by Giulio Coraggio

The Internet of Things (IoT) is a revolution for enterprise, and the transformation and innovation it brings with it will present legal risks that many firms will never have experienced.

Businesses that are content to carry on as usual and do not respond quickly enough to the impact of IoT may find themselves following a similar path to Nokia, once the world's leading mobile phone brand.

"We didn't do anything wrong, but somehow, we lost."

In the 3rd quarter of 2007, almost half of mobile phones worldwide were Nokia phones. But in the same period of 2012, the market share had dropped to little more than 3%.

The firm's mobile phone division was sold to Microsoft in 2013, with the Nokia CEO Stephen Elop saying: "We didn't do anything wrong, but somehow, we lost." Industry observers suggested that the market had shifted too quickly and momentum was lost.

Enabling companies to introduce "tyres as a service"

Comparable change is now happening with IoT. For instance, Pirelli and Michelin are embedding their tyres with sensors to collect data about vehicle performance and road conditions. This data is conveyed to the driver and the car's electronics, helping to improve safety and efficiency, as well as enabling companies to introduce the concept of "tyres as a service".

Until recently, our relationship with tyre dealers was a visit every four or five years, whereas now customers can enter into a long-term contract in which not only is the charge turned into a periodic fee, but a number of value-added services are included.

Such value-added services are possible because of the information collected about the performance of the tyres as well as data on the driver, their habits, style of driving, and most frequent destinations.

A business that from its creation had never known anything about its customers, can all of sudden start to receive huge amounts of personal data about them - with the associated privacy-related obligations and potential liabilities.

The timing of this shift could not be worse

The EU General Data Protection Regulation has just been adopted. The Regulation will not only add considerable new privacy obligations, but also increase the applicable fines to up to 4% of the global turnover of the breaching entity.

This represents unprecedented change, and the time timing of this shift could not be worse. Indeed, one of the largest fines issued in the European Union for privacy breaches was €1 million against Google in Italy for the data collected through its Street View service.

This is not an issue only for companies based in the European Union. Wherever the business is based, it must comply with European data protection law if it offers its services in Europe or monitors European customers' behavior - for instance through cookies or fingerprinting.

"Privacy and security by design" are not only obligations, but the sole current tools available to limit potential liabilities. However, the exact scope of these obligations is still to be negotiated with privacy authorities, to find solutions that ensure privacy compliance while preserving the business potential for enterprise.

The legal issues with IoT are not only about privacy. Cybersecurity risks are also amplified with IoT technologies. The hack on connected cars last year in the US shows the size of the risk, and the exposure will further increase with sensors able to communicate with other devices, detect items and trigger automatic actions. There were 48.8 million cyber-attacks in 2014 and figures will exponentially increase with the adoption of IoT technologies.

Cyberattacks are not a question of if, but when. Companies need to prepare by adopting adequate internal policies and liability protections to minimize the risk and to react quickly to a cyberattack, thereby reducing the potential liabilities.

On Wednesday, September 28, we'll be exploring this topic at the third DLA Piper European Technology Summit 2016, which we're hosting in London. Key decision-makers from across Europe’s tech sector will join us to explore the latest trends in IoT, cybersecurity and more.

Register your interest now.

Join the conversation on Twitter with #DLAPiperTech2016.