Collaborating on M2M

and Internet of Things

Regulation

Eamon Holley

Informa Teleco ME 2015

9 December 2015

Today

Bringing together key stakeholders

Big Data, Cloud and Privacy

Cyber security

Devising a framework

2

Next Steps – a suggestion

A regional M2M/IoT working group

DLA Piper established groups in EU, Asia

To develop industry led whitepapers on topics of specific

relevance to the GCC region

Free initiative i.e., no financial cost to join or participate

If interested, please contact me

eamon.holley@dlapiper.com

3

But before we begin…

Why isn't this a regulatory HOT topic?

4

M2M and the Internet of (Every)Things

2020 : Globally, 50 billion connected things and a 1 trillion dollar

industry

Humans will largely not even be aware of the work going on

around them : "Ambient networks"

5

Sectors : … well, everything!

Transport

Fleet and

inventory

tracking

Health

monitoring

Real time

diagnostics

Smart

grids

Smart

homes

Smart cities

Connectivity : … well, everything!

SIMs

RFID WiFi Bluetooth GPS Fixed Line ???????

WHAT DO WE NEED TO REGULATE?

6

Just a few issues to consider…

M2M

IOT

Licensing? for

Permanent Roaming?

Access to Networks

Type Approval /

Importations

Privacy and Data

Protection

(Cyber) security

Liabilities

7

Questions from clients…

Could the use of a SIM in a local jurisdiction mean that M2M SP is

providing a telecommunications service in that country?

Does it need a license?

Are there data protection obligations? Are there any rules about

transferring information overseas? Can these apply to M2M?

What about local registration or verification requirements? Even for

machines only?

Are there any type approval rules for these machines, simply

because they have a data only SIM?

Are there any numbering rules?

Are there rules regarding location of equipment?

Is this subject to lawful interception? Can the service be encrypted?

8

Statements from regional stakeholders…

"…not on our to do list." – Regional Regulator

"…there is no need for further specific IoT/M2M regulation at the

moment in the region. Permanent roaming though is a concern

which we believe should be discussed at the regional level. The

situation indeed should be monitored." – Incumbent Regional

Operator

"Our thoughts are based on really when is the right time to regulate,

and we don't think the case to develop specific regulation or for

regulatory intervention is there yet. It is also a matter of priorities,

and there are a myriad of more pressing concerns to address here." -

Incumbent Regional Operator

9

On the other hand…

"I think it* is a good example of how regulators can facilitate an

approach which joins up the supply side and demand side. This

is essential to IoT (as we know from the experience in

automotive sector)." – European based International operator

*"Definition of a Research and Innovation Policy Leveraging

Cloud Computing and IoT Combination" – Final Report,

European Commission DG Communications Networks, Content

and Technology

10

COLLABORATION

11

Collaboration - Who are the stakeholders?

12

"IoT" Vendors

Big Data Analysts

Cloud Vendors

Telcos Consumers

Regulators

Government

What collaboration?!

TRA UAE consultation – Industry

ITU Research Group – chaired by TRA UAE

Dubai Smart City – Open Data Law

UAE Innovation

EU initiatives

13

TRA UAE

2014 – TRA UAE started liaising with UAE industry players

2015 – UAE Communications and Media Industry Group

(UCMIG) provided the TRA with technical guidance on

M2M/IoT. Particularly, M2M/IoT spectrum harmonisation in the

UAE and the region.

Currently TRA UAE position is that M2M can be dealt with

using existing regulatory framework, but is investigating more

specific M2M issues that may be regulated separately at a

later point in time

June 2015 – TRA UAE appointed as chair of a new ITU

research group on IoT

14

Dubai Smart City Initiatives

15

Dubai Smart Government. See

http://smartdubai.ae/whitepaper/

2014 – "make Dubai the smartest city

in the world by 2017"

66% of world's population expected

to live in cities by 2050

Gulf – 2014 89% of citizens live in

cities; 2050 expect 93% of citizens

living in cities

Smart grid; Smart government; Smart health; Smart transport;

Smart education; Smart water; Smart…

Dubai Smart City Initiatives

16

Thousands of free Wi-Fi hotspots offered by du

Airconditioned bus stops with wi-fi hotspots and charging stations

Smart grid – February 2015 120,000 smart meters, by 2017 up to

200,000 smart meters

Smart palms – 6 meter high towers with nine-leaf shaped solar

panes – power wi-fi hotspots, charging stations, contain

touchscreens with information on transport options and local

weather. See http://didea.ae/portfolio/smart-palm/

Dubai Data Law

17 October 2015 – Sh. Mohammed announced passing of

Dubai Data Law

Freely available Data = Innovation

An Open Data Law – and more?

But what is Open Data? "Data that can be freely used, reused and redistributed by anyone - subject only, at most, to the requirement to attribute and sharealike".

See http://opendatahandbook.org/en/what-is-open-data/ and http://opendefinition.org/

"Publicly available data structured in a way that enables the data to be fully discoverable and usable by end users".

See White House Memorandum M-13-13, issued on 9 May 2014, titled "Open Data

Policy-Managing Information as an Asset" -

https://www.whitehouse.gov/sites/default/files/omb/memoranda/2013/m-13-

13.pdf

17

Dubai Data Law

Dubai Open Data

"The information available to any entity in the Emirate of Dubai, whether governmental or in private sector, which is made available by such entity in the Emirate to individuals and governmental or non-governmental organizations, to be used or shared with third parties".

Article 2, Resolution No. 2 of 2014 On the Formation of Open Data

Committee in the Emirate of Dubai.

18

Dubai Data Law

Freely available Data = Innovation

Collection of Dubai Data

Categorisation of Dubai Data – protection of privacy

Sharing certain data between Dubai government bodies

Making available Open Data to the public

Can be potentially applied to private entities that the Dubai

government deems should provide specific Data Sets

19

UAE Innovation

2014 UAE's National Innovation Strategy

7 sectors - renewable energy, transport, education, health, technology,

water and space

4 tracks:

1. New and amended legislation

2. Develop government innovation by new practices, reduce spending

by 1% and use it on research and innovations

3. Encourage private sector innovation to establish research centers,

adopt new tech, develop new products and services

4. Education

2015 – UAE Year of Innovation

November – AED300 billion innovation fund

100 initiatives with major investments in education, health,

energy, transport, space and water

20

Europe

"Definition of a Research and Innovation Policy

Leveraging Cloud Computing and IoT Combination"

DG Communications Networks, Content and Technology

Digital Single Market - Data Protection Regulation

21

Definition of a Research and Innovation Policy

Leveraging Cloud Computing and IoT Combination

2013 and 2014 study

Desk and primary research

23 expert interviews

stakeholder workshop

development of a market estimating IoT market value by 2020

under 3 alternative scenarios

International analysis/benchmark of main IoT initiatives

22

Definition of a Research and Innovation Policy

Leveraging Cloud Computing and IoT Combination

BUT

Those with higher accumulated IT investments and advance

telecom network will grow faster

Market growth could be slower if EU industry does not fully exploit

IoT revolution and opportunities

IF growth is slower than baseline expectations, then potential IoT

market value could be EU976 billion – 18% lower than baseline

IF growth is higher than baseline expectations, then potential IoT

market value could be EU1,128 billion – 5% higher than baseline

Risks from inaction or mismanagement greater than slightly

more than optimistic baseline

23

Measure 2013 2020

IoT Connections 1.8 billion 6 billion

IoT Revenues EU 307 billion EU 1,181 billion

Definition of a Research and Innovation Policy

Leveraging Cloud Computing and IoT Combination

RISKS to IoT take up

Inability of EU industry, particularly SMEs, to adopt IoT

innovation on a large scale, due to insufficient investments and

organizational barriers to change

concerns about privacy and data protection

mismanagement of new security risks

lack of standards and interoperability across fragmented European markets preventing economies of scale and scope

Insert GCC here?

24

EU Recommendations

13 recommendations around investment, research, encouraging

supply, creating demand uptake, removing regulatory barriers

etc.

#3 – Promote development of broad-based, open horizontal platforms in order

to overcome potential fragmentation of the EU market and support the

development of competitive supply and industry and a balanced ecosystem

#12 – EC should contribute to building trust and confidence in IoT…taking

account of psychological, social and pragmatic issues potentially affecting trust

and confidence of potential users in IoT, Cloud and Big Data an services

#13 – develop the internal single market for IoT services and applications, by

promoting the adoption of open standards and interoperable solutions across

Europ, fostering cooperation between standards bodies, pointing out regulatory

barriers and suggesting remedial actions

25

Data Protection Regulation

A new, single Data Protection Regulation in Europe in 2016

Not a Directive and no need for EU member state legislation

To prevent companies dealing with myriad of laws which follow Directive

principles, but which are different

Currently plans to be stricter in catching entities outside of the EU but whose

data processing relate to the offering of goods or services to, or monitoring,

data subjects residing in the EU.

Fines based upon annual worldwide turnover

Data breach notifications

Explicit data subject consent requirements

Do these sit contrary with the DG Comm's recommendations on IoT take-

up?

26

Big Data, Cloud Computing, Privacy

If data is the new oil, is privacy the water?

27

Cloud Computing and Big Data

Cloud Computing

Happening

Little to no regulation surrounding it per se

Does there need to be?

Big Data

Data collection, data transfer, data storage, data processing

28

Current legislative framework

29

Data Protection and Privacy

30

Currently no comprehensive data protection laws per se

There are laws relating to privacy, often in criminal laws such

as penal codes and cyber crime laws; Certain countries restrict

data transfer in certain sectors – KSA banking information

Generally rely upon consent for use of and transfer of data

But, no clear guidance on personal or sensitive personal data

Concept of "privacy" is stricter in the region than what we may

be used to in other countries;

Not always clear, or certain, how consent can be given, e.g.,

by electronic means

Cyber security - Threat Environment

Cyber Security becoming increasingly prominent in minds of

governments, businesses, citizens and residents in the region.

31

Cyber security challenges posed?

All GCC states now have Cyber Crime laws

No GCC state a member of the Council of Europe's Budapest

Convention

GCC states members of the Arab League Convention on

Cyber Crime

No data breach requirements

CERTS in each country, but, according to one insider, little

interaction

Is this enough to reassure consumers and allow for uptake

of IoT and M2M?

32

Summary

Huge opportunity, but the longer there is a delay of strategic

implementation the less benefits will be felt

Concerns regarding protecting local operators and security

(i.e., concerns regarding permanent roaming) must be

balanced against these huge opportunities. SIM based

permanent roaming is only one way that M2M and IoT will

work

Some excellent initiatives in the region e.g., Smart Dubai and

UAE's Innovations Policies

BUT a regional approach to investment and innovation policy

and regulation (licensing, roaming, numbering, spectrum)

would appear to be capable of unlocking so much more –

particularly in terms of scale and scope of economies

33

Next Steps – a suggestion

A regional M2M/IoT working group

DLA Piper established groups in EU, Asia

To develop industry led whitepapers on topics of specific

relevance to the GCC region

Free initiative i.e., no financial cost to join or participate

If interested, please contact me

eamon.holley@dlapiper.com

34