Little Things and Big Challenges: Information Privacy and the Internet of Things

Abstract

IntroductionThe Internet of Things (IoT) is part of our lives in countless ways- some are welcome and intentional, such as trackable fitness devices, home security alert systems, or cars that can be unlocked and started remotely; others are unintentional and may cause concern to consumers, such as connected toys that can listen to our kids, or technologies capable of tracking our whereabouts or our shopping habits without our knowledge. The rapid growth of the IoT has prompted incredible technological advances along with thorny regulatory issues, specifically in the area of information privacy. Traditional regulators of privacy, specifically the Federal Trade Commission (FTC), have stretched to apply traditional tools to regulate unprecedented technological advances and the privacy challenges they bring. An analysis of the latest FTC cases and outcomes reveals an independent agency retooling investigative and enforcement methods and priorities to establish new expectations for how fair information practices and principles will be applied to new technologies.The FTC, like the technological advances it has stretched to keep pace with, has been increasingly progressive in its recent decision-making terminology. This Article uses recent, seminal FTC cases and outcomes to demonstrate how the FTC has developed a new information privacy framework, most recently expressed as the concept of "unfair tracking," by modifying traditional legal concepts. The FTC has significantly expanded its role as the primary reviewer of information privacy matters raised by the IoT, while attempting to balance a philosophy not to impede the advance of the technology comprising the IoT. This Article reviews recent FTC efforts to regulate the IoT and provides critical commentary on how the FTc might proceed.To best understand the genesis of recent FTC actions on IoT data collection, Part i describes what makes up the ioT, how pervasive the ioT has become in our lives and, perhaps most importantly, how it will continue to innovate at a rapid pace. Parts II and III of this Article describe some unprecedented benefits and unprecedented challenges confronting regulators of information privacy in today's IoT age, including how to protect individual privacy rights without undermining innovation and the promise the connected world of the IoT brings.Part IV provides an in-depth critical review of four key FTC cases attempting to strike this sort of balance: In re Nomi Technologies, Inc.,1 United States v. InMobi Pte Ltd..,2 In re Turn, Inc.,5 and FTC v. VlZIOi Initially, the FTC applied its traditional section 5 "deception" jurisprudence in a novel way to advance traditional notions of privacy, but it has recently transitioned to a new paradigm in the form of a cause of action for "unfair tracking," starting with VIZIO. However, this Article concludes that this new standard could prove either too anemic or, alternatively, overbroad, without proper shepherding by the FTC. It is only with proactive guidance to supplement its traditional reactive enforcement that the little things of the IoT can overcome the big information privacy challenges the IoT creates.I. IoT: A Big Connection of Little ThingsThe term "Internet of Things" (IoT) has been defined in a variety of ways. In the broadest sense, the phrase "encompasses everything connected to the [I]nternet, but it is increasingly being used to define objects that 'talk' to each other."5 A simple definition of the IoT is "the concept of basically connecting any device with an on and off switch to the Internet (and/or to each other)."6 Oxford Dictionaries define it as "[t] he interconnection via the Internet of computing devices embedded in everyday objects, enabling them to send and receive data."7 Others define the IoT as "the ability of one device to connect to other devices through wireless data infrastructure"8 or "a system of devices and things that are implanted with sensors, software and electronics to initiate the exchange and collection of data and information. …