The Internet of Things (IoT) has emerged as a vast network of interconnected devices that communicate and exchange data in real-time. This technology has transformed nearly all industries, from healthcare to transport to manufacturing, among many others. However, as the number of IoT devices increases, concerns about privacy and security have emerged, as well as the need for appropriate regulations. Following are the five most recent legislative actions regarding the Internet of Things.
The Internet of Things Cybersecurity Improvement Act of 2020
The Internet of Things Cybersecurity Improvement Act of 2020 seeks to establish minimum cybersecurity standards for IoT devices that the Federal Government utilizes. The Act requires IoT devices purchased or used by Federal agencies to meet specific IoT security criteria, such as patchable and updatable software, secure data transmission, and a lack of default passwords. This legislation aims to make IoT devices necessary for government operations and to increase security for federal infrastructures that use IoT. Although it does not require private companies to follow the same security standards, the law’s intention is to stimulate security standards while taking advantage of IoT's beneficial aspects of governmental operations.
The General Data Protection Regulation (GDPR)
The European Union adopted the General Data Protection Regulation (GDPR) on May 25th, 2018, to set guidelines for how personal data is collected, processed, and stored by companies operating within the EU or offering goods and services to the region. THE GDPR significantly impacted IoT technology because it equips individuals with a greater amount of privacy data when IoT technology collected information involves identifying individuals.
The California IoT Security Law
The California IoT Security Law is designed to enhance IoT device security levels by requiring IoT device manufacturers to supply reasonable security provision for their products. These products should be built with appropriate means for authentication, confirmation of appropriate user access, and protection from known vulnerabilities that may present a risk to the device, system or information it is connected to.
The IoT Marketplace
The IoT Marketplace is a critical development in legislative action aiming to create more transparency regarding the IoT devices’ security status, particularly in relation to their security features, permitting customers to assess whether or not the provided level of security meets with their requirements. The IoT Marketplace refers to vendors who are providing IoT solutions and their purchasing channels. The IoT Marketplace may additionally simplify constraining security or privacy risks that may arise from utilizing IoT applications or devices.
The United States Senate “Developing Innovation and Growing the Internet of Things” (DIGIT) Act
The United States Senate first introduced the “Creating Innovation and Growing the Internet of Things” (DIGIT) Act in 2017. The DIGIT bill aimed to establish a joint operating committee to provide guidance to the US Congress regarding how the country should inform or promote IoT development to ensure coherence with safe, reliable IoT infrastructure. The Bill would have allocated money and position towards IoT research in the hopes of promoting innovative IoT development. Although the Bill did not pass, it emphasized the importance of having regulatory agencies involved in IoT affairs.
Legislative actions contribute to the development of IoT security, regulation, and privacy. They establish the minimum standards for IoT device security, set guidelines for the processing, storing and collecting of data, and provide for security measures by IoT device manufacturers. As governments continue to consider the impact of IoT technology, the regulatory frameworks considering IoT privacy and security will increase in importance, and additional legislative action will likely emerge.