time consent is being increasingly challenged because it reflects a decision at a moment in time, under specific circumstances, and is tied to the original context for the decision, whereas that is not how many business models and technologies work anymore.

The Report goes on to offer several possible solutions to the problems in the current consent model and poses questions for reflection for the public consultation process.

 

The Suggested Changes

While noting that “[c]onsent should not be a burden for either individuals or organizations, nor should it pose a barrier to innovation and to the benefits of technological developments to individuals, organizations and society”, the OPC’s proposed “enhancements” to consent will likely cause concerns for business.

A great deal of the focus in the proposed reform revolves around creating processes that simplify complicated concepts such that individuals will be able to readily comprehend and appreciate the purposes to which their personal information may be put.

The proposed solutions are intended to address several specific challenges, including making informed consent and information related to privacy preferences more readily comprehensible individuals, creating “no-go zones” or “proceed with caution zones” to protect particularly vulnerable groups in high risk sectors, devising accountability processes that include independent third parties, placing a greater emphasis on fairness and ethical balance with regards to the use of personal information, and stronger regulatory oversight of privacy protection that includes enforcement mechanisms that can be implemented for deterrence purposes.

 

Proposed Enhancements to Consent

The Report advocates for privacy policies that lack opacity and privacy preferences that can be managed with greater ease through the following mechanisms and considerations:

  • Greater transparency in privacy policies – through communicating privacy information at integral points in time to increase the ease with which a consumer can understand the flow of information and utilizing layered privacy policies that are simultaneously inclusive and intelligible.
  • Managing privacy preferences across services – through the use of an independent third party that screens and controls preferences and the related release of personal information.
  • Technology specific safeguards – through built in compliance mechanisms and broadly constructed recommendations for best practices, including comprehensive disclosure requirements to consumers both pre- and post-purchase.
  • Privacy as a default setting – whereby privacy is an inherently integrated component by default.

What this means to business remains to be seen. “Layered” privacy policies will, at a minimum, require most organizations to rewrite their current their policies and add an additional layer of technological administration. The call for “dynamic, interactive data maps and infographics, or short videos” is unlikely to be met with enthusiasm by business, either. While the goal of transparency and readability is laudable, it is doubtful that consumers will spend any more time on these items than they do on existing text-based policies.

The use of an independent third party to manage privacy preferences across devices places the burden for doing so squarely on business. In this proposal, users would associate themselves with a standard set of privacy preference profiles offered by third parties and these third party websites would then vet apps and services based on the user’s privacy profile. It seems unlikely that these proposed third parties would offer this service for free.

 

Proposed Alternatives to Consent

The Report contemplates practicable alternatives to the traditional approach to consent, such as the de-identification of data and types of information that may not necessarily require consent, as well as the necessary changes to the applicable legislative framework that may be required for implementation.

  • De-identification – While the anonymization of information necessarily strips it of the contextual factors related to personal information that necessitate consent, the increasing sophistication of both data sets and the methods for analysis leave concerns about the value of this approach as a privacy protection mechanism.
  • “No-Go Zones” – Areas or zones of personal information of vulnerable groups whose data would be subject to a limited level of processing or potentially a complete prohibition.
  • Legitimate Business Interests – Situations in which personal data could be processed for a legitimate purpose that would no longer require consent unless another fundamental right necessarily required it.

 

Proposed Governance Considerations

The Report advocates for a greater level of accountability associated with ensuring the adequacy of privacy protections, encouraging transparency and assuring that best practices are being implemented consistently. This would include codes of practice that function to create transparent obligations and suggestions for best practices by using privacy trustmarks to create accountability mechanisms by which regulators can evaluate and designate organizations as compliant, as well as ethical assessments and autonomous organizations with specifically delineated goals focused on protecting the privacy of individuals.

 

Proposed Enforcement Models

While the Report considers situations in which self-regulation at both the industry and organization level may be appropriate, it also strongly suggests that there is a need for independent oversight, with accountability facilitated through fines and the ability to create orders, as opposed to recommendations, in order to maximize effectiveness. While independence is seen as the cornerstone of any regulatory body in the future for ensuring privacy and meaningful consent, the Report focuses on a proactive compliance model that would serve a stronger deterrent purpose than that of the OPC as it exists today.

 

What Does this Mean for Businesses?

In the era of the IoT and Big Data, traditional conceptualizations of consent processes no longer necessarily apply. The OPC has expressed concerns about opaque consent processes that individuals don’t actually read or comprehend, and has indicated that the solution to this may include sector specific regulation on the collection and use of data as well as the associated consent processes utilized in obtaining personal information. Many businesses may need to both re-visit and re-word existing privacy policies and consent protocols in order to increase transparency, as well as the accessibility and intelligibility of the policies surrounding data and the purposes to which personal information will potentially be put.

 

© McCarthy Tétrault LLP

 

is Counsel in McCarthy Tétrault’s National Technology Group. is an Associate at McCarthy Tétrault Toronto.

 


[1] Editor's note: The deadline has been extended to July 31, 2016.

The post Privacy Commissioner Seeks Public Input on Consent Model appeared first on IPOsgoode.

]]>
Privacy Commissioner Targets IoT Health Devices in Sweep /osgoode/iposgoode/2016/05/03/privacy-commissioner-targets-iot-health-devices-in-sweep/ Tue, 03 May 2016 18:46:07 +0000 http://www.iposgoode.ca/?p=29167 The re-posting of this article is part of a cross-posting agreement with CyberLex. What rumours is your fitness tracker spreading about you? In its latest Internet of Things themed sweep, the Office of the Privacy Commissioner of Canada reviews what personal information is being collected about Canadians by “smart” health and fitness devices. Many of […]

The post Privacy Commissioner Targets IoT Health Devices in Sweep appeared first on IPOsgoode.

]]>
The re-posting of this is part of a cross-posting agreement with .

What rumours is your fitness tracker spreading about you? In its latest Internet of Things themed sweep, the Office of the Privacy Commissioner of Canada reviews what personal information is being collected about Canadians by “smart” health and fitness devices.

Many of us will remember Time Magazine’s audaciously titled September 2013 issue, which splashed the following headline across its cover page: “Can Google Solve Death?”

At the time, there were more than a few skeptics who might have dismissed Google’s investment in Calico, a biotech subsidiary, as another moonshot investment by the tech giant or as part of a long-term expansion strategy.

Fast-forward less than three years. Regulators continue to play catch-up with the burgeoning industry at the intersection of data analytics and user-generated personal health data. The ballooning number of connected devices that make up the so-called internet of things (“IoT”) has accelerated in scale at a heart-clutching rate. The Office of the Privacy Commissioner of Canada (“OPC”) quoting estimates that, by 2020, there will be between 20 and 30 billion connected devices.[1] While devices that generate data specific to the function and use of the human body represent a subset of these devices, it is hard to deny the growth in the sophistication and potential use (and misuse) of the datasets generated from users’ health and biometric data.

Connected health technology has come a long way since the days of telephonic medical alert systems infamously portrayed in infomercials featuring “help, I’ve fallen” pushbutton necklaces. While application driven smart-phones, watches and fitness wearables are top of mind, the healthcare industry has adopted a range of smart devices that quietly gather and amass a steady stream of data about their users: baby monitors, respiratory and glucose meters, scales, pillboxes, thermometers, contact lenses, heart-monitors, and even band-aids are but a few of the previously inert devices that have become IoT-enabled. For individual consumers, health practitioners, and public health officials, there are extremely compelling use cases to prevent regulatory authorities from stifling the innovation in this sector. For individual patients and clinicians, the devices open what was previously a black-box allowing insight into the lives of individuals outside a clinical setting. The data gathered will enable the healthcare industry to open new service lines focusing on early detection and intervention as well as ongoing health monitoring. Similarly, public health authorities can benefit from large-N data-mining that could potentially offer new insights into determinants of disease, healthy aging processes, and general population wellness.

However, without adequate regulation the (mis)use cases for health data are equally compelling. Digital archives of health data represent new targets for data-breaches and fraud. While the OPC singles out harm to dignity and the integrity of the human body as coordinate reasons for the special protection it affords to leaks/exposures of health data, it has also identified two particular concerns that arise from the proliferation of health data: threats to individual users’ future insurability and employability.[2]

 

IoT Health Devices Raise Multiple Concerns

The cross-border fluidity of data, the proliferation of health data start-ups, the lack of consumer awareness, and the dangers of misuse of health data have not gone unnoticed by the OPC. Last week, the OPC announced that as part of the Global Privacy Enforcement Network (“GPEN”) review of IoT devices, the focus of the OPC’s 2016 “sweep” would be health devices.

In order to build a clearer picture of the practises of Canadian businesses the OPC declared that between April 11th and 15th, 2016 it would be testing products, examining privacy information published on businesses’ websites, and directly petitioning businesses for responses to specific privacy-related questions.

As in previous years, the 2016 sweep is part of a coordinated effort by the OPC as a member of GPEN to increase public and business awareness of privacy rights and responsibilities, encourage compliance with privacy legislation, identify concerns that may be addressed through targeted education or enforcement, and enhance cooperation among privacy enforcement authorities.[3] GPEN is an OECD organization composed of local data protection authorities of certain participating member states. Though members of GPEN do not rule out either further follow-up with, or enforcement action against noncompliant businesses, the OPC has stated that it does not consider the sweep an investigation, nor does it conclusively identify compliance issues or possible violations of privacy legislation through a sweep alone.[4]

Those readers who have been monitoring communication from the OPC will not be surprised by the focus of the sweep. In its June 2015 report, “The OPC Strategic Privacy Priorities 2015-2020”, the OPC identified “The body as information” as one of its four main priority areas and pledged to both “conduct an environmental scan of new health applications and digital health technologies being offered on the market and research their privacy implications”.[5] The OPC has stated that it believes the human body to be the “vessel of our most intimate personal information”, and, as such, will strive to promote respect for its privacy and integrity. In its strategic plan the OPC drew particular attention to biometric data associated with wearables as well as data gathered from direct-to-consumer genetic testing products and services.

 

Misuse of Health Information

Legislative activity reflects the increasing concern over the use and misuse of health information. Bill S-201, as adopted by the Canadian Senate on April 14th, is expected to provide a measure of much-needed protection against discrimination on the basis of genetic characteristics. In addition to amending the Canadian Labour Code, the Canadian Human Rights Act, the Privacy Act, and the Personal Information Protection and Electronic Documents Act (“PIPEDA”) to protect against genetic discrimination, the bill introduces a Genetic Non-Discrimination Act, which makes it an offence for a service provider to collect or use the results of a genetic test of an individual without that individual’s written consent.

However, even in countries where genetic discrimination protections are already enshrined in law, insurance firms continue to intensify investment in IoT analytics. For instance, as regards health-related services, between 2014 and 2015, there has been an acceleration in the use of data from health and fitness monitors by insurance companies with the percentage of firms having launched or piloted health and fitness IoT-connected insurance initiatives rising from 10% in 2014 to 39% by 2015.[6]

Businesses engaged in either the collection or use of such information should be aware that the results of the sweep will, in the medium term, likely be incorporated in new OPC guidance that will identify standards for privacy protection in products and services as well as new “no-go” zones for data collection.[7] The OPC has identified several horizontal, cross-cutting strategic concerns which it has stated it will apply to IoT devices and services:

  1. Exploring innovative and technological ways of protecting privacy;
  2. Strengthening accountability and promoting good privacy governance;
  3. Protecting Canadians’ privacy in a borderless world;
  4. Enhancing the OPC’s public education role; and
  5. Enhancing privacy protection for vulnerable groups.

As regulators continue to fine-tune their approach through information gathered in exercises like the 2016 sweep, businesses that gather, trade-in, or use health data should be monitoring both changes in the regulatory landscape as well as the wider technological environment. For instance, today’s means of de-identifying health data by scrubbing personally identifying information or pseudo-anonymizing individual users through the use of standard cryptographic methods like a hash may not be enough to protect the sensitive data that is at the heart of the OPC’s interest in the “body as information”.

Businesses cannot think of the information that they gather and warehouse as having a ‘static’ risk profile. Over time, as use cases for health data and the analytical tools available to businesses become increasingly mature, we expect to see a commensurate growth in the capability of third parties (or poorly governed business units) to ‘link’ today’s privacy compliant data with offline and online datasets to recreate an identifiable profile of a de-identified or pseudo-anonymous person.

In the more mature retail environment, the Massachusetts Institute of Technology was recently able to use de-identified credit card purchase information from a 1.1 million person dataset to match 90% of the cases to specific publicly available information on social media sites such as LinkedIn, Facebook, Twitter, and Foursquare.[8]

Similarly, businesses should continue to appraise on an ongoing basis both the validity of end-user consents and the capability of users to access and correct health data as new use cases for the data are piloted.

© McCarthy Tétrault LLP

 

Justin Shoemaker is an articling student at McCarthy Tétrault Toronto.


 

[1] Canada, Office of the Privacy Commissioner of Canada, The Internet of Things: An introduction to privacy issues with a focus on the retail and home environments, (February 2016) online:
[2] Canada, Office of the Privacy Commissioner of Canada, The OPC Strategic Privacy Priorities 2015-2020: Mapping a course for greater protection, (June 2015) online:
[3] Canada, Office of the Privacy Commissioner of Canada, Canada examines health devices during 2016 “Internet of Things” global privacy sweep, (Gatineau, Quebec: April 11, 2016) online:
[4] Canada, Office of the Privacy Commissioner of Canada, Results of the 2015 Global Privacy Enforcement Network Sweep, (Gatineau, Quebec: September 2, 2015) online:
[5] The OPC Strategic Privacy Priorities 2015-2020, supra note 2.
[6] Accenture, “Digital Insurance: Reimagining Insurance Distribution” (2015), online: .
[7] Ibid.
[8] The Internet of Things: An introduction to privacy issues with a focus on the retail and home environments, supra note 1.

The post Privacy Commissioner Targets IoT Health Devices in Sweep appeared first on IPOsgoode.

]]>
The Internet of Things: Guidance, Regulation and the Canadian Approach /osgoode/iposgoode/2015/11/27/the-internet-of-things-guidance-regulation-and-the-canadian-approach/ Fri, 27 Nov 2015 17:27:50 +0000 http://www.iposgoode.ca/?p=28356 The re-posting of this article is part of a cross-posting agreement with CyberLex. The Internet of Things (IoT) has been identified as a disruptive technology, bringing with it both the promise of seamless interconnectivity of devices and, the flip side of that interconnectivity, single-point vulnerability of multiple systems. While businesses rush to embrace the technology, […]

The post The Internet of Things: Guidance, Regulation and the Canadian Approach appeared first on IPOsgoode.

]]>
The re-posting of this is part of a cross-posting agreement with .

The Internet of Things (IoT) has been identified as a disruptive technology, bringing with it both the promise of seamless interconnectivity of devices and, the flip side of that interconnectivity, single-point vulnerability of multiple systems. While businesses rush to embrace the technology, the regulators have begun considering the issues raised byit.

 

What is the Internet of Things?

The “Internet of Things” is a phrase that refers to everyday products that are connected to the internet that can send and/or receive communications from other devices. It includes internet-enabled products such as thermostats, fitness trackers, watches, cars, light bulbs, washers and dryers or even toasters and toothbrushes.[1]On a larger scale, it can include industrial controls and factory machinery.

The Internet of Things is expected to have an economic impact of $3.9 trillion to $11.1 trillion per year by 2025, which will represent up to 11% of the world’s economy.[2] The world’s largest manufacturers have already jumped onboard the Internet of Things, but as with any disruptive industry it will take a few years for the regulatory frameworks to catch up.

With this new industry comes a host of new legal issues. Some areas of law that will be affected by the Internet of Things include: security, privacy and competition law. Regulators may introduce minimum security protocols for IoT devices since breaches of security can lead to more direct and physical effects on a consumer’s safety. Privacy also becomes exponentially more important since the amount of information about an individual’s life will increase as more products become internet-enabled. Consumers of these products will demand more control over their private information, while companies will want to store that information for commercial purposes. Competition will also be an issue as the big technological players attempt to standardize and control the frameworks that connect these devices through patenting these technologies and seeking exclusive commercial deals.

The Internet of Things can help make society more effective, safer and greener so it is important that these future regulations strike a proper balance between supporting helpful innovation and protecting consumers. It is also important that these future regulations be in accordance with international approaches, since asymmetric regulations can lead to increased regulatory compliance costs to enter the Canadian market and they can also increase the barriers of Canadian companies to enter the global markets.

As of yet, there have not been any direct regulatory adjustments to deal with these unique issues. However, there have been committees established and meetings taking place around the world to deal with the Internet of Things. Businesses that have begun to embrace Internet of Things technologies, whether in their products or as part of their manufacturing processes and controls, should pay close attention to the increasing activity of regulators in this area.

 

The European Union

The European Commission, the executive body of the European Union, has created the “Alliance for Internet of Things Innovation” (“AIOTI”). The European Commission has suggested that future regulations must focus on security, privacy, consumer protection, functioning competition and choice.[3]

The European Commission released a report based on a public consultation on the Internet of Things.[4] The public consultation found, amongst other things, the following:

  • Privacy: Industry representatives wanted to see no changes to current privacy laws to help promote innovation, while the majority of consumers and consumer organizations considered the current privacy regulations inadequate and wanted to see IoT-specific Data Protection Impact Assessment guidelines. In addition, consumers thought that they should be in control of their data and wanted stronger enforcement for privacy breaches.
  • Security and Safety: Industry representatives wanted to see no changes to the current security requirements and did not want to see overregulation. Consumers, on the other hand, wanted to see the creation of guidelines and standards for security to ensure data confidentiality, integrity and availability in an IoT context.
  • Competition: The majority of respondents agreed that IoT devices should inter-operate to promote competition and service innovation. Industry leaders, however, pointed out that non-interoperable vertically-integrated systems should not be prevented by legislation, especially in non-consumer facing products.

 

The United States

In January, 2015, the Federal Trade Commission released a on the Internet of Things. The report was prepared in conjunction with leading technologists, academics, industry representatives and consumer advocates. This report focused on the issues of privacy, security and whether legislation is required to regulate the Internet of Things. The report suggested the following:

  • Privacy: The report suggested that companies practice “data minimization” which involves limiting the collection of data and the time that data is held for the period of time it needs to be used.
  • Security and Safety: The report recognized that security in the context of the Internet of Things is becoming more important. Namely, the report outlined the various ways that security breaches can lead to real-life safety concerns. [5] The report suggests that companies should prioritize the building of security into devices, should train employees adequately, should ensure that contractors can maintain security, and should monitor devices and report to the consumer when security breaches are detected.

The reports suggests that IoT-specific legislation would be premature at this point. Instead, the report suggests that broad security and privacy legislation should be introduced to deal with these matters while remaining flexible enough to adapt to technological innovations.

 

The Canadian Approach

It remains to be seen how Canada will adapt to a world of connected devices. From the reports created in the EU and US it is apparent that there will be tension in the creation of new regulatory frameworks since these have the potential to stifle innovation and increase business costs. Nonetheless, the security, privacy and competition implications of the Internet of Things are equally apparent. Companies should ensure that they are continually monitoring and improving their privacy and security practices to stay in front of any legislative changes. In the long run, this will decrease compliance costs and help gain the trust of consumers.

The federal Privacy Commissioner has taken what it describes as a “keen interest” in the problems associated with the Internet of Things and notes that is conducting various research projects related to the Internet of Things.[6] In June, 2015 Privacy Commissioner Daniel Therrien in his submission to the House of Commons Standing Committee on Industry, Science and Technology said that his Office planned to release “several reports on the Internet of Things”.[7]

While no reports have been forthcoming, the Privacy Commissioner reiterated his Office’s interest in and concern with the Internet of Things,[8] noting specifically that in Spring, 2016, it will produce a “discussion paper” outlining the various challenges associated with the current consent model, explore potential solutions, such as industry codes and other forms of self-regulation, and enhanced regulation. While these are not specific to the Internet of Things, the Internet of Things, and IoT-enabled devices, will be included.

The Privacy Commissioner also anticipates “provid[ing] guidance to businesses and technology developers on how to build privacy protections into products and services; and educate users on the privacy risks associated with wearable devices” and other connected technologies.

 

© McCarthy Tétrault LLP

is Counsel in McCarthy Tétrault’s National Technology Group. is an articling student in McCarthy Tétrault’s Toronto office.

[1] http://www.wsj.com/articles/SB10001424052702304360704579415161522531046

[2]http://www.mckinsey.com/insights/business_technology/the_internet_of_things_the_value_of_digitizing_the_physical_world

[3] Internet of Things: the next revolution, CONNECT Advisory Forum, the European Commission, at page 10.

[4] Report on the Public Consultation on IoT Governance, January 16, 2013.

[5] For more examples, see the list of possible security concerns released by the FBI: .

[6] Yesterday was already tomorrow… The Internet of Things: The need for an adequate information security and privacy framework, Remarks at the Information Security Rendez-vous (ISR) 2014, Montreal, Quebec, May 7, 2014 (Address by Daniel Caron, Legal Counsel, OIPC).

[7] Study on the State of Disruptive Technologies, Submission to the House of Commons Standing Committee on Industry, Science and Technology, June 18, 2015 (Address by Daniel Therrien, Privacy Commissioner of Canada).

[8] National Security and Privacy in 2015, Remarks at the Privacy and Access 20/20 Conference, November 12, 2015,Vancouver, British Columbia (Address by Daniel Therrien, Privacy Commissioner of Canada).

The post The Internet of Things: Guidance, Regulation and the Canadian Approach appeared first on IPOsgoode.

]]>