Internet-connected "smart" devices are increasingly available in the marketplace, including a growing industry of devices that monitor the human body. The authors of this report examine this emerging collection of Internet of Bodies (IoB) technologies; explore benefits, risks, and ethical implications; survey the nascent regulatory landscape; and make recommendations to balance IoB risks and rewards.
- What are the benefits, security and privacy risks, and ethical implications of the growing Internet of Bodies (IoB)?
- What is being done to regulate the IoB and the data collected by its devices?
- What can be done to balance the risks and rewards of the IoB?
Internet-connected "smart" devices are increasingly available in the marketplace, promising consumers and businesses improved convenience and efficiency. Within this broader Internet of Things (IoT) lies a growing industry of devices that monitor the human body and transmit the data collected via the internet. This development, which some have called the Internet of Bodies (IoB), includes an expanding array of devices that combine software, hardware, and communication capabilities to track personal health data, provide vital medical treatment, or enhance bodily comfort, function, health, or well-being. However, these devices also complicate a field already fraught with legal, regulatory, and ethical risks. The authors of this report examine this emerging collection of human body–centric and internet-connected technologies; explore benefits, security and privacy risks, and ethical implications; survey the nascent regulatory landscape for these devices and the data they collect; and make recommendations to balance IoB risks and rewards.
Governance of IoB devices is managed through a patchwork of state and federal agencies, nonprofit organizations, and consumer advocacy groups
- The primary entities responsible for governance of IoB devices are the FDA and the U.S. Department of Commerce.
- Although the FDA is making strides in cybersecurity of medical devices, many IoB devices, especially those available for consumer use, do not fall under FDA jurisdiction.
- Federal and state officials have begun to address cybersecurity risks associated with IoB that are beyond FDA oversight, but there are few laws that mandate cybersecurity best practices.
As with IoB devices, there is no single entity that provides oversight to IoB data
- Protection of medical information is regulated at the federal level, in part, by HIPAA.
- The Federal Trade Commission (FTC) helps ensure data security and consumer privacy through legal actions brought by the Bureau of Consumer Protection.
- Data brokers are largely unregulated, but some legal experts are calling for policies to protect consumers.
- As the United States has no federal data privacy law, states have introduced a patchwork of laws and regulations that apply to residents' personal data, some of which includes IoB-related information.
- The lack of consistency in IoB laws among states and between the state and federal level potentially enables regulatory gaps and enforcement challenges.
- The U.S. Commerce Department can put foreign IoB companies on its "Entity List," preventing them from doing business with Americans, if those foreign companies are implicated in human rights violations.
- As 5G, Wi-Fi 6, and satellite internet standards are rolled out, the federal government should be prepared for issues by funding studies and working with experts to develop security regulations.
- It will be important to consider how to incentivize quicker phase-out of the legacy medical devices with poor cybersecurity that are already in wide use.
- IoB developers must be more attentive to cybersecurity by integrating cybersecurity and privacy considerations from the beginning of product development.
- Device makers should test software for vulnerabilities often and devise methods for users to patch software.
- Congress should consider establishing federal data transparency and protection standards for data that are collected from the IoB.
- The FTC could play a larger role to ensure that marketing claims about improved well-being or specific health treatment are backed by appropriate evidence.
Funding for this report was provided by a generous grant from Jacques Dubois. The research was conducted by the Center for Global Risk and Security.
This report is part of the RAND Corporation Research report series. RAND reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND reports undergo rigorous peer review to ensure high standards for research quality and objectivity.
Permission is given to duplicate this electronic document for personal use only, as long as it is unaltered and complete. Copies may not be duplicated for commercial purposes. Unauthorized posting of RAND PDFs to a non-RAND Web site is prohibited. RAND PDFs are protected under copyright law. For information on reprint and linking permissions, please visit the RAND Permissions page.
The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.
- Copyright: RAND Corporation
- Availability: Available
- Paperback Pages: 36
- List Price: $19.00
- Paperback Price: $15.20
- Paperback ISBN/EAN: 9781977405227
- DOI: https://doi.org/10.7249/RR3226
- Document Number: RR-3226-RC
- Year: 2020
- Series: Research Reports
Stay Informed RAND Policy Currents
Get weekly updates from RAND.
- Chicago Manual of Style
- RAND Corporation Style Manual
Lee, Mary, Benjamin Boudreaux, Ritika Chaturvedi, Sasha Romanosky, and Bryce Downing, The Internet of Bodies: Opportunities, Risks, and Governance. Santa Monica, CA: RAND Corporation, 2020. https://www.rand.org/pubs/research_reports/RR3226.html. Also available in print form.
Lee, Mary, Benjamin Boudreaux, Ritika Chaturvedi, Sasha Romanosky, and Bryce Downing, The Internet of Bodies: Opportunities, Risks, and Governance, Santa Monica, Calif.: RAND Corporation, RR-3226-RC, 2020. As of July 02, 2021: https://www.rand.org/pubs/research_reports/RR3226.html