Law and IoT (2 of 5): Embedded Compliance Opportunities

LawIoTWC2In addition to setting the stage for the next wave of product and service development, machine-to-machine in the internet of things (IoT) has become a focus of growing discourse with respect to legal risk. Identifying and responding to both the risks and opportunities presented will require new levels of collaboration between legal, compliance, and product development teams. However, tracing all the potential permutations (particularly at this early stage) is tricky business. With that in mind, the following series discusses the primary dynamics at work in Law and IoT.

“Embedded compliance” refers to the challenges and opportunities created by the ability of private parties to embed restrictions, obligations, or limitations within individualized product use. Without putting too fine a point on it, Embedded Compliance refers to the use of embedded algorithms and controls in a product to restrict use in deference to context-specific legal requirements, contractual terms, or other risks.

The best recent articulation of these dynamics comes from Kenneth Grady‘s discussion of the Breathalyzer-based ignition. However, the relationships Grady alludes to have long been identified by current guerrilla presidential candidate Lawrence Lessig’s seminal work Code or, practically, in the dynamics set by digital rights management (DRM) software. Other parallels in the software world appear to be on the rise, such as those emerging in AirWatch Content Locker’s embedded location-based risk controls or Invoiceware International’s inclusion of multi-jurisdictional Latin American invoice and reporting requirements into its electronic billing platform.

A car that only starts based on a successful Breathalyzer test provides only a rough indication of what is possible in this context. Consider how these capabilities might extend opportunities for leasing or product subscription services, where for example, a printer might shut down after a pre-determined number of pages per month and only restart on a premium. (Blue Hill has laid out more than a few thoughts with respect to the opportunities presented.) Of course, the opportunities presented extend beyond direct manufacturer benefits to include competitive and commercial value. For example, a limousine company might see tremendous risk mitigation benefits in contracting with the automotive manufacturer that provides Breathalyzer-controls or location-awareness that prohibits drivers from exceeding speed limits. Additional incentives will follow as insurers continue to study the potential benefits available.

As with DRM, embedded product compliance will be vulnerable to claims of over-enforcement. Again, these issues run back to Lessig’s explanation of how automated requirements enforcement fails to provide the awareness of circumstance necessary for legal determinations. DRM, for example, cannot understand whether a particular use of content constitutes permissible fair use. IoT has the potential to provide more individualized determinations, but also raises the stakes where errors can impose liability? For example, what might be an individual’s recourse be when his or her car fails to start due to a false positive on that embedded Breathalyzer?  Is the manufacturer liable if this causes the individual to lose his or her job?

To find answers to these questions, attorneys must, once again, work with product development teams to understand the embedded heuristics, underlying data, and underlying liabilities that might be presented. This will require attorneys to not just provide guidance with respect to product decisions, but to become active participants in the product development process.

About David Houlihan, Esq.

David Houlihan researches enterprise risk management, compliance and policy management, and legal technology. He is an experienced advisor in legal and technology fields with a unique understanding of complex information environments and business legal needs.
Posted on October 28, 2015 by David Houlihan, Esq.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Latest Blog

Managing Today’s Mobile Projects - Part 1: An MMS Partner is Critical to Success GRC Implementation Success, Part 2: GRC’s Place in the Business GRC Implementation Success, Part 1: Implementation Success is GRC Success

Topics of Interest

Advanced Analytics

AI

Analytics

Anodot

Attunity

authentication

BI

Big Data

Blog

Business Intelligence

Cloud

Cognitive Computing

Corporate Payments

Data Management

Data Preparation

Data Wrangling

DataKitchen

DataOps

DataRobot

design

design thinking

Domo

Emerging Tech

enterprise applications

Enterprise Performance Management

enterprise video

fog computing

General Industry

GoodData

GRC

Hadoop World

Human Resources

IBM

IBM Interconnect

Iguazio

ILTACON

Informatica

Information Builders

innovation

Internet of Things

IoT

knowledge

legacy IT

Legal

Legal Tech

Log Data

Machine Learning

Managed Mobility Services

Microsoft

Mobile Managed Services

Mobility

Nexla

Order-to-Cash

passwords

Pentaho

Podcast

Predictive Analytics

Private Equity

Procure-to-Pay

Qubole

Questioning Authority

Recurring Revenue

Risk Management

ROI

Sales Enablement

Salesforce

Security

service desk

Social Media

Strata

Striim

Supply Chain Finance

Switchboard Software

Tableau

Talend

Tangoe

Telecom Expense Management

Time-to-Value

Trifacta

TWIDO

Unified Communications

usability

USER Applications

User Experience

User Interface

video platform

Virtualization

Visualization

Wearable Tech

Yellowfin