Abstract
The Internet of Things (loT), the wireless connection of devices to ourselves, each other, and the Internet, has transformed our lives and our society in unimaginable ways. Today, billions of electronic devices and sensors collect, store, and analyze personal information from how fast we drive, to how fast our hearts beat, to how much and what we watch on TV. Even children provide billions of bits of personal information to the cloud through "smart" toys that capture images, recognize voices, and more. The unprecedented and unbridled new information flow generated from the little things of the loT is creating big challenges for privacy regulators. Traditional regulators are armed with conventional tools not fully capable of handling the privacy challenges of the loT.
A critical review of recent Federal Trade Commission (FTC) enforcement decisions sheds light on a recommended path for the future regulation of the loT. This Article first examines the pervasiveness of the loT and the data it collects in order to clarify the challenges facing regulators. It also highlights traditional privacy laws, principles, and regulations and explains why those rules do not fit the novel challenges and issues resulting from the loT. Then it presents an in-depth analysis of four key FTC enforcement decisions to highlight how the FTC has and can regulate the loT without undermining the innovation and benefits that this technology-and the data it providesbrings to our society.
Specifically, the Article describes how the FTC, faced with the privacy challenge that accompanies the interconnected world of the loT, has managed to apply traditional standards of "unfairness" and "deceptive practices" to protect private information. The FTC has been flexible and nimble with its interpretations of such standards and, in its most recent loT case, FTC v. VIZIO, established a new "tool" in its toolkit for regulating loT devices: an "unfair tracking" standard. As the de facto data protection authority in the United States, the FTC can use this new tool to work toward standardizing its treatment of loT privacy issues instead of trying to fit those concerns neatly under the deception authority of section 5 of the FFC Act. However, this new tool also means that the FTC has the opportunity-and responsibility-to provide guidance on how it will wield that authority.
To assure that innovation is not stifled and that this new rule is fairly applied (whether by the FFC or other agencies that may follow suit), it is imperative that the FFC diligently address concerns about the scope of this new rule and communicate that guidance to businesses, other regulators, and consumers alike. The new FTC administration should, as the primary regulator of information privacy and the loT, continue the strong practice established by the previous administration, which is to provide guidance to businesses, consumers, and other regulators navigating the big challenges caused by the little things in the loT.
