Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

TelcoME2015_IOTRegulation

  • Be the first to comment

  • Be the first to like this

TelcoME2015_IOTRegulation

  1. 1. Collaborating on M2M and Internet of Things Regulation Eamon Holley Informa Teleco ME 2015 9 December 2015
  2. 2. Today  Bringing together key stakeholders  Big Data, Cloud and Privacy  Cyber security  Devising a framework 2
  3. 3. Next Steps – a suggestion  A regional M2M/IoT working group  DLA Piper established groups in EU, Asia  To develop industry led whitepapers on topics of specific relevance to the GCC region  Free initiative i.e., no financial cost to join or participate  If interested, please contact me eamon.holley@dlapiper.com 3
  4. 4. But before we begin… Why isn't this a regulatory HOT topic? 4
  5. 5. M2M and the Internet of (Every)Things 2020 : Globally, 50 billion connected things and a 1 trillion dollar industry Humans will largely not even be aware of the work going on around them : "Ambient networks" 5 Sectors : … well, everything! Transport Fleet and inventory tracking Health monitoring Real time diagnostics Smart grids Smart homes Smart cities Connectivity : … well, everything! SIMs RFID WiFi Bluetooth GPS Fixed Line ???????
  6. 6. WHAT DO WE NEED TO REGULATE? 6
  7. 7. Just a few issues to consider… M2M IOT Licensing? for Permanent Roaming? Access to Networks Type Approval / Importations Privacy and Data Protection (Cyber) security Liabilities 7
  8. 8. Questions from clients…  Could the use of a SIM in a local jurisdiction mean that M2M SP is providing a telecommunications service in that country?  Does it need a license?  Are there data protection obligations? Are there any rules about transferring information overseas? Can these apply to M2M?  What about local registration or verification requirements? Even for machines only?  Are there any type approval rules for these machines, simply because they have a data only SIM?  Are there any numbering rules?  Are there rules regarding location of equipment?  Is this subject to lawful interception? Can the service be encrypted? 8
  9. 9. Statements from regional stakeholders…  "…not on our to do list." – Regional Regulator  "…there is no need for further specific IoT/M2M regulation at the moment in the region. Permanent roaming though is a concern which we believe should be discussed at the regional level. The situation indeed should be monitored." – Incumbent Regional Operator  "Our thoughts are based on really when is the right time to regulate, and we don't think the case to develop specific regulation or for regulatory intervention is there yet. It is also a matter of priorities, and there are a myriad of more pressing concerns to address here." - Incumbent Regional Operator 9
  10. 10. On the other hand… "I think it* is a good example of how regulators can facilitate an approach which joins up the supply side and demand side. This is essential to IoT (as we know from the experience in automotive sector)." – European based International operator *"Definition of a Research and Innovation Policy Leveraging Cloud Computing and IoT Combination" – Final Report, European Commission DG Communications Networks, Content and Technology 10
  11. 11. COLLABORATION 11
  12. 12. Collaboration - Who are the stakeholders? 12 "IoT" Vendors Big Data Analysts Cloud Vendors TelcosConsumers Regulators Government
  13. 13. What collaboration?!  TRA UAE consultation – Industry  ITU Research Group – chaired by TRA UAE  Dubai Smart City – Open Data Law  UAE Innovation  EU initiatives 13
  14. 14. TRA UAE  2014 – TRA UAE started liaising with UAE industry players  2015 – UAE Communications and Media Industry Group (UCMIG) provided the TRA with technical guidance on M2M/IoT. Particularly, M2M/IoT spectrum harmonisation in the UAE and the region.  Currently TRA UAE position is that M2M can be dealt with using existing regulatory framework, but is investigating more specific M2M issues that may be regulated separately at a later point in time  June 2015 – TRA UAE appointed as chair of a new ITU research group on IoT 14
  15. 15. Dubai Smart City Initiatives 15  Dubai Smart Government. See http://smartdubai.ae/whitepaper/  2014 – "make Dubai the smartest city in the world by 2017"  66% of world's population expected to live in cities by 2050  Gulf – 2014 89% of citizens live in cities; 2050 expect 93% of citizens living in cities  Smart grid; Smart government; Smart health; Smart transport; Smart education; Smart water; Smart…
  16. 16. Dubai Smart City Initiatives 16  Thousands of free Wi-Fi hotspots offered by du  Airconditioned bus stops with wi-fi hotspots and charging stations  Smart grid – February 2015 120,000 smart meters, by 2017 up to 200,000 smart meters  Smart palms – 6 meter high towers with nine-leaf shaped solar panes – power wi-fi hotspots, charging stations, contain touchscreens with information on transport options and local weather. See http://didea.ae/portfolio/smart-palm/
  17. 17. Dubai Data Law  17 October 2015 – Sh. Mohammed announced passing of Dubai Data Law  Freely available Data = Innovation  An Open Data Law – and more?  But what is Open Data? "Data that can be freely used, reused and redistributed by anyone - subject only, at most, to the requirement to attribute and sharealike". See http://opendatahandbook.org/en/what-is-open-data/ and http://opendefinition.org/ "Publicly available data structured in a way that enables the data to be fully discoverable and usable by end users". See White House Memorandum M-13-13, issued on 9 May 2014, titled "Open Data Policy-Managing Information as an Asset" - https://www.whitehouse.gov/sites/default/files/omb/memoranda/2013/m-13- 13.pdf 17
  18. 18. Dubai Data Law  Dubai Open Data "The information available to any entity in the Emirate of Dubai, whether governmental or in private sector, which is made available by such entity in the Emirate to individuals and governmental or non-governmental organizations, to be used or shared with third parties". Article 2, Resolution No. 2 of 2014 On the Formation of Open Data Committee in the Emirate of Dubai. 18
  19. 19. Dubai Data Law Freely available Data = Innovation  Collection of Dubai Data  Categorisation of Dubai Data – protection of privacy  Sharing certain data between Dubai government bodies  Making available Open Data to the public  Can be potentially applied to private entities that the Dubai government deems should provide specific Data Sets 19
  20. 20. UAE Innovation  2014 UAE's National Innovation Strategy  7 sectors - renewable energy, transport, education, health, technology, water and space  4 tracks: 1. New and amended legislation 2. Develop government innovation by new practices, reduce spending by 1% and use it on research and innovations 3. Encourage private sector innovation to establish research centers, adopt new tech, develop new products and services 4. Education  2015 – UAE Year of Innovation  November – AED300 billion innovation fund  100 initiatives with major investments in education, health, energy, transport, space and water 20
  21. 21. Europe  "Definition of a Research and Innovation Policy Leveraging Cloud Computing and IoT Combination" DG Communications Networks, Content and Technology  Digital Single Market - Data Protection Regulation 21
  22. 22. Definition of a Research and Innovation Policy Leveraging Cloud Computing and IoT Combination  2013 and 2014 study  Desk and primary research  23 expert interviews  stakeholder workshop  development of a market estimating IoT market value by 2020 under 3 alternative scenarios  International analysis/benchmark of main IoT initiatives 22
  23. 23. Definition of a Research and Innovation Policy Leveraging Cloud Computing and IoT Combination  BUT  Those with higher accumulated IT investments and advance telecom network will grow faster  Market growth could be slower if EU industry does not fully exploit IoT revolution and opportunities  IF growth is slower than baseline expectations, then potential IoT market value could be EU976 billion – 18% lower than baseline  IF growth is higher than baseline expectations, then potential IoT market value could be EU1,128 billion – 5% higher than baseline  Risks from inaction or mismanagement greater than slightly more than optimistic baseline 23 Measure 2013 2020 IoT Connections 1.8 billion 6 billion IoT Revenues EU 307 billion EU 1,181 billion
  24. 24. Definition of a Research and Innovation Policy Leveraging Cloud Computing and IoT Combination RISKS to IoT take up  Inability of EU industry, particularly SMEs, to adopt IoT innovation on a large scale, due to insufficient investments and organizational barriers to change  concerns about privacy and data protection  mismanagement of new security risks  lack of standards and interoperability across fragmented European markets preventing economies of scale and scope Insert GCC here? 24
  25. 25. EU Recommendations 13 recommendations around investment, research, encouraging supply, creating demand uptake, removing regulatory barriers etc. #3 – Promote development of broad-based, open horizontal platforms in order to overcome potential fragmentation of the EU market and support the development of competitive supply and industry and a balanced ecosystem #12 – EC should contribute to building trust and confidence in IoT…taking account of psychological, social and pragmatic issues potentially affecting trust and confidence of potential users in IoT, Cloud and Big Data an services #13 – develop the internal single market for IoT services and applications, by promoting the adoption of open standards and interoperable solutions across Europ, fostering cooperation between standards bodies, pointing out regulatory barriers and suggesting remedial actions 25
  26. 26. Data Protection Regulation  A new, single Data Protection Regulation in Europe in 2016  Not a Directive and no need for EU member state legislation  To prevent companies dealing with myriad of laws which follow Directive principles, but which are different  Currently plans to be stricter in catching entities outside of the EU but whose data processing relate to the offering of goods or services to, or monitoring, data subjects residing in the EU.  Fines based upon annual worldwide turnover  Data breach notifications  Explicit data subject consent requirements Do these sit contrary with the DG Comm's recommendations on IoT take- up? 26
  27. 27. Big Data, Cloud Computing, Privacy If data is the new oil, is privacy the water? 27
  28. 28. Cloud Computing and Big Data Cloud Computing  Happening  Little to no regulation surrounding it per se  Does there need to be? Big Data Data collection, data transfer, data storage, data processing 28
  29. 29. Current legislative framework 29
  30. 30. Data Protection and Privacy 30  Currently no comprehensive data protection laws per se  There are laws relating to privacy, often in criminal laws such as penal codes and cyber crime laws; Certain countries restrict data transfer in certain sectors – KSA banking information  Generally rely upon consent for use of and transfer of data  But, no clear guidance on personal or sensitive personal data  Concept of "privacy" is stricter in the region than what we may be used to in other countries;  Not always clear, or certain, how consent can be given, e.g., by electronic means
  31. 31. Cyber security - Threat Environment Cyber Security becoming increasingly prominent in minds of governments, businesses, citizens and residents in the region. 31
  32. 32. Cyber security challenges posed?  All GCC states now have Cyber Crime laws  No GCC state a member of the Council of Europe's Budapest Convention  GCC states members of the Arab League Convention on Cyber Crime  No data breach requirements  CERTS in each country, but, according to one insider, little interaction Is this enough to reassure consumers and allow for uptake of IoT and M2M? 32
  33. 33. Summary  Huge opportunity, but the longer there is a delay of strategic implementation the less benefits will be felt  Concerns regarding protecting local operators and security (i.e., concerns regarding permanent roaming) must be balanced against these huge opportunities. SIM based permanent roaming is only one way that M2M and IoT will work  Some excellent initiatives in the region e.g., Smart Dubai and UAE's Innovations Policies  BUT a regional approach to investment and innovation policy and regulation (licensing, roaming, numbering, spectrum) would appear to be capable of unlocking so much more – particularly in terms of scale and scope of economies 33
  34. 34. Next Steps – a suggestion  A regional M2M/IoT working group  DLA Piper established groups in EU, Asia  To develop industry led whitepapers on topics of specific relevance to the GCC region  Free initiative i.e., no financial cost to join or participate  If interested, please contact me eamon.holley@dlapiper.com 34

×