UK: The Internet Of Things - Part 1: Brave New World

The Internet of Things (IoT) is the network of everyday physical objects which surround us and that are increasingly being embedded with technology to enable those objects to collect and transmit data about their use and surroundings. TVs connected to the Internet and refrigerators connected to online delivery services are just the start of it. In the new world of the IoT, the possibilities are enormous, and the technology industry has so far only scratched the surface of what "machine-to-machine" (M2M) interconnectivity could achieve.

But the ingenuity and innovation which companies will apply to turn the IoT into practical reality is constrained by law and regulation. Existing issues may take on new dimensions and, as technologies combine, so will the legal consequences of those technologies.

In this Alert, we look at the prospects for the IoT. In a second Alert to be published shortly, we examine the likely legal and regulatory factors that will affect the development and growth of IoT technology and the markets that such technology will create.


The phrase "Internet of Things" was first coined in 1999 to mean the connection of everyday objects and devices to the Internet. The idea was that "If we had computers that knew everything there was to know about things – using data they gathered without any help from us – we would be able to track and count everything, and greatly reduce waste, loss and cost. We would know when things needed replacing, repairing or recalling, and whether they were fresh or past their best. We need to empower computers with their own means of gathering information, so they can see, hear and smell the world for themselves, in all its random glory."1

But back in 1999, the technology required to make the IoT concept a reality was expensive, slow, reliant on dial-up Internet and limited by inadequate storage and processing power. Fast-forward 15 years, and the landscape in 2014 looks very different. All the key factors have converged to create the ideal conditions to harness the power of M2M connectivity: smartphones, Wi-Fi and broadband connectivity are now ubiquitous; storage capacity "in the cloud" is growing rapidly; sensor technology has developed sophistication while becoming cheap enough to deploy in almost any location; and data handling technology makes it possible to process large volumes of data in real time.

Coupled with improvements in the ability to process and analyse vast qualities of data – i.e., "Big Data" – the possible applications for Internet-connected devices are seemingly endless. Imagine stepping through your front door to find that your watch has downloaded to your computer details of your heart rate, pulse and vital signs, the thermostat has turned the heating up because of the cold weather outside, the bath has run automatically, and that later, while you sleep, your baby's clothes monitor her breathing and heart rate while she sleeps. All of this technology is now available, although, in some cases, still at considerable cost: Wi-Fi-enabled Internet fridges currently cost a cool $3,700 (£2,300).

The uses of the IoT in a commercial context are also exceptionally wide-ranging: ATM data can be used to provide location-specific advertising to consumers via their smartphones, logistics companies can provide real-time parcel tracking services, and motor insurance providers can use telematics to monitor driving behaviour in order to charge tailored premiums.2 The IoT also looks set to revolutionise other sectors, including health care, with hospitals providing care via remote monitoring systems, and energy, with the advent of so-called "smart metering".

As with previous waves of technology revolution, the consequences for business will be significant, in ways that are both foreseeable and unforeseeable. Just as the DVD destroyed the market for VHS movie rentals, the huge rise in Internet-enabled TVs seems likely to have the same effect on DVD sales as downloadable video-on-demand becomes ubiquitous. Other outcomes of connecting physical objects in the IoT are harder to predict: not only will existing functionality of separate objects be strengthened by M2M, but new functionalities will be created.


The IoT looks set to be the focus of government attention. In a recent speech at Europe's CeBIT tech conference, UK Prime Minister David Cameron announced that the British government would be spending an additional £45 million in funding for research in areas linked to the IoT, which, following a series of other funding announcements in this area, takes the total pot to £73 million. Mr Cameron stated: "I see the internet of things as a huge transformative development - a way of boosting productivity, of keeping us healthier, making transport more efficient, reducing energy needs, tackling climate change" and Sir Mark Walport, the UK government's chief scientific adviser, is now expected to carry out a review into how these new technologies can be best exploited.

The EU has carried out extensive consultation on the development of the IoT, and the U.S. government, through the Federal Trade Commission, is also tracking the evolution of the market and technology in the sector.


The market for the IoT is still in its infancy and there are many challenges involved in deploying a solution. As with any eye-catching new technology, a lot of the hard work that goes into implementation often goes unnoticed.

In the case of the IoT, organizations will have to overcome significant initial hurdles in order to ensure that the solutions adopted are legally appropriate. In many cases, these include a number of the issues that are traditionally seen to be "outsourcing" type problems – e.g., implementing a scheme of contractual relationships necessary to implement and support the technology; choosing whether to partner with a service provider in order to develop and implement a particular solution; and determining whether and how to use an external agency to harness the necessary computing power to implement fully the solution.

One key internal issue that many organizations will also have to address is the question of who within the business is actually responsible for implementation of the IoT as a product solution. A lot of the tasks required for IoT implementation will fall within the traditional roles of a business's ICT leaders, even though the solution itself may be customer-facing. As a result, technology leaders within businesses will need to be heavily involved in evaluating and developing solution requirements. This will continue the progression of the CIO role from overseeing internal enterprise architecture towards an outward-facing role.

Implementation of the IoT will also involve many of the operations parts of a business and this will need to be split appropriately within the architecture that the business employs. The question will be what solutions can be implemented as part of an overall scheme that is flexible enough to work with the types of devices and operating systems that a business has to deploy. Many of the end-to-end solutions that IoT requires involve the following key functions:

  • Device and infrastructure management platform. The IoT requires operators to be able to operate software on devices remotely, without taking the network of sensors out of service. Clearly, where this is performed remotely, security of the device and infrastructure management platform will be crucial.
  • Data Filtering. The IoT relies on sensors that produce vast amounts of data, but not all data will be relevant to any given application. Accordingly, a key challenge facing developers of IoT solutions is how to identify the thresholds and configurations to process only the data that is necessary for a specified purpose, and filter out the data that isn't relevant.
  • Analytics Platform. This is necessary to manage the huge volume of streamed data collected from remote sensors and devices and manipulate it in real time. This may well be integrated with an organisation's approach to "big data" elsewhere in its business. But, whatever the platform (and whether internally provided or outsourced), it should be set up to work with data from different device types and locations and configure it in a way that is useable by the business.
  • Security. If the IoT has a weakness, it's security. Dealing with issues of privacy and data security is essential. Precautions against misuse if data need to be baked into IoT solutions from the outset.
  • Integration. The efficiency and performance of any IoT solution will often depend on the connectors that enable applications to collect and analyse the data and engage in two way communication with the remote sensors where necessary.

The fact that technology is rapidly evolving and the relevant industry players are still changing means that future flexibility is also something that businesses need to focus on. Most large technology businesses have an established approach to the market and, while the first wave of solutions may well be focused on a particular application, businesses should invest wisely to ensure that the same sensor network and data infrastructure can be deployed to take on multiple applications.

The IoT has great potential to generate new sources of revenue, improve efficiencies and allow businesses to both increase profits and cut costs. While it is the internet-enabled products that catch the eye, it is longer term investment in the underlying technology infrastructure itself that is now required and which will ultimately pay dividends. The easy, media-friendly pin-up for the IoT may be the Internet-enabled refrigerator, but the reality is that the average consumer will replace his or her fridge no more than once per decade – and, most likely, not for improved functionality, just to keep the milk cold.


Apart from humble consumers who might soon start to see practical changes to their daily lives as a result of the IoT, a range of companies in different sectors have already targeted the IoT as a driver of future sales.

If the trajectory of the IoT proceeds in the same way as other disruptive technology developments, the initial winners seem likely to be providers of infrastructure and data centre capacity, as well as microchip designers. Existing businesses with a strong data security element ought to have a key role in the IoT.

Companies that tailor their products to harness IoT capabilities and build in the key elements identified above will be the initial front-runners: so, for example, semiconductors need to continue to evolve in terms of size and power draw as well as enabling functionality to improve connectivity between sensor devices and the cloud, and the continued addition of new devices; infrastructure providers need to integrate their products for maximum flexibility while still ensuring significant levels of data security.

Consumer product manufacturers are perhaps the most obvious potential beneficiaries of the IoT as long as they can devise and roll-out IoT-enabled products whose functionality consumers want to pay for. But if history teaches us anything, it may be that, just as software giants became more valuable than the hardware sellers that capitalized on the first wave of the computing revolution decades ago (Microsoft vs IBM, anyone?), the long-term winners are less likely to be today's major consumer product brands and more likely to be the companies that master and monetize the data to create entirely new markets.

Indeed, Google's $3.2 billion purchase of connected thermostat producer Nest in January 2014 shows that the real market for IoT may take shape in ways that we cannot yet anticipate. That acquisition was less about a cool thermostat and more about disrupting the entire energy supply industry. If the Google and Nest combination can develop a product that proactively saves its users money on their home energy bills by juggling user and utility interaction and harnessing usage data, that puts Google in a strong position to continue its disintermediation efforts into a whole new sector.


The opportunities of the IoT are great, but so are the challenges. The combination of technologies and data multiply the potential legal and regulatory issues.

In a follow-up Alert, we will assess the legal and regulatory factors that will affect the development and growth of IoT technology and help to shape the markets that such technology will create.



2 For more on telematics, see our June 2013 Alert Monitoring Your Own Behaviour – Guidance for Insurers on the Use of Telematics

Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Morrison & Foerster LLP. All rights reserved

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

D. Reed Freeman, Jr.
Alistair Maughan
In association with
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at and we will use commercially reasonable efforts to determine and correct the problem promptly.