INTERNET OF THINGS: LEGAL Perspective-Risk & Challenges

9th June -Internet of Things- Legal challenges and What a company should do

For people new to the technology and its possibilities, it sounds just like the thing out of a sci-fi movie, or one of the ideas borrowed from George Orwell’s famous Novel “1984”. The concept is certainly path-breaking, to say the least, but at the same time it instils a fear akin to the one outlined in 1984; and technology is growing at an exponential rate such that someday man would be reduced to a submissive slave of “intelligent” technology – we have intelligent houses, cars, electronic appliances, and even toilets. These are a few examples of what is currently gaining popularity as the Internet of Things – a collection of everyday physical objects that are interconnected through the internet to create a larger network system, sending and receiving data among each other to function in harmony. For eg, there are wearable gadgets that monitor your vitals like pulse; and smart security systems that lock the house automatically at a pre-set time; or machine to machine communication where you can have your car’s controls accessed via your mobile phone, and so on. IoT is taking up a vital pace in the market, and many big players are entering the domain, given its tremendous potential of growth and profits. It integrates several technologies and communication systems, and overlaps various industries like home appliances, medical services, automotive industry, etc. It also raises several legal concerns and challenges at the same time. Jurisdictions across the globe are attempting to frame new regulations and amend the existing ones to adapt to the developments.


  • Privacy and Security: With massive quantities of data flowing between databases, and sensitive information being shared between devices, a profile of the person gets created automatically and is exposed to the risk of privacy encroachments. Information obtained by such interconnected systems get disseminated without seeking express consent of the person at each stage, and it is difficult to curb this if the whole process is to work in a coordinated manner, as the connection and sharing of information is the pre-requisite of such automation.
  • Data Protection: The free flow of data makes it prone to being intercepted and transferred to other databases, and if the in-built security systems are hacked, the personal information may pass on to any outsider. The current Information Technology Law regime addresses data protection through the need for informed consent, and reasonable security compliances that data handlers must follow.
  • Intellectual Property Rights: The functioning of IoT systems rely heavily on interconnection, requiring that the products and technology developed by different companies and industries must pool their innovations and work on an integrated platform. This blurs the boundaries of IPR protected technologies, and creates issues as to what extent of rights each party is entitled to.
  • Data Ownership: When seamless integration of data from various technologies and devices takes place, the question as to who owns the end product (information) created, is an intriguing question. Where a wearable gadget like watch senses the pulse/body temperature and directs the AC to adjust the room temperature to a comfortable level; or where the navigation system in a car could predict to the home appliances when the person would be arriving home, the ownership of the data generated regarding that person (his travel route, time, habits, etc.) become a question of concern. Does the person own the data (because it relates to him) or do the devices (because they created it)?
  • Jurisdiction: The IT world has its own jurisdictional issues, as it cannot be attributed to any limited geographical area; and the advent of IoT only creates a more complex scenario. The jurisdiction in cyberspace is determined on the basis of several considerations like minimum contacts, long-arm statutes, agreements between parties, etc. Since IoT involves the interconnection of various technologies and services of different companies which may be within different jurisdictions individually, the fixing of a common jurisdiction for IoT related disputes would involve various considerations.
  • Deciding Liability: If a consumer dispute arises on an IoT issue, or any injury is caused to a party, it becomes difficult to precisely state which aspect of the interconnected devices malfunctioned, and who is to be held liable. The flow of information is continuous, and it is sometimes not practicable to pin-point where the flaw occurred.



  • Go through laws of a country carefully before expanding into their market; pay attention to laws and regulations on Consumer Protection, Contracts, IPRs, IT Laws, Criminal liability relating to such matters, etc.
  • When entering into collaborative projects with other companies, make sure you liability is limited and not open to expansive interpretation by Courts; also write the Contract with clear terms and conditions as to rights and obligations of each party in the collaboration.
  • While introducing the service in the market, train suppliers and retail sellers to educate customers about the nature of the information that will flow through the device; and how to limit the access to personal information.
  • Put in place efficient and 24×7 customer care services to address grievances and answer queries.
  • Make sure that your contracts with the customers contain all details as to the extent of information that will be accessed and communicated by the device, and that it is accepted by the customer while purchasing the product. Use clear terms and conditions to ensure that customers give an “informed consent”.
  • Use high-efficiency data protection systems to ensure that hackers and third parties don’t compromise your devices to steal information.
  • Engage lawyers to ensure compliance with laws, and consult with the regulatory Authorities, if in doubt regarding any Regulation. Legalresolved lawyers  can  help you in comprehending those legal challenges and provide you a strategy to  Overcome them
  • Introduce internal grievance redressal mechanisms in company; or include arbitration clauses within the contract with customers, to avoid litigations in Court to the best possible extent.



  • Indian Contract Act
  • Information Technology Act
  • Patents Act
  • Internet of Things Policy, 2015, by Govt of India


The above list is far from being conclusive, and only gives a brief view on the legal implications of IoT; the law is still only developing to the needs created by the rapid growth of technology. Legal Policies are created, revised, and amended from time to time, and one must always look up at all concerned legislations and regulations, to have a comprehensive knowledge on the matter.


Still Have Questions?    Please get in touch with us



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s