Center for Data Innovation (CDI) is the leading think tank studying the intersection of data, technology, and public policy. It recently published some comments to the Commission on its reflection and orientation paper on smart wearables,
First of all, CDI welcomes and recognises most of the conclusions drew by the Commission, including agreeing the opportunities presented by wearables and broader IoT sector. However, it also points out several important details, which if overlooked, may end up jeopardizing the ability to realise the ambition. The details that need further considerations are simplistic approach to European competitiveness and standards, misconceptions to privacy implications from wearables, excessive privacy policies, cybersecurity practices and medical regulations.
Besides the business opportunities identified in the paper, the Commission should consider more in leveraging existing platforms such as iOS and Android and the benefits of M&As.
Policy makers should let the market to lead the role in standards, refraining from enforcing standards through regulations. In the meanwhile, they should focus on more stipulating standards in public procurement.
The GDPR already imposes excessive restrictions on data re-use. The upcoming ePrivacy directive could also impact connected devices if the rules on data flow are too restrictive. The commission could consider to identify where existing policy fall short of creating ¨innovation friendly¨ regulations.
For instance, in the case of concerns over devices with cameras, the Commission overlooked the fact that the privacy implications of camera use in connected devices are mostly legitimate because they are already addressed in regulations in other areas such as medical confidentiality laws. They don’t necessarily introduce anything new in regulatory terms.
Free Flow of Data
Free flow of data are important for supporting the development of smart wearables and IoT industry at large. Restricting data flows, for instance by uniformly localising data, might reduces the number of competing cloud companies developers can choose from, which needlessly raises costs.
Free data flow should not only guaranteed within European countries, but should also include non-EU countries.
Cybersecurity is guaranteed through good cybersecurity practices. European policymakers should urge companies to publish security terms to expose bad practices and hold companies accountable at the same time. Moreover, the terms should be published digitally and updated with the fast change of security standards, instead of statically presented in sticky labels.