EPSRC logo

Details of Grant 

EPSRC Reference: EP/P024394/1
Title: Towards a legally-compliant Internet of Things
Principal Investigator: Singh, Dr J
Other Investigators:
Researcher Co-Investigators:
Project Partners:
Department: Computer Science and Technology
Organisation: University of Cambridge
Scheme: EPSRC Fellowship
Starts: 01 November 2017 Ends: 31 January 2023 Value (£): 952,129
EPSRC Research Topic Classifications:
Information & Knowledge Mgmt Mobile Computing
Public Law Socio Legal Studies
EPSRC Industrial Sector Classifications:
No relevance to Underpinning Sectors
Related Grants:
Panel History:
Panel DatePanel NameOutcome
23 Feb 2017 EPSRC Digital Economy Fellowship Interviews 23 Feb 2017 Announced
12 Jan 2017 EPSRC ICT Prioritisation Panel Jan 2017 Announced
Summary on Grant Application Form
This project is to forge new directions towards the important, but largely unexplored challenge of aligning the Internet of Things (IoT) with legal and regulatory realities.

The broad vision of the IoT is where the physical world comes online. It entails sensors and actuators seamlessly integrated with virtual services, as part of a wide-scale, potentially global systems infrastructure that dynamically reacts and responds to meet various goals.

This vision has captured mainstream imagination. The connected infrastructure, a large-scale distributed system, enables a potentially limitless range of applications, which can be customised to individuals, groups and organisations, in areas including cities, retail, energy, health and lifestyle, transport and agriculture.

However, with this vision comes legal, regulatory and social challenges. The scale and physical nature of this emerging systems environment involves sensors generating data on many detailed aspects of the world, much of it (potentially) highly personal or otherwise sensitive, and where actuation capabilities give systems a real, physical-world effect.

As such, IoT (and more generally, ICT) applications, systems and services are increasingly subject to law and visible to regulators, while consumers, businesses and governments are beginning to demand more transparency and agency. Having the means for managing the associated risks, responsibilities, and obligations of the IoT is crucial for realising its potential, and the significant economic and social benefits it promises.

This project directly targets these issues, by taking an interdisciplinary (tech-legal) approach towards legally-compliant distributed systems. The aim is to develop the conceptual frameworks for considering tech-legal compliance issues as well as the technical means for enabling systems (and therefore, those responsible) to comply with legal and regulatory obligations. By facilitating compliance, we work to improve agency, trust and accountability in the IoT, as well as reducing the overheads of compliance.

As the IoT is data driven, the specific focus is on data flow management. We seek to improve the *control* and *visibility* of data as it moves throughout the IoT, in line with data management policy, reflecting legal obligations. This is so that those who have rights over data (including end-users), and those responsible for data (including service providers), are able to ensure their requirements and obligations are met, even as data moves `out of their hands'.

This entails investigating how law and regulation, reflecting responsibilities and obligations, and personal preferences, can be embodied in policy, which technical mechanisms enforce end-to-end, system-wide. This includes auditing policy enforcement, to assist in demonstrating compliance, apportioning liability and indicating whether policy adequately captures legal responsibilities. This also entails the development of legal-technical frameworks that provide the methodology for investigating, enumerating and aligning compliance concerns across the disciplines, and identifying the mismatches between law and technology.

Addressing such challenges requires an interdisciplinary approach. This project embodies a technical/legal symbiosis: work on the technical mechanisms for system-wide control and audit will be driven by legal and regulatory realities, and at the same time, we consider how the technical work impacts the emerging liability and policy concerns arising from the physical and increasingly pervasive and intrusive nature of the IoT.

In undertaking this work, we seek to build the foundations for a broader area of multidisciplinary research concerning legally compliant systems.
Key Findings
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Potential use in non-academic contexts
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Description This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Date Materialised
Sectors submitted by the Researcher
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Project URL:  
Further Information:  
Organisation Website: http://www.cam.ac.uk