One challenging aspect of privacy and data security law is that technology is constantly evolving. The near and long term future of privacy and data security will be driven by emerging technologies that developers, legislators, businesses, and lawyers may not fully understand for years to come. Last year saw a surge in technologies enabling companies to collect and analyze increasing amounts of consumer data as well as the development of technologies enabling consumers to better protect their privacy. Just as the development of new technologies is inevitable, so too is the rise of potential ways in which those technologies can be misused, which in turn provokes a legislative and regulatory response. The cycle never ends.

To help privacy and data security professionals keep pace with these changes, we will be providing regular updates throughout the course of the year on the development of emerging technologies, as well as legislation and regulation regarding privacy and data security. We begin with a review of recent developments in the Internet of Things and biometric technologies, and offer some predictions on legal and business changes to look for in 2018.


Summary of major developments from 2017:

  • Cloud Services: In May, Google launched a private beta test, followed by a public beta test in September, for its Cloud IoT Core. The Core manages, processes, and analyzes IoT data in real time, while also connecting and registering devices onto Google’s cloud and other areas of Google’s platform.
  • IoT Cybersecurity Act: On August 1, 2017, Senator Mark Warner (D-VA) introduced the IoT Cybersecurity Act in order to create standards for those Internet connected devices purchased by federal agencies. The Act, one of the few pieces of proposed legislation grappling with IoT, intends to provide greater security for government devices and may have a trickledown effect for non-government purchased devices, incentivizing greater security as more devices join the IoT ecosystem. The bill has been referred to the Senate Committee on Homeland Security and Governmental Affairs.
  • Cognitive Computing: While cognitive computing / machine learning is not new, application of such technologies in the IoT realm increased substantially in 2017.  From autonomous vehicles avoiding accidents to technology assisted rooms learning its users’ preferences, cognitive computing is becoming an increasingly important feature for any IoT device.
  • Subscription Based IoT Revenue Streams: With the popularity of IoT devices, businesses that sell IoT products have begun to take the data obtained from their products and sell it to create another revenue stream. For example, smart thermostats that ensure proper home climate control can sell the data regarding home temperature preferences to utility companies to assist in the creation of energy usage patterns.

What to Expect in 2018:

  • The Digital Twin: This new technology serves as a digital copy of a connected device, and can help a company monitor the quality and deterioration of the device over time. Expect to see more use of this technology in manufacturing, large real estate complexes, airplanes, and any other industries requiring heightened monitoring, diagnostics, and prognostics functionality.
  • Edge Computing: Edge computing, or the processing of information near the source of that data to optimize data analysis, is helping to increase the development of IoT devices.  Edge computing can manage the collection of data from IoT devices and identify efficient processing locations such as the cloud, allowing for greater efficiency and usability of IoT devices and possibly lower security risks.
  • Industrial Uses: Many companies have launched smart factories to increase efficiency and productivity.  Experts believe this year will herald the wide-spread adoption of IoT solutions in industrial factories.  Smart conveyor belts, cutting machines, and other industrial machinations will become more commonplace, increasing the need for greater security and IT knowledge.
  • Increase in Consumer Products and Greater Connectivity: With the popularity of Google’s and Amazon’s digital home assistants, other companies are beginning to enter the fray and provide greater options to home owners. Apple’s HomePod, for instance, will integrate with third party applications while controlling home accessories such as shades and lights as well.


Summary of major developments from 2017:

From FaceID on the iPhone X to the emergence of biometric smart payment cards, 2017  saw a surge in the use of biometrics in consumer products. This trend looks to continue in 2018, with further uses of biometric data expected for mobile financial and healthcare applications, among others.

  • Facial Recognition: In 2017, Apple moved away from fingerprint authentication for its flagship iPhone X in favor of Face ID, which uses depth mapping and infra-red technology to create a mathematical representation of a user’s face (which is then compared to enrolled facial data). The technology is intended to work indoors, outdoors, or in total darkness, and is designed to adapt to changes in appearance (including cosmetic makeup or changes in facial hair). Apple reports that the technology is demonstrably more secure than fingerprint scanning.
  • Smartphone Payments: The use of biometric authentication on smartphones in 2017 helped expand consumer use of smartphones for financial transactions. Advances in biometric security and accuracy contributed to the expanded functionality of mobile financial services.
  • Payment Cards: A 2017 study demonstrated that privacy and data security concerns would likely not hinder the widespread consumer adoption of payment cards that rely on biometric identifiers. A trial conducted among South African and European card consumers found that upwards of 90% of those surveyed would utilize biometric authentication (over PIN security).

What to Expect in 2018:

Over the next year, the use of biometric technology, particularly for consumer products, will likely expand and evolve.

  • Fingerprints: The proliferation of facial recognition technologies, including adoption of Apple’s Face ID, will likely lead to reduced usage of fingerprint recognition technologies.
  • Smart cards: Biometric usage will likely expand in the smart card industry, and such expansion must be prepared for new and expanding legal requirements for multi-factor/multi-stage authentication, such as point of sale biometric technologies. The rise of biometric payments may reduce the need for retailers and financial institutions to rely on PIN security.
  • Healthcare: Look for healthcare providers to use biometric security to allow patients greater access to their healthcare records or to verify e-prescriptions, as well as other end-user conveniences. Hospitals and other providers could use biometric scanning to enhance access to trusted and identified staff within physical premises.
  • Vehicles: Next generation automobiles, including autonomous driving vehicles, will increasingly use biometric identifiers to make the user experience more hands free, both for safety and personalization. This personalization could extend to functions like identifying authorized drivers and their related user preferences for music, seat positioning, temperature, and more.

The Internet of Things and biometrics will be only some of the topics relating to emerging technologies to be covered in Ballard Spahr’s CyberAdviser. Please check back frequently to learn about the latest developments in legislative, regulatory, or industry developments affecting a wide range of emerging technologies, including block chain, wearable technology, and autonomous vehicles.