.
context of transactions and companies’ existing relationships with consumers. Similarly, the EU data protection authorities have noted that IoT data collected for one purpose may be analysed and matched with other data, leading to a range of repurposing. Such data reuse should be compatible with the original purpose of collection and known to the user (this is known as “purpose limitation”). A range of mechanisms could be used to obtain consent, including:• choices at point of sale or device setup;• QR codes or barcodes on a device that could take a user to a website;• privacy dashboards, for example in smart phones; and • by learning from consumer behaviour, such as through privacy preferences set on other related devices122. Data minimization remains an important privacy-protective principle for consumer IoT devices, limiting the amount of personal data collected or retained, and hence reducing risks from data breaches and misuse. The FTC foresees more flexibility for IoT services in collecting data not initially required to provide a service, while under stricter European rules the EU data protection authorities “cannot share this analysis”123.Table 5 below identifies possible measures regulators can consider to foster development of the IoT. Trends in Telecommunication Reform 2016 91 Chapter 3 Table 3.4: Potential IoT regulatory measures Potential regulatory measures Licensing and spectrum management • Further experimentation with use of white-space and shared-space technology.• Encourage development of LTE-A and 5G networks, and review the need for IoT-specific spectrum.Switching and roaming • Global agreement on updated E.212 standards, making appropriate use of GSMA standards, and provision of Mobile Network Codes to IoT service providers.Addressing and numbering • Universal IPv6 adoption by governments in their own services and procurements, and other incentives for private sector adoption.Competition • Consider measures to increase interoperability through competition and consumer law, and give users a right to easy access to personal data. • Support global standardization and deployment of remotely provisioned SIMs for greater M2M competition.Privacy and security • R&D on more hardware and software security and privacy mechanisms for resource-constrained IoT systems, particularly targeted towards start-ups and individual entrepreneurs that lack resources to easily develop this functionality.• Incentives for companies to develop new mechanisms to improve transparency of IoT personal data use, and for gaining informed consent from individuals concerned when sensitive data is gathered or inferences drawn.• Greater use of privacy impact assessments by organizations building and configuring IoT systems.• Development of further guidance from global privacy regulators on application of the principles of data minimization and purpose limitation in IoT systems.• More cooperation between telecommunication and other regulators such as privacy/data protection agencies.