'Consumer IoT and its under-regulation: Findings from an Australian study' by Diarmaid Harkin, Monique Mann and Ian Warren in (2022) Policy & Internet comments
The expansive growth of consumer internet of things (IoT) has created a range of concerns around privacy, security, and their broader societal impacts. This article reports on findings from interviews with 32 key stakeholders from the fields of information security, policy and regulation, the IoT industry, consumer and privacy law, and academia in Australia. It details a broad variety of issues and concerns that go beyond the well-recognised issue of privacy or the technical standards of information security, to encompass a wider set of issues regarding the implications for vulnerable communities, the environment and industrial standards of IoT production. Most key stakeholders expressed the view that more robust regulation is required in Australia, but no clear regulatory priority or strategy was identified by our sample. The implications of these findings for further regulation of consumer IoT and future regulatory strategies are considered.
The authors argue
The growth in popularity of consumer internet of things (IoT) devices for home use continues to advance globally. Available estimates suggest that 854 million units of ‘smart home devices’ were shipped worldwide in 2020 (IDC cited in Business Wire, 2020), and most projections indicate further expansion in the foreseeable future (e.g., Data Bridge Market Research, 2020; Mordor Intelligence, 2020; Report Crux Market Research, 2020). Consumer IoT is on the rise with more households having more devices and a flourishing industry is placing internet-connected features into a wider variety of everyday domestic goods.
Consumer IoT is becoming entrenched in the community along three dimensions. First, there is an increasing breadth of the user-base with more individuals and groups encountering or deploying consumer IoT devices (Rainie & Anderson, 2017). Second, the volume and types of data collected by consumer IoTs are expanding and creating deepening ‘data-troves’ on personal activity (Ranger, 2020). Third, IoTs are used in a diversifying set of circumstances for an increasing array of functions such as assistance with home health, particularly for people with disability or the aged (Domingo, 2012; Metcalf et al., 2016). This creates numerous and increasing possibilities for IoT to provide valuable services for those in need, but also creates a range of potentially damaging impacts, unexpected harms, and a variety of legal, ethical and regulatory dilemmas around the questions of security, privacy and consent.
This paper explores some of the issues created by the rapid growth of consumer IoT and their perceived under-regulation in the Australian context. While there is a commentary about the threats posed by the growth of IoT from scholars (e.g., Manwaring, 2017a), civil society groups (McSherry, 2015) and cyber-security professionals (see e.g., Herold, 2015), this paper adds to these debates by comprehensively mapping a broad range of perspectives about consumer IoT. By documenting empirical data from in-depth interviews with 32 key stakeholders and subject-matter experts in Australia, it will be shown that: (a) there are significant concerns about the growth and proliferation of consumer IoT; (b) these concerns focus on a multitude of issues that range from worries about the cyber-security of IoT devices to their impacts upon the environment; (c) many feel that consumer IoT is under-regulated in a way that is likely to lead to ongoing and foreseeable negative impacts; but (d) there is no clear consensus on how to regulate, what to regulate or the regulatory priorities.
It will thus be shown that consumer IoT presents a unique confluence of issues that create a knot of regulatory problems. To demonstrate this argument, the paper will proceed over five parts. First, a brief overview of the current regulatory context for consumer IoT in Australia is provided, describing the environment that many experts regard as ‘under-regulated’. Second, the methods of this study are outlined describing how the interviews were conducted and with whom. Third, the key findings from the interviews are presented around the core concerns of the rapid growth in consumer IoT and the issues this presents for consumers, in addition to the broader impacts on areas such as the environment. This includes a discussion of how the majority of interview participants argued that consumer IoTs are, at present, under-regulated in Australia, but also expressed no clear unanimity of what the regulatory priorities should be. Finally, the implications of these findings for future regulatory efforts in Australia are unpacked.