A press release by the European Commission outlines key changes, including:

• easier access to your own data: individuals will have more information on how their data is processed and this information should be available in a clear and understandable way;
• a right to data portability: it will be easier to transfer your personal data between service providers;
• a clarified "right to be forgotten": when you no longer want your data to be processed, and provided that there are no legitimate grounds for retaining it, the data will be deleted; and
• the right to know when your data has been hacked: companies and organizations must notify the national supervisory authority of serious data breaches as soon as possible so that users can take appropriate measures.

Recognizing that diversity is not advantageous when it comes to regulations regarding privacy and data protection, the EU “one continent, one law” approach is the right one. These regulations will establish one single set of rules which will make it simpler and cheaper for companies to do business in the EU.

Concerns Elsewhere

Regulations in North America (United States, Mexico and Canada) and Australia are similar, but in many cases decided regionally by states or provinces. In some cases, there are little to no laws regarding privacy and disclosure of breaches.

Although not law, the U.S. Federal Trade Commission issued a report in early 2015 entitled Privacy and Security in a Connected World in an attempt to suggest some guidelines. Similarly, the Office of the Privacy Commissioner of Canada has published the Privacy Toolkit: Canada’s Personal Information Protection and Electronic Documents Act, a 42-page booklet of recommendations. Mexico has a policy of requiring “personal data officers” at business entities handling personal data to handle enforcement of notification and opt-out policies, but little regulation is in place requiring any specific forms of encryption, trust or discretion. 

Australia has some catching up to do, with the Privacy Act of 1988 and the Telecommunications Act of 1997 being the primary legislation in place.  It should be noted that New Zealand, Singapore and Japan, along with Qatar, Saudi Arabia and the UAE, are in similar states of partial regulation and enforcement as the United States, Canada, Mexico and Australia.

Outside of these countries already discussed, little to no regulations exists regarding privacy and data protection.  Much of Asia, South America and the Middle East have little to no regulations in place.

For IoT device manufactures, carriers and digital service providers the hodge-podge of regulations creates a formidable challenge to creating devices, communications infrastructure and software applications that can comply with laws and policies on a global scale.

Challenge Three – Creating Valuable Services

Perhaps McKinsey’s latest study entitled, “Unlocking the Potential of the Internet of Things,” says it best when it comes to the final challenge of spinning IoT into gold and summarizing this massive commercial potential.

“The Internet of Things will change the bases of competition and drive new business models for user and supplier companies. The Internet of Things will enable – and in some cases force – new business models. For example, with the ability to monitor machines that are in use at customer sites, makers of industrial equipment can shift from selling capital goods to selling their products as services. Sensor data will tell the manufacturer how much the machinery is used, enabling the manufacturer to charge by usage. Service and maintenance could be bundled into the hourly rate, or all services could be provided under an annual contract. The service might also include periodic upgrades (software downloads, for example). Performance from the machinery can inform the design of new models and help the manufacturer cross-sell additional products and services. This “as-a-service” approach can give the supplier a more intimate tie with customers that competitors would find difficult to disrupt.”