Kirill Mityagin: Hurriedly adopted laws may produce a negative impact on technologies development
As Kirill Mityagin, Partner at Nevsky IP Law and one of 10 top IT lawyers by Kommersant, reports, don’t hesitate to write manufacturers of smart devices and assert your right to privacy.
Why is new legislative framework needed for smart gadgets though no actions have been taken? Will we go into litigation with fridges? Read the interview of IoT Conference with Kirill.
Interviewer: IoT Conference (IoT)
Respondent: Kirill Mityagin (К. М.)
IoT: Modern technologies develop at breakneck speed, and related legislation fails to keep up with the pace. Should Russian and world’s regulatory framework in terms of IoT be updated? What points does it lack?
К. М.: It’s true that the legislation falls behind, but it’s OK. Hurriedly adopted laws may produce a negative impact on technologies development. Only well-thought out and proven approaches should enter the legislation.
There exist lots of IoT-related legal problems, the main three go as follows:
- Allocation of liability for the harm to property, health, and life. How should it be shared between users of an IoT device, its manufacturer, and software owner? Old approaches (reported by the owner of the thing) seems to have lost their effectiveness.
- IoT devices collect massive volumes of various user data. That’s why we should settle problems of its confidentiality and commercial application, storage and deletion as well as liability for the illegal use.
- Control over IoT. In terms of the traditional law, a piece of property cannot take individual actions without the will of its owner. Therefore, there appear important legal postulates of thing destruction, owner’s responsibility for the causation of harm by means of a thing, etc.
This postulate ceased to work for the Internet of Things, and its principles are not currently stable. New legal approaches and solutions for the proper regulation of IoT relations should be elaborated.
What needs to be mentioned is a problem of the interaction of devices designed by various manufacturers. It’s difficult to solve having no regulation and general standards.
IoT: Is there a clear legal line between the collection of technical and personal data by IoT devices? How can consumer control such moments?
К. М.: Considering personal data, yes: such a legal line is defined in Federal Law № 152. According to it, any data relating directly or indirectly to an identifiable or identifying individual is referred to as personal.
I will repeat myself and say that the collection of user (consumer) data by IoT devices is the major problem that is to be solved at legislative level. Consumers should at least have an idea of the data volume a device gathers as well as that the manufacturer and third parties may use it. In this case, they would make a conscious decision to stop using this thing thus preventing the distribution of personal data.
I think that at this level the current legislation is on the side of consumers. However, if they want to use a thing and at the same time partly or fully limit data collection and processing, Privacy Law comes in handy. Undoubtedly, such information cannot be distributed without the owner’s consent. Notwithstanding, the problem of control remains open for consumers, so they should take actions to mitigate risks of data leakage. They need to carefully learn manuals to devices and software user agreement not to give consent to personal data usage. What is more, devices may have functions allowing to limit data collection. One should also know how to use them.
At last, in case of any unclarity with data collection and use, you can and should ask the manufacturer awkward questions. In real life, they answer stiffly, but only active stance can protect customer rights. Consumers should demand the enforcement of the privacy law that embraces the Internet as the right for chip silence.
IoT: Which personal data can a smart thing collect without the user consent?
К. М.: According to Article 24 of the Constitution of the Russian Federation, collection, use, and distribution of information about the private life of an individual without his or her consent is not permitted. Besides, the Russian Federal Law on Personal Data claims that processing of personal data is permitted only with the consent of the subject of the privacy law.
Therefore, user personal data can be collected only when he or she gives consent. The irony is that IoT devices mostly work with personal data in particular. So, the answer will be tough – there is no such data.
IoT: What are purposes the companies pursue when using customer data? Which data can bring them to justice?
К. М.: Reasons may differ but, as it can be seen, they are mainly interested in data usage for commercial purposes. For instance, to learn customer behavior, develop and sell new products and services. Another example – data transfer to other businesses that try to use it for ads targeting and sale of home products.
Responsibility arises when data without consumer consent has been used and distributed. However, I suppose that if you start working with a device, you have already given your consent to the usage of the personal data in terms of the user agreement.
IoT: How to protect personal rights in case there was a data leakage caused by a problem with a smartphone that fell among fraudsters?
K.M.: A difficult question. Everything depends on the aftermath of the leakage. If it is the manufacturer of the device or software to be brought to justice because of the data leakage and harm to the user, such a lawsuit is possible. However, it requires proofs of the connection between the fault and leakage.
IoT: Please, describe the dispute between Carrier and Qvarta. Is that feasible to develop own software for other devices? When is it possible and when not?
К. М.: I am telling about the dispute between Carrier and Qvarta only with the consent of the client.
Top manager at the company addressed us having received complaint from the fridge manufacturer Carrier. In his opinion, Qvarta infringes a copyright for the program and know-how. Regarding this state of things, the Carrier representative called for the cease of the collection and disclosure of information from fridges. Sounds funny, but true.
The point is that Qvarta develops software that is integrated to Carrier equipment and allows to process data received from a device. According to the legislation of the Russian Federation, this type of software is not prohibited – quite the contrary – it’s permitted (Point 3, Article 1280 of the Russian Civil Code).
We prepared an answer to the claim and sent it to Carrier representatives in Russia. 8 months passed – a lawsuit hasn’t been filed.
IoT: In brief, tell us about your forthcoming presentation at IoT Conference. What is your target audience?
К. М.: The presentation will be focused on case studies. My experience proves that the audience is always more interested in specific information about the current tasks.
Developers of IoT devices and software as well as everyone interested in the regulatory framework of this sphere will also get to know something new. Maybe, somebody has critical questions and urgent problems. They can send them to the organizers, and I will prepare answers in advance.
Already know what questions to pose? Send them to the conference curator Alisa Lis by e-mail or Skype marked ‘questions for Kirill Mityagin’:
You can send questions until September 10. Remember that the answers will be voiced on September 25 at IoT Conference! They WILL NOT BE SENT by e-mail!