Governing the progress of internet-of-things: Ambivalence in the quest of technology exploitation and user rights protection

This paper discusses the dynamics between the pursuit of competitiveness and governance of data security in strengthening the Internet of Things (IoT) readiness in developing economies using Malaysia as a case study. It explores the potential of the IoT regulatory framework in guarding the privacy and interests of IoT users. This paper also reveals the collaborative model of technology push-market pull for technological capabilities development as well as the measures that uphold the principles of good privacy practice. The model incorporates privacy-by-design measures that would result in higher user confidence in this emerging technology, which is vital to a healthy IoT ecosystem. Through the collaborative model of Penang as evidence, our findings indicate that Malaysia seeks to create a structure that fosters technology push-market pull forces for IoT technological capabilities development. While the model paves a co-evolutionary path for diffusion and upgrading of IoT, several issues related to the volatility of online data and databases were identified as well as the lack of responsibility and accountability of corporations in handling the sensitive personal data of customers. We see that it is essential for the regulators to play a (more) significant role in safeguarding the interests of IoT users. In this regard, the privacy-by-design, a citizen-centric regulatory framework should be considered in policy reviews in deploying IoT-based competitive promotion initiatives. This paper breaks new ground by elaborating on the common route of IoT technology capabilities development, which is typical in the developing context. While it highlights the common issues that emerge as technology advances, we propose a regulatory framework that features embedded privacy-by-design to protect the interests of the IoT users.