Internet of Things (IoT)

On August 27, 2021, Illinois Governor J.B. Pritzker signed into law the Protecting Household Privacy Act (“PHPA”).  The law governs how, and under what conditions, Illinois law enforcement agencies may acquire and use data from household electronic devices, commonly referred to as “smart devices” or the “internet of things.”  The PHPA will go into effect

Introduction

In this update, we detail the key legislative developments in the second quarter of 2021 related to artificial intelligence (“AI”), the Internet of Things (“IoT”), connected and automated vehicles (“CAVs”), and federal privacy legislation.  As we recently covered on May 12,  President Biden signed an Executive Order to strengthen the federal government’s ability to respond to and prevent cybersecurity threats, including by removing obstacles to sharing threat information between private sector entities and federal agencies and modernizing federal systems.  On the hill, lawmakers have introduced a number of proposals to regulate AI, IoT, CAVs, and privacy.
Continue Reading U.S. AI, IoT, CAV, and Privacy Legislative Update – Second Quarter 2021

Sen. Ed Markey (D-MA) and Rep. Ted Lieu (D-CA-33) reintroduced the Cyber Shield Act on March 24, 2021. The proposed legislation is not new to Congress; Sen. Markey and Rep. Lieu previously introduced the Cyber Shield Act in both 2017 and 2019. However, the bill never made it to a vote in either the House or the Senate.
Continue Reading “Cyber Shield Act” Calling for IoT Device Certification Reintroduced in Congress

On Friday, December 4, 2020, President Trump signed the bipartisan Internet of Things (“IoT”) Cybersecurity Improvement Act of 2020 into law.  The IoT Cybersecurity Improvement Act empowers the National Institute of Standards and Technology (“NIST”) to create cybersecurity standards for internet-connected devices purchased and used by federal agencies.  For more information on the law, please

The bipartisan Internet of Things (“IoT”) Cybersecurity Improvement Act of 2020 (S. 734, H.R. 1668) has passed the House and the Senate and is headed to the President’s desk for signature.  The bill was sponsored in the House by Representatives Hurd (R-TX) and Kelly (D-IL), and in the Senate by Senators Warner (D-VA) and Gardner (R-CO).  President Trump is expected to sign the measure into law.

According to Senator Warner (D-VA), the bill would “harness the purchasing power of the federal government and incentivize companies to finally secure the [internet-connected] devices they create and sell.”

The IoT Cybersecurity Improvement Act will require the National Institute of Standards and Technology (“NIST”) to develop minimum cybersecurity standards for internet-connected devices purchased or used by the federal government.  The bill sets forth the following requirements:
Continue Reading IoT Update: Congress Passes IoT Cybersecurity Improvement Act of 2020

Reflecting the heightened interest in 5G and related cybersecurity concerns, the National Telecommunications and Information Administration (NTIA) has requested public comment on the implementation of its National Strategy to Secure 5G.  Stakeholders with interests in telecommunications infrastructure and security—and any parties interested in 5G generally—currently have the opportunity to provide input on the plan that will carry out the Administration’s 5G strategy.

From now until June 18, 2020, the NTIA will accept public comments as part of its efforts to develop a rollout for its National Strategy to Secure 5G.  This implementation plan is being developed per the Secure 5G and Beyond Act of 2020, which President Trump signed into law on March 23.  The NTIA published its National Strategy the same day.
Continue Reading Administration Seeks Public Input on Rollout of 5G Strategy

On May 5, 2020, the Seventh Circuit held that violations of the section 15(b) disclosure and informed consent provisions of the Illinois Biometric Information Privacy Act, 740 ILCS 14/1 et seq. (“BIPA”) constitute “an invasion of personal rights that is both concrete and particularized” for the purposes of establishing Article III standing to sue in federal courts.  However, the Seventh Circuit also held that the alleged harms associated with violations of section 15(a) of BIPA were insufficient to establish Article III standing.  Section 15(a) mandates public disclosure of a retention schedule and guidelines for permanent destruction of collected biometric information.

Covington has previously discussed developments in BIPA litigation, which has proliferated in recent years with the advancement of relevant technologies.  The increase in BIPA litigation has been accompanied by a rise in disputes over the nature of the harm required to sustain an action, both in state and federal courts.  Although this issue was seemingly resolved at the state-level by the Illinois Supreme Court’s 2019 Rosenbach decision, federal courts have continued to grapple with the issue for the purposes of Article III standing.
Continue Reading Seventh Circuit Rules on Article III Standing Issues in Illinois BIPA Lawsuit, Allowing Case to Proceed in Federal Court

On April 6, 2020, Tapplock, Inc., a Canadian maker of internet-connected smart locks, entered into a settlement with the Federal Trade Commission (“FTC”) to resolve allegations that the company deceived consumers by falsely claiming that it had implemented reasonable steps to secure user data and that its locks were “unbreakable.”  The FTC alleged that these representations amounted to deceptive conduct under Section 5 of the FTC Act.  In its press release accompanying the settlement, the FTC provided guidance for IoT companies regarding the design and implementation of privacy and security measures for “smart” devices, as discussed further below in this post.
Continue Reading IoT Update: FTC Settles with Smart Lock Manufacturer and Provides Guidance for IoT Companies

On March 24, 2020, the Dutch Supervisory Authority (“SA”) announced the launch of a broad investigation into automobile manufacturers, to determine whether any violations of data protection laws have occurred in relation to connected cars.

The Dutch SA sent a questionnaire to all Netherlands-based car and truck manufacturers, asking what types of personal data they

Earlier this month the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) released its Draft NISTIR 8267, Security Review of Consumer Home Internet of Things (IoT) Products, for public comment. NIST will accept public comments on the report through November 1, 2019.
Continue Reading IoT Update: NIST Seeks Public Comment on Security Review of Smart Home IoT Devices