Why the IoT industry needs to pay attention to ePrivacy Regulation

Why the IoT industry needs to pay attention to ePrivacy Regulation

How is the EU’s ePrivacy Regulation, a companion law to GDPR, likely to impact the IoT industry? David Meyer reports. 

The European Union’s ePrivacy Regulation, currently under development, is controversial for many reasons. A companion law to the incoming General Data Protection Regulation (GDPR), it will extend confidentiality rules for traditional telecommunications players to internet-based services such as Gmail and WhatsApp, and entrench “Do Not Track” anti-cookie preferences in law.

However, due to its scope, the regulation is also likely to have a major effect on the IoT industry. But as for how great of an effect, and what the implications will be, there still remains considerable disagreement.

For the doomsayer side of the argument, look no further than a study released on Thursday by Berlin-based lawyer Niko Härting, for Hunton & Williams’s Centre for Information Policy and Leadership. Härting argues that the ePrivacy Regulation (as proposed by the European Commission) would make life very difficult for anyone providing machine-to-machine [M2M] communications, wearables, connected cars and other IoT services.

Härting raises the example of the Fitbit Surge, a wearable fitness tracker. The regulation explicitly covers the data sent in machine-to-machine communications. However, it defines communications data as being either content such as, but not limited to, text, voice, videos, images, and sound, or metadata about that content.

The Fitbit sends raw data that isn’t text, voice, videos, images or sound, and certainly isn’t metadata about those types of content, but might or might not still be defined as “content”.

Read more: Connected healthcare may violate user privacy, warns Forbrukerradet

Protecting personal data

If it is communications content, then the ePrivacy Regulation would demand consent for its transmission. However, as it is also personal data (data that can be linked with an identifiable individual), it’s also covered by the GDPR, which allows other legal justifications for its transmission, such as the performance of a contract.

So is the Fitbit’s raw data communications content? Does its transmission require explicit consent, or is the contract between the user and Fitbit sufficient? The answers, according to Härting, are worryingly unclear.

“We would get rules that contradict what we have in GDPR, because the GDPR is not consent-oriented,” Härting told Internet of Business. In the GDPR, consent is one of six alternative options for how data processing can be lawful, he points out, “whereas the draft ePrivacy Regulation is totally focused on consent…”

“If this draft comes through, we [lawyers] will get a hell of a lot of new work, because all the processes that are now shaped in a way that are compliant with the GDPR have to be looked at again to see if they comply to ePrivacy. That is crazy,” he adds.

There are other concerns that IoT companies should bear in mind, too. The ePrivacy Regulation would effectively outlaw Wi-Fi and Bluetooth tracking, unless the operators of the tracking services display “prominent notices” at the edge of the covered areas – so no more traffic monitoring on the go, for example.

Again, the GDPR might allow this on the basis of “legitimate interest” that outweighs the interest of the data subjects, so again, there is a potential clash between the two pieces of legislation.

privacy concerns

There’s are important questions around how we protect users’ privacy while making IoT viable

Practical issues

With connected cars, you get both the raw data and Wi-Fi/Bluetooth tracking issues – consider sensor-laden roads that can communicate with connected cars, or the iPhone safe-driving mode that uses connection to a car’s Bluetooth network to establish that the user is in their car. That could mean cars festooned with notices warning of their networks.

And then there’s the consent issue. “The development of any application that enables cars or components to communicate would be burdened with the necessity of creating processes that allow for consent on both ends,” Härting’s analysis reads.

“The transmission of signals from a car to a garage for maintenance purposes would require consent of the owner of the garage as well as the driver’s consent. Whenever there is a new driver, consent would need to be renewed.”

However, the regulation’s champions disagree that it will cause confusion. Jan Philipp Albrecht, the German Green MEP who was the lead rapporteur on the GDPR and is a shadow rapporteur on the ePrivacy Regulation, told Internet of Business that the new regulation’s definition of electronic communications “doesn’t cover everything”.

“There is clearly also the application of ‘electronic communications’ to situations where two machines are communicating with each other, but it has to be in the context of human-to-human communication, between two natural and legal persons,” Albrecht insisted. “M2M can be part of that interpersonal communication… That is to make sure there is no broken link [in people’s privacy protections].”

Read more: Amazon Echo murder case marks the death of privacy as we know it

Interpreting ePrivacy Regulation

Albrecht gives the example of automatic translation services. Without the ePrivacy Regulation’s protection, he says, there “would be a missing link of confidentiality of communication. That is why this whole definition is written in a technically neutral way…”

“Of course that means many other M2M processing activities, [involving] either personal data or non-personal data, is not covered by the ePrivacy Regulation. Personal data would then be only covered by the GDPR, and non-personal data would be covered by none of the privacy rules.”

“People have many misunderstandings and fears about this which may not be appropriate… It’s only data processed in the context of interpersonal communication,” Albrecht adds. “As long as it’s just the procedures between IoT services, you are not in the scope of the ePrivacy Regulation.”

Härting, however, strongly disagrees. “I would love to ask Jan where he finds anything of what he said in the text of the draft regulation.”

“If you search for M2M you will find the recital that clearly states that M2M communication comes into the scope of the regulation.”

Of course, all this refers to the Commission’s original proposal. This week, the European Parliament will vote on its own version of the text, as amended last week by its civil liberties, justice and home affairs (LIBE) committee. And only then will ‘trilogue’ negotiations begin between the Commission, the Parliament and the EU’s member states.

Read more: Privacy and IoT: innovative regulations needed to regulate innovation

The need for clarity

The amendments passed last week in committee don’t necessarily clear up the confusion that IoT services might face as a result of the new regulation, which is supposed to come into effect alongside the GDPR in May next year (although this timescale is looking increasingly unlikely for the slow-moving ePrivacy Regulation). Raw data still doesn’t fall easily into any definition, for example.

And, while an amendment limits the regulation’s applicability to M2M to cases where “the information can be related to the identifiable end-user receiving the information”, that still means consent will be required for many types of IoT. “Smart homes, wearables [and] connected cars will always ‘relate to end-users’,” said Härting.

Legislators dealing with the ePrivacy Regulation may be primarily concerned with issues around cookies, tracking and the modernization of EU law to cope with services like WhatsApp superseding SMS, for example, but there will almost certainly be serious consequences for the IoT industry. So it would be a good idea to pay attention not only this week, but over the coming months.

The post Why the IoT industry needs to pay attention to ePrivacy Regulation appeared first on Internet of Business.

Internet of Business

Check out these 3 AR/VR companies getting investors’ attention

Asian woman using a new virtual reality headset

With the AR/VR sector attracting a significant amount of capital recently, the space has only begun to grow. Here’s a look at the 3 American AR/VR companies that received investment in August:


Venturebeat reported that Immersv raised $ 10.5m USD in a Series A for mobile advertising utilizing virtual reality as well as 360-degree mobile video. Immersv describes itself on its website as “…a virtual reality discovery and advertising platform, founded by the team that created the largest app distribution platform on Facebook and then again on iOS and Android.”  This is the first public round of funding for the Los Angeles based company which a roster that isn’t kidding about its team’s experience.

See also: What Facebook’s F8 AR/VR announcements mean for marketers

Many of the team members at Immersv, including its co-founder and CEO Mihir Shah, are ex-employees of Tapjoy. Tapjoy is another U.S.-based company that provides monetization services for the largest advertisers and mobile app developers. Its services currently reach over 500 million users, so this team knows how to create something viral. The advertising space needs to constantly be changing their business models as the way people consume content is never stale. For the next way of VR content, look to Immersv for monetization.


Techcrunch reported that Sliver.tv raised $ 9.8m USD in Series A led by Danhua Capital to continue developing virtual reality viewing experiences for e-sports fans. According to Sliver.tv’s own website its primary product “is a platform to record, view, and stream top eSports games in fully immersive, 360° cinematic VR video”. Coincidentally, the Head of Product for Sliver.tv, Ryan Nichols, is actually the co-founder of Tapjoy, so he must be quite familiar with the folks over at Immersv.

The platform allows viewers to be placed in the center of the action side-by-side with their favorite e-sports athletes, an experience that can’t be replicated nearly as simply with standard offline sports. Sliver.tv has been having a very successful year starting off with signing deals with ESL & Dreamhack, large organizers of e-sports tournaments in America and Europe, to be partnered for 14 full-scale events. Given that the two co-founders are Chinese along with Danhua Capital being a Chinese/American VC fund, it is possible that this newly raised money could be invested into a Chinese market expansion given it’s the largest one in the world for e-sports.


PR Newswire reported that Matterport raised $ 5m USD in a strategic investment from Ericsson Ventures. This was by no means a growth round for Matterport as it has already raised over $ 60m USD in last four years after going through Y Combinator in Fall 2012. Matterport has created a platform that is designed to quickly understand 3D spaces and render a digital model that is viewable in 2D, 3D, mobile and VR.

See also: Eye tracking in AR/VR — the promise and the perils

According to the PR Newswire report, over 550,000 spaces have been made into digital models accumulating a total of more than 220 million views from all around the world. Ericsson Ventures made the investment to work with Matterport in developing its next generation of products.  These products would use its existing library of data and machine learning to create artificial intelligence that could potentially automatically design, correct, or create 3D models on its own according to Matterport CEO, Bill Brown. Unfortunately it is unknown whether any ex-Tapjoy employees work at Matterport or not.

The post Check out these 3 AR/VR companies getting investors’ attention appeared first on ReadWrite.


Tour de France to use IoT in digital race for spectators’ attention

tour de france uses IoT in digital battle spectators' attention

This year, Tour de France spectators are set to benefit from the use of IoT technologies, big data and machine learning to take their viewing experience up a gear. 

Tour de France technology partner Dimension Data is introducing machine learning in the coverage of this year’s race to give cycling fans around the world a more immersive spectator experience.

Read more: Catapult Sports on wearables in sport, improving player safety and the future of tactical decision-making

Big data on big climbs

The application of machine learning and predictive algorithms will give followers of the Tour de France unprecedented access via the event website and across social media to information on riders’ race positions and likely performance on future stages.

Dimension Data has been measuring a variety of metrics and tracking Tour de France competitors in the past two battles for the yellow jersey. Previous performances on the tour, race statistics across the season and rider profiles built up through five years of tracking are all coming together to power the company’s predictive platform.

That past data will be referenced with real-time race information, using GPS devices installed beneath each bike’s saddle to track the speed, position and the gaps between individual competitors. Added to that is the application of third-party data, with real-time information on weather conditions and the gradients of climbs and descents.

In total, Dimension Data’s solution will create and analyse over 3 billion data points during the 21 stages of the Tour. 

Read more: How the world’s best football club is using beacon technology

Predicting performance

The company believes that its algorithms can calculate the likelihood of possible race events. Although the team stops short of guaranteeing race outcomes, “because anything can happen at a live sporting event,” the #DDpredictor will offer predictions on events such as whether the peloton (the main group or pack of riders) will catch breakaway participants.

These moments are often the turning points that decide stage results, so plenty of competitors’ backroom teams will no doubt be watching with interest, too.

Dimension Data’s Scott Gibson sees it as a way to appeal to a new generation of spectators. “As more technology is introduced into sport,” he says, “the viewing experience is transforming and its popularity increases.”

“What’s especially exciting for us is how we’re helping [Tour de France race organizer] ASO to attract a new generation of digitally savvy fans, and how advanced technologies like machine learning are opening up new possibilities for providing the insights that today’s fans demand.”

Read more: SNCF on track for driverless high-speed trains by 2023

tour de france machine learning with dimension data

Inside Dimension Data’s Big Data Truck

Transforming the Tour de France race experience

Twenty-one days of riding across 3,540 kilometres can make for exhausting viewing for Tour de France fans. The race director Christian Prudhomme envisages the application of technology as a way to keep spectators engaged from start to finish. “Today, our followers want to be immersed in the event,” he said.

“They’re more digitally engaged on social media than ever before, and want a live and compelling second-screen experience during the Tour. Technology enables us to completely transform their experience of the race.”

The post Tour de France to use IoT in digital race for spectators’ attention appeared first on Internet of Business.

Internet of Business