The title is a joke, but a nod to my writing so often these days about China’s role in the Internet of Things and of my plans to continue doing so.
How can I not when so much of my law firm’s new China manufacturing work is coming from companies involved in the Internet of Things? And when I personally am such a massive fan of it (my lights, my home security, my fire alarms, my fitness devices, my doorbell, my …. are all IoT devices). Plus I want to be on record now so that five years from now I can say, “I told you so.”
Anyway, today’s post is a short riff on the recently issued Online Trust Alliance’s IoT Framework. This Framework lists thirty guidelines related mostly to sustainability, security and privacy surrounding connected devices. Though these are “just” guidelines, we expect most of the leading IoT device manufacturers to at least be influenced by them.
The following guideline No.3 immediately stood out to the China lawyers in my firm, as it directly relates to so many of the problems we see with our IoT clients that use third party Chinese manufacturers to make their connected devices:
Establish and maintain processes and systems to receive, track and promptly respond to external vulnerabilities reports from third parties including the research community. Remediate post product release design vulnerabilities and threats in a publicly responsible manner either through remote updates and/or through actionable consumer notifications, or other effective mechanism(s).
As we have written many times previously, our China attorneys are far too often getting called in after there is already a binding contract between the Western IoT manufacturer and its more experienced Chinese manufacturer. That contract does not provide any privacy safeguards against the Chinese manufacturer and in many instances, having this sort of protection never even occurred to our client. I usually don’t hesitate to point out to them the problems they might have if it is later discovered that the Chinese manufacturer is in some way tracking the customers of the connected device and the Western IoT company doesn’t even have a piece of paper to show that it ever even considered or cared about such a thing.
I would urge everyone involved in IoT to read this new Framework for the simple reason that it serves as an excellent checklist on various things of which you should at least be aware.
For more on China and the Internet of Things, please check out the following:
The post China and the Internet of Things, Part 3 of 228 appeared first on China Law Blog.