1. Collaborating on M2M
and Internet of Things
Regulation
Eamon Holley
Informa Teleco ME 2015
9 December 2015

2. Today
 Bringing together key stakeholders
 Big Data, Cloud and Privacy
 Cyber security
 Devising a framework
2

3. Next Steps – a suggestion
 A regional M2M/IoT working group
 DLA Piper established groups in EU, Asia
 To develop industry led whitepapers on topics of specific
relevance to the GCC region
 Free initiative i.e., no financial cost to join or participate
 If interested, please contact me
eamon.holley@dlapiper.com
3

4. But before we begin…
Why isn't this a regulatory HOT topic?
4

5. M2M and the Internet of (Every)Things
2020 : Globally, 50 billion connected things and a 1 trillion dollar
industry
Humans will largely not even be aware of the work going on
around them : "Ambient networks"
5
Sectors : … well, everything!
Transport Fleet and
inventory
tracking
Health
monitoring
Real time
diagnostics
Smart
grids
Smart
homes
Smart cities
Connectivity : … well, everything!
SIMs RFID WiFi Bluetooth GPS Fixed Line ???????

6. WHAT DO WE NEED TO REGULATE?
6

7. Just a few issues to consider…
M2M
IOT
Licensing?
for
Permanent
Roaming?
Access to
Networks
Type
Approval /
Importations
Privacy and
Data
Protection
(Cyber)
security
Liabilities
7

8. Questions from clients…
 Could the use of a SIM in a local jurisdiction mean that M2M SP is
providing a telecommunications service in that country?
 Does it need a license?
 Are there data protection obligations? Are there any rules about
transferring information overseas? Can these apply to M2M?
 What about local registration or verification requirements? Even for
machines only?
 Are there any type approval rules for these machines, simply
because they have a data only SIM?
 Are there any numbering rules?
 Are there rules regarding location of equipment?
 Is this subject to lawful interception? Can the service be encrypted?
8

9. Statements from regional stakeholders…
 "…not on our to do list." – Regional Regulator
 "…there is no need for further specific IoT/M2M regulation at the
moment in the region. Permanent roaming though is a concern
which we believe should be discussed at the regional level. The
situation indeed should be monitored." – Incumbent Regional
Operator
 "Our thoughts are based on really when is the right time to regulate,
and we don't think the case to develop specific regulation or for
regulatory intervention is there yet. It is also a matter of priorities,
and there are a myriad of more pressing concerns to address here." -
Incumbent Regional Operator
9

10. On the other hand…
"I think it* is a good example of how regulators can facilitate an
approach which joins up the supply side and demand side. This
is essential to IoT (as we know from the experience in
automotive sector)." – European based International operator
*"Definition of a Research and Innovation Policy Leveraging
Cloud Computing and IoT Combination" – Final Report,
European Commission DG Communications Networks, Content
and Technology
10

11. COLLABORATION
11

12. Collaboration - Who are the stakeholders?
12
"IoT"
Vendors
Big Data
Analysts
Cloud
Vendors
TelcosConsumers
Regulators
Government

13. What collaboration?!
 TRA UAE consultation – Industry
 ITU Research Group – chaired by TRA UAE
 Dubai Smart City – Open Data Law
 UAE Innovation
 EU initiatives
13

14. TRA UAE
 2014 – TRA UAE started liaising with UAE industry players
 2015 – UAE Communications and Media Industry Group
(UCMIG) provided the TRA with technical guidance on
M2M/IoT. Particularly, M2M/IoT spectrum harmonisation in the
UAE and the region.
 Currently TRA UAE position is that M2M can be dealt with
using existing regulatory framework, but is investigating more
specific M2M issues that may be regulated separately at a
later point in time
 June 2015 – TRA UAE appointed as chair of a new ITU
research group on IoT
14

15. Dubai Smart City Initiatives
15
 Dubai Smart Government. See
http://smartdubai.ae/whitepaper/
 2014 – "make Dubai the smartest city
in the world by 2017"
 66% of world's population expected
to live in cities by 2050
 Gulf – 2014 89% of citizens live in
cities; 2050 expect 93% of citizens
living in cities
 Smart grid; Smart government; Smart health; Smart transport;
Smart education; Smart water; Smart…

16. Dubai Smart City Initiatives
16
 Thousands of free Wi-Fi hotspots offered by du
 Airconditioned bus stops with wi-fi hotspots and charging stations
 Smart grid – February 2015 120,000 smart meters, by 2017 up to
200,000 smart meters
 Smart palms – 6 meter high towers with nine-leaf shaped solar
panes – power wi-fi hotspots, charging stations, contain
touchscreens with information on transport options and local
weather. See http://didea.ae/portfolio/smart-palm/

17. Dubai Data Law
 17 October 2015 – Sh. Mohammed announced passing of
Dubai Data Law
 Freely available Data = Innovation
 An Open Data Law – and more?
 But what is Open Data?
"Data that can be freely used, reused and redistributed by anyone - subject only, at
most, to the requirement to attribute and sharealike".
See http://opendatahandbook.org/en/what-is-open-data/ and http://opendefinition.org/
"Publicly available data structured in a way that enables the data to be fully discoverable
and usable by end users".
See White House Memorandum M-13-13, issued on 9 May 2014, titled "Open Data
Policy-Managing Information as an Asset" -
https://www.whitehouse.gov/sites/default/files/omb/memoranda/2013/m-13-
13.pdf
17

18. Dubai Data Law
 Dubai Open Data
"The information available to any entity in the Emirate of Dubai,
whether governmental or in private sector, which is made available
by such entity in the Emirate to individuals and governmental or
non-governmental organizations, to be used or shared with third
parties".
Article 2, Resolution No. 2 of 2014 On the Formation of Open Data
Committee in the Emirate of Dubai.
18

19. Dubai Data Law
Freely available Data = Innovation
 Collection of Dubai Data
 Categorisation of Dubai Data – protection of privacy
 Sharing certain data between Dubai government bodies
 Making available Open Data to the public
 Can be potentially applied to private entities that the Dubai
government deems should provide specific Data Sets
19

20. UAE Innovation
 2014 UAE's National Innovation Strategy
 7 sectors - renewable energy, transport, education, health, technology,
water and space
 4 tracks:
1. New and amended legislation
2. Develop government innovation by new practices, reduce spending
by 1% and use it on research and innovations
3. Encourage private sector innovation to establish research centers,
adopt new tech, develop new products and services
4. Education
 2015 – UAE Year of Innovation
 November – AED300 billion innovation fund
 100 initiatives with major investments in education, health,
energy, transport, space and water
20

21. Europe
 "Definition of a Research and Innovation Policy
Leveraging Cloud Computing and IoT Combination"
DG Communications Networks, Content and Technology
 Digital Single Market - Data Protection Regulation
21

22. Definition of a Research and Innovation Policy
Leveraging Cloud Computing and IoT Combination
 2013 and 2014 study
 Desk and primary research
 23 expert interviews
 stakeholder workshop
 development of a market estimating IoT market value by 2020
under 3 alternative scenarios
 International analysis/benchmark of main IoT initiatives
22

23. Definition of a Research and Innovation Policy
Leveraging Cloud Computing and IoT Combination
 BUT
 Those with higher accumulated IT investments and advance
telecom network will grow faster
 Market growth could be slower if EU industry does not fully exploit
IoT revolution and opportunities
 IF growth is slower than baseline expectations, then potential IoT
market value could be EU976 billion – 18% lower than baseline
 IF growth is higher than baseline expectations, then potential IoT
market value could be EU1,128 billion – 5% higher than baseline
 Risks from inaction or mismanagement greater than slightly
more than optimistic baseline
23
Measure 2013 2020
IoT Connections 1.8 billion 6 billion
IoT Revenues EU 307 billion EU 1,181 billion

24. Definition of a Research and Innovation Policy
Leveraging Cloud Computing and IoT Combination
RISKS to IoT take up
 Inability of EU industry, particularly SMEs, to adopt IoT
innovation on a large scale, due to insufficient investments and
organizational barriers to change
 concerns about privacy and data protection
 mismanagement of new security risks
 lack of standards and interoperability across fragmented
European markets preventing economies of scale and scope
Insert GCC here?
24

25. EU Recommendations
13 recommendations around investment, research, encouraging
supply, creating demand uptake, removing regulatory barriers
etc.
#3 – Promote development of broad-based, open horizontal platforms in order
to overcome potential fragmentation of the EU market and support the
development of competitive supply and industry and a balanced ecosystem
#12 – EC should contribute to building trust and confidence in IoT…taking
account of psychological, social and pragmatic issues potentially affecting trust
and confidence of potential users in IoT, Cloud and Big Data an services
#13 – develop the internal single market for IoT services and applications, by
promoting the adoption of open standards and interoperable solutions across
Europ, fostering cooperation between standards bodies, pointing out regulatory
barriers and suggesting remedial actions
25

26. Data Protection Regulation
 A new, single Data Protection Regulation in Europe in 2016
 Not a Directive and no need for EU member state legislation
 To prevent companies dealing with myriad of laws which follow Directive
principles, but which are different
 Currently plans to be stricter in catching entities outside of the EU but whose
data processing relate to the offering of goods or services to, or monitoring,
data subjects residing in the EU.
 Fines based upon annual worldwide turnover
 Data breach notifications
 Explicit data subject consent requirements
Do these sit contrary with the DG Comm's recommendations on IoT take-
up?
26

27. Big Data, Cloud Computing, Privacy
If data is the new oil, is privacy the water?
27

28. Cloud Computing and Big Data
Cloud Computing
 Happening
 Little to no regulation surrounding it per se
 Does there need to be?
Big Data
Data collection, data transfer, data storage, data processing
28

29. Current legislative framework
29

30. Data Protection and Privacy
30
 Currently no comprehensive data protection laws per se
 There are laws relating to privacy, often in criminal laws such
as penal codes and cyber crime laws; Certain countries restrict
data transfer in certain sectors – KSA banking information
 Generally rely upon consent for use of and transfer of data
 But, no clear guidance on personal or sensitive personal data
 Concept of "privacy" is stricter in the region than what we may
be used to in other countries;
 Not always clear, or certain, how consent can be given, e.g.,
by electronic means

31. Cyber security - Threat Environment
Cyber Security becoming increasingly prominent in minds of
governments, businesses, citizens and residents in the region.
31

32. Cyber security challenges posed?
 All GCC states now have Cyber Crime laws
 No GCC state a member of the Council of Europe's Budapest
Convention
 GCC states members of the Arab League Convention on
Cyber Crime
 No data breach requirements
 CERTS in each country, but, according to one insider, little
interaction
Is this enough to reassure consumers and allow for uptake
of IoT and M2M?
32

33. Summary
 Huge opportunity, but the longer there is a delay of strategic
implementation the less benefits will be felt
 Concerns regarding protecting local operators and security
(i.e., concerns regarding permanent roaming) must be
balanced against these huge opportunities. SIM based
permanent roaming is only one way that M2M and IoT will
work
 Some excellent initiatives in the region e.g., Smart Dubai and
UAE's Innovations Policies
 BUT a regional approach to investment and innovation policy
and regulation (licensing, roaming, numbering, spectrum)
would appear to be capable of unlocking so much more –
particularly in terms of scale and scope of economies
33

34. Next Steps – a suggestion
 A regional M2M/IoT working group
 DLA Piper established groups in EU, Asia
 To develop industry led whitepapers on topics of specific
relevance to the GCC region
 Free initiative i.e., no financial cost to join or participate
 If interested, please contact me
eamon.holley@dlapiper.com
34