There are increasing concerns about data privacy and online security around the world; this is somewhat of a paradox, as users continue to give away personal data (and thus their privacy) in exchange for different services. A recent survey [CIGI-Ipsos 2019] on Internet security and trust found that 78 percent of Internet users in 25 economies were at least somewhat concerned about their privacy online. Internet scams of various types have also been demonstrated to raise internet users’ sensitivity to privacy issues [Chen 2017]. While economic development theory has long grappled with the consequences of cross-border flows of goods, services, ideas, and people, the most significant growth in cross-border flows now comes in the form of data. Some of these flows represent ‘raw’ data while others represent high-value-added data; this can make a difference in the trajectory of national economic development [Weber 2017]. Public awareness about privacy risks on the Internet is increasing; with the evolution of the Internet to the Internet of Things, these privacy risks are likely to become even more significant due to the large amount of data collected and processed by IoT architectures [Baldini 2018]. The Sony pictures hack[1] illustrates that privacy is not just an individual concern; unease over privacy expectations has emerged at the individual, governmental and international levels. Conceptually and methodologically, privacy is often confounded with security. [Spiekerman-Hoff 2012]. Gartner expressed a concern that the biggest inhibitor to IoT growth will be the absence of security by design[Gartner 2018] (which would include some aspects of privacy). While there has been considerable attention placed on some aspects of security, privacy has received less attention from the IoT community.  Privacy was identified this year by Deloitte^[2] to be the factor driving regulatory uncertainties over data management. This regulatory uncertainty challenges enterprises’ adoption of new technologies (like blockchain, or IoT). Social expectations for privacy are evolving, particularly in regard to aggregate representations of personal data in cyberspace. IoT devices and architectures are emerging as a major new data source for capturing representations of human activity. Rising cyberspace privacy concerns are moving beyond isolated activities like web browsing or social networks to consideration of the privacy impacts of the aggregate representation of personal data, including foreseeable data generation capabilities of IoT architectures. At a minimum, this creates a public relations problem for the deployment and operation of IoT Architectures.

IoT networks, like many other networks, are not technically constrained within geographical or political boundaries, but these political constructs may imply legal obligations for participants. Many of these legal notions of privacy evolved prior to the availability of the internet. International treaties like the UNDHR [UN 1948] and ICCPR [UN 1976] provide some definitional guidance on privacy rights, and [ALI 1977] identifies US common law privacy torts related to intrusion upon seclusion, appropriation of name or likeness, and publicity given to private life. These legal concepts, however, were all in place before the deployment of the Internet and the emergence of IoT. US legal requirements on privacy also come from a variety of other sources including constitutional limits, legislation, regulation, common law, and contract law; while litigation processes like discovery also implicate privacy. The Federal Trade Commission provides some cross-industry-sector privacy enforcement, but other industry-specific agencies in the health, finance, education, telecommunications, and marketing enforce industry-specific privacy regulations. States have also promulgated their own laws (e.g., on data breach notification and reporting obligations). [Solove 2006] proposed a privacy taxonomy with four main groups of activities that threated privacy (1) information collection (including surveillance and interrogation); (2) information processing (including aggregation, identification, insecurity, secondary use and exclusion); (3) information dissemination (including breach of confidentiality, disclosure, exposure, increased accessibility, blackmail, appropriation, and distortion); and (4) invasions (including intrusions and decisional interference). More recently, the General Data Protection Regulation [EU 2016] (GDPR) applies extraterritorially to protect EU citizens and has also been influential in other national privacy efforts. In particular, GDPR identifies roles in managing data (e.g., Data Protection Officers); rights for data subjects (including breach notification, access to their personal information, data erasure (the right to be forgotten), and data portability); and requires privacy to be incorporated into the design of systems (Privacy by Design). Globally, privacy laws are continuing to evolve towards bringing greater rights to data subjects [Greenleaf 2019]. Legal considerations on privacy generally revolve around the rights and obligations of legal entities; the IoT, however, is generally considered from the perspective of “things” and the data they generate or consume.  The “things” in IoT are not usually considered legal entities, but many recent proposals for IoT architectures have been based on blockchains, and some have argued that blockchains could be implemented as Digital Autonomous Organizations (DAOs) structured to be recognized as independent legal entities (e.g., zero-member LLCs [Bayern 2014] or BBLLCs [Vermont 2018]). Manufacturers of IoT systems often seek the scale of global markets, and so cannot avoid these international trends in privacy regulation. IoT architectures have historically not emphasized privacy features, or considered IoTs operating as independent legal entities. The threats of increased regulation and the opportunities of new legal options will challenge existing IoT deployments and create opportunities for new IoT architectures.

The data we collectively create and copy each year is growing at 40% annually is estimated[3] to be around 44ZB/yr in 2020 (that’s around 6TB/yr for every person on earth), with much of this data expected (in future) to come from IoT devices sensing the world around them. Today, while people may choose to consume their portion of all their data as internet cat videos, many are not mindful of the digital footprints they leave in cyberspace [Camacho 2012].  An entirely new value chain has evolved around firms that support the production of insights from data.  Individual data are worth very little on their own; the real value of data comes from the data being pooled together. [Beauvisage, 2017]. IoT provides a major new source of data for the big data value chain. Beyond intentional internet interactions, IoT sensor networks can also passively collect data on human activities. At the earlier stages of the data value chain, information content is limited, and therefore the scope for value generation is also low; at the same time, the data is more personalized and hence more susceptible to privacy threats.  Some types of data should not be extracted, for instance, if it impinges on fundamental privacy rights. Some data, such as health data, may be usefully extracted under highly regulated circumstances. For many IoT architectures, the privacy threat arising from information processing (e.g., aggregated data) may be more severe than individual data samples. IoT data does not have to be as bandwidth-intensive and focused as video surveillance to threaten privacy. Patterns of private human activity can be discerned from aggregating data from disparate IoT architectures. The ownership and control options for IoT architecture generated data (as relating to human privacy) may be more complex than previous IoT architectures had considered – perhaps rather than centralizing data from IoT sensors in the cloud, IoT data may need to remain distributed, but responding to a limited set of authorized queries. Some actors may also have access across multiple IoT architectures providing a further degree of information aggregation and processing. Even IoT architectures intended for other purposes (e.g. environmental monitoring) may have the data they generate repurposed in ways that violate human privacy.  For IoT architectures to succeed in large scale commercial deployments, they must be prepared to address evolving privacy concerns. This will require IoT architecture to identify which of the data they generate can implicate human privacy concerns.

Humans are interacting with vast amounts of data in new and unusual ways.  Sensor density in consumer products is also increasing. Cyberspace historically was just an environment in which computer communication occurred; now it is already defined more by users’ social interactions rather than technical implementation concerns [Morningstar 2003]. Cyberspace computation today is often an augmentation of the communication channel between real people. People seek richness, complexity, and depth within a virtual world; and at the same time require increasing annotation of real-world entities with virtualized data in augmented reality.  Humans increasingly use cyberspace for social interaction merging cyberspace and social spaces into social computing. The environments, however, are not the same; humans’ expectations and intuitions from the physical world do not always carry over into cyberspace.  For example, real-world experiences are ephemeral; thanks to data storage, however, representations of personal data do not naturally decay; applying this to privacy violations, a transient real-world peeping incident equivalent in cyberspace could result in an ongoing data peeping threat. Legal notions of privacy are typically sensitive to the context (e.g., public spaces vs homes) and actors (e.g., people, organizations, governments). If IoT deployment scale projections are correct, then cyberspace in the near future will be dominated by data flows from IoT architectures. Cyberspace may create notions of new types of entities that may implicate privacy [Kerr 2019], and DAOs are one example of this. Devices are evolving to provide more “human-like” interfaces (e.g. voice assistants (e.g. Alexa, Siri) AI chatbots [Luo 2019]) and autonomous activity (e.g. UAV drones, Level 5 self-driving cars).  The Apple iPhone 11 sensors include[4] faceID, barometer, three-axis gyro, accelerometer, proximity sensor, ambient light sensor, audio, and multiple cameras. The Tesla Model 3 includes[5] rear side and forward cameras, forward-facing radar and 12 ultrasonic sensors. The increasing data intensity in human experience is affecting human behavior and perceptions. While data generically is a very abstract concept, IoT sensor data is very much concerned with creating and aligning various linkages between physical reality and its cyberspace counterpart. Many actors may have an interest in the data about humans created by IoT devices and architectures. Beyond data ownership considerations, recent privacy legal initiatives have created new roles and additional obligations for operators of IoT architectures – e.g. GDPR’s rights to correct data or to be forgotten. The scope, scale, and serendipity of individual human interactions with cyberspace are reaching a qualitative change as IoT architectures become more pervasive.

The human-computer interaction (HCI) with the IoT blockchain is also an important factor affecting whether privacy enhancements are successful. Click through licenses can easily permit users to contract away their privacy rights (unless otherwise limited by regulation). There have been some efforts[6] to provide better exemplars of legal patterns for privacy information; adoption, however, is voluntary unless there is some superseding regulation (e.g., requiring specific notices to “opt-in” for certain types of information disclosures). Given the evolving nature of privacy concepts, HCI approaches may be helpful [Wong 2019] to better define users’ perceptions of the privacy problem space. Trademarks and certification seals may be useful [Wirth 2018], [Bansal 2008] for consumers to identify and trust products and services that provide privacy assertions (e.g., conformance to privacy regulations such as the GDPR). Beyond disclosures, new privacy rights create functions (e.g., for authorized modification or deletion of data) that need to be supported in IoT architectures. The effectiveness of such functions in providing humans with more advanced controls of their personal data will depend in large part on their ease of use. The usability/ operability of such user controls of their data will also be impacted by the visibility and accessibility of the privacy controls. IoT use cases need to evolve to consider these new roles and functions within IoT architectures and how humans can effectively use them to maintain control of their privacy.

Two fundamental technology trends are driving the Internet of Things (IoT). Firstly, the continued miniaturization of devices through Moore’s law, nanotechnology, new materials, etc.,  is providing an increased density of functionality in devices, and a consequent increase in the variety and volume of the data these devices can generate and consume. Secondly, the number and quality of connections are increasing.  Gartner estimated[7] there would be 8.4 billion connected Internet-of-Things (IoT) devices in use worldwide in 2017 and projects an increase to 50 billion by 2020. IoT use cases are one driver for 5G deployments and these deployments are also expected to increase connectivity density towards ubiquity in many areas.  Ericsson estimates[8] there will be 1.5 billion IoT devices with cellular connections by 2022 with cumulative annual growth rates on the order to 20%-30%. This is significantly faster growth than the US GDP growth (estimated^[9]in the range 2-3% 2018-2019) or world population growth rates (estimated^[10]at 1-2%). Even the job outlook for software developers is only expected^[11] to improve by ~21% (2018-2018). The number of IoT devices and their connectivity is evolving the Internet to be primarily an Internet of Things, where the IoT devices, and the data they communicate, forms the dominant usage pattern. This massive IoT investment comprises multiple information infrastructures; forming a cyberspace data environment within which people will interact for an increasing portion of their lives. With massive IoT deployments expected within the next 5 years, to avoid stranded investments, it is important to get the appropriate IoT architecture requirements in place to address common human concerns, particularly around privacy. Existing IoT deployments will also be impacted by privacy as public relations headwinds, evolving regulatory requirements on management of IoT data, changing human attitudes due to the qualitative changes in cyberspace experiences from pervasive IoT environments, and increased user control of IoT data. Retrofitting privacy (or security) into an existing distributed architecture is unlikely to be simple cheap or complete. New IoT architectures must consider privacy impacts.

References

[ALI 1977] American law Institute, “Restatement of the law, Second, Torts”, 1977, § 652

[Baldini 2018] G. Baldini, et al. “Ethical design in the internet of things.” Science and engineering ethics 24.3 (2018): 905-925.

[Bansal 2008] G. Bansal, et.al., “The moderating influence of privacy concern on the efficacy of privacy assurance mechanisms for building trust: A multiple-context investigation.” ICIS 2008 Proceedings (2008)

 [Bayern 2014] S.Bayern, “Of bitcoins, Independently wealth software and the zero member LLC”, Northwestern U.Law Rev. vol 108, pp 257-270, 2014

[Beauvisage 2017] T. Beauvisage (2017). Selling one’s behavioral data: An impossible market? (Research blog). Orange. April 18. Available at: https://recherche.orange.com/en/selling-ones-behavioral-data-an-impossible-market/.

[Camacho 2012] M.Camacho, et. al., “Self and identity: Raising undergraduate students’ awareness on their digital footprints.” Procedia-Social and Behavioral Sciences 46 (2012): 3176-3181.

[Chen 2017] H.Chen, et.al., “Securing online privacy: An empirical test on Internet scam victimization, online privacy concerns, and privacy protection behaviors.” Computers in Human Behavior 70 (2017): 291-302.

[CIGI-Ipsos 2019] CIGI-Ipsos, UNCTAD and Internet Society (2019). 2019 CIGI-Ipsos Global Survey on Internet Security and Trust. Centre for International Governance Innovation, UNCTAD and the Internet Society. Available at: https://www.cigionline.org/internet-survey-2019.

[EU 2016] European Union: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

 [Gartner 2018] R.Contu, et.al.,“Forecast: IoT Security, Worldwide, 2018”, Gartner, Tech. Rep., 2018. 

[Greenleaf 2019] G. Greenleaf, “Global Data Privacy Laws 2019: New Eras for International Standards.” (2019).

[Kerr 2019] Kerr, Ian. “Schrödinger’s Robot: Privacy in Uncertain States.” Theoretical Inquiries in Law 20.1 (2019): 123-154.

[Luo 2019] Luo, Xueming, et al., “Frontiers: Machines vs. Humans: The Impact of Artificial Intelligence Chatbot Disclosure on Customer Purchases.” Marketing Science (2019).

[Morningstar 2003] C.Morningstar, et. al., The Lessons of Lucasfilm’s Habitat. The New Media Reader. Ed. Wardrip-Fruin and N. Montfort: The MIT Press, 2003. 664-667. 

[Solove 2006] Daniel J. Solove “A Taxonomy of Privacy”. U. Pa. L. Rev., 154:477–560, 2006.

[Weber 2017] S. Weber, “Data, development, and growth.” Business and Politics 19.3 (2017): 397-423.

[Spiekerman-Hoff 2012]. S.Spiekermann-Hoff,  “The challenges of privacy by design.” Communications of the ACM (CACM) 55.7 (2012): 34-37.

[UN 1948] United Nations, “Universal Declaration of Human Rights”, 1948

[UN 1976] United Nations, “International Covenant on Civil and Political Rights”, 1976

[Vermont 2018] Vermont S.269 (Act 205) 2018 §4171-74

[Wirth 2018] C. Wirth, et. al., “Privacy by blockchain design: a blockchain-enabled GDPR-compliant approach for handling personal data.” Proc. of 1st ERCIM Blockchain Workshop. European Society for Socially Embedded Technologies (EUSSET), 2018.

[Wong 2019] R. Wong, et.al., “Bringing Design to the Privacy Table: Broadening ‘Design’ in ‘Privacy by Design through the lens of HCI” Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems. ACM, 2019.

[1] https://bit.ly/35AmrTF

[2] https://bit.ly/2RLp156

[3] https://bit.ly/2jMfjOq

[4] https://apple.co/2krqDlT

[5] https://bit.ly/2MefQGO

[6] https://bit.ly/33vyyzt

[7] https://gtnr.it/2Mcqz56

[8] https://bit.ly/2tjDYeY

[9] https://bit.ly/2L6ybDw

[10] https://bit.ly/2Pb5IlC

[11] https://bit.ly/2OgAJii

Blockchains and related concepts like smart contracts and digital autonomous organizations (DAOs) have emerged from the computer networking and cryptography techniques popularized by cryptocurrencies like bitcoin. With bitcoin having some degree of commercial operational success, a number of folks have been keen to apply these technologies in other fields. One approach to valuation for the impact of technologies is to consider the size of the addressable market. With cryptocurrencies, the potentially addressable market is very large – almost everyone on the planet uses money in some form these days. Many other blockchain applications[1] (e.g. supply chain provenance) address narrower industrial rather than consumer markets. Healthcare blockchain applications may be one area with a large potentially addressable market (who doesn’t have health to worry about?)  depending on the specific use case.

A variety of healthcare applications have been proposed [2] including drug counterfeiting prevention, clinical trial, public healthcare management, longitudinal healthcare records, automated health claims adjudication, online patient access, sharing patients’ medical data, user-oriented medical research, precision medicine, and, smart contracts to improve the credibility of medical research. In some cases, these are moving beyond proposals into implementations based on open-source code bases such as Ethereum or Hyperledger. The designers of healthcare information systems may have a number of different requirements associated with the systems they are designing, and the criteria for applying blockchain are not always clear. Healthcare applications must balance patient care with information privacy, access, completeness, and cost. Rationales proposed for using blockchains in healthcare applications include: access control, non-repudiation, data versioning, logging, data provenance, data auditing, and data integrity, which is quite far from the double-spending problem solved by Nakamoto in his famous whitepaper. The data stored in and the actors operating on a healthcare blockchain also seem quite different from the actors and transactions of cryptocurrency blockchains.

Many of the healthcare application proposals do not address mass markets. Assuring drug provenance, for example, is an important social good given impetus with the DSCSA legislation in the USA. This, however, addresses and industrial market – the pharmaceutical supply chain, and while mass-market consumers benefit from this advancement, they do not directly interact with the blockchain in this use case. Use cases around medical records and adjudication of healthcare claims have a greater potential for impacting mass-market consumers. Work remains, however, to crystalize use cases that are viable – not just from a technological perspective, but also from commercial and legal perspectives as well as from the perspectives of the various actors in health care delivery.  

Technology issues can be seen as risks impeding design and deployment of healthcare blockchains. There is not one blockchain but a variety of implementations with different characteristics (even the original bitcoin has forked). With multiple (and uncertain) use cases and fragmented or customized technology approaches, it is only possible to talk of the technology and legal challenges in general terms. Identified[3] technology challenges to the development of healthcare blockchains include interoperability, security and privacy, scalability, speed, and patient engagement. Interoperability, scalability, and speed are characteristics of the software implementation of healthcare applications on the blockchain. The degree of patient engagement can be significantly impacted by the not just the implementation and trust issues, but also the usability of the system and the overall user experience with the healthcare blockchain. Security, privacy and trust issues reflect concerns about not just the implementation, but the processes for assuring the users can trust the blockchain and its associated software, as well as the organizational and legal context. Because of the use of blockchain technology in the financial industry, and the associated loss risks, the security of blockchains and related smart contracts have received significant attention. Financial losses can often be addressed through other means (e.g. insurance); privacy losses (e.g., disclosed medical records) may be harder to detect and redress.

Legal issues often arise with the introduction of new technologies.  Where the use cases involve sophisticated commercial entities and complement existing industry transactions, the legal issues can often be resolved with private law e.g. contracts between the parties. How existing regulations are applicable would depend on the specific industry and the use case. Where the use case involves mass-market consumers (generally assumed to not be sophisticated parties), public laws and regulations are more likely to be applicable, protective of the consumer, and were written prior to the possibilities of the new technology being envisioned. There are very few public laws explicitly mentioning blockchain, though there has been some incremental progress at the State level in the USA, most of this is targeted as fintech applications of blockchains. In this environment, the legal uncertainty often reduces to assessing how the technology use case would be classified under the existing regulations. DAOs are rather novel as legal entities, but such entities may prove useful to meet the privacy requirements of consumer-oriented healthcare blockchains. While DAOs may fit within some states’ LLC enabling legislation, additional legislative initiatives may be required for DAOs to be deployed more widely.

Smart contracts provide a computational mechanism built on top of a blockchain. These have a number of applications from enforcing legal requirements for transactions to implementing business process workflows. With industrial use cases, sophisticated parties may negotiate the smart contract before implementing it. With consumer use cases, the smart contract would more likely be an adhesion contract that the consumer would not be able to negotiate. Of particular concern with smart contracts is the source of data to trigger smart contract decisions. Oracles for financial data feeds are emerging, but medical data oracles are less widely available. Smart contracts have been proposed for dispute resolution in a manner similar to arbitration, but this has not yet received large scale adoption.

Open source blockchains like ethereum and hyperledger enable easier technology exploration. Building on these with privacy enhancement technologies like zero-knowledge proofs and privacy-preserving computation will help address the technical challenges in privacy that healthcare blockchain use cases bring.  The development of standards[4] to build industry consensus around the terminology and fundamental technical choices to be made will help reduce the fragmentation in the technology. The IEEE 2418.6 healthcare standards project can help, but will take some time to address all the use cases. Specific use case development to define the service requirements from the user point of view would also be very helpful. Automation of existing use cases may be more easily tractable; given increasing concerns for privacy, however, new paradigms to empower people to control their data footprint in cyberspace are emerging. Placing patients in control of their data and having others query for it would be a significant change from existing practices. For industrial markets, existing standards bodies may be well-positioned to develop these use cases. For consumer use cases these may emerge through private enterprise, or through discussion in more public forums (e.g., regulatory hearings, NGO activities etc.).

For a more detailed treatment of this topic refer to my paper presented at the 2019 ITU Kaleidoscope academic conference “ICT for Health: Networks, standards and innovation”.  

If you are looking for a book that provides a detailed overview of the legal implications of blockchain technology and smart contracts, then “Blockchains, Smart Contracts, and the Law” is the perfect choice for you. This book is written clearly and concisely, making it easy to understand even for those who are new to the topic.

[1] See e.g., F.Casino, et. al., “A Systematic literature review of blockchain based applications: Current Status, classification and open issues” Telematics and Informatics, vol. 36, pp 55-81, (2019).

[2] See e.g., S.Agraal, et. al, “Blockchain Technology: applications in Healthcare”, Circulation: Cardiovascular Quality and Outcomes 10.9 (2017)

[3] See, e.g., C. Agbo, et. al., “Blockchain Technology in Healthcare: A Systematic Review”, Healthcare, vol.7, no.56, (2019)

[4] See e.g., the work of ISO TC 307, IEEE, ITU

Patents grant to an inventor a property right issued by a governmental patent office. In the USA, the intellectual property right granted is “the right to exclude others from making, using, offering for sale, or selling” the invention in the United States or “importing” the invention into the United States. There are three types of patents:(1) utility patents – granted for new and useful processes, machines, etc., (2) design patents – granted for original ornamental designs for manufactured articles, and (3) plant patents- granted for new plant varieties. Most “high tech” inventions – semiconductors, software, would fall under utility patents. Similar patent regimes exist in other advanced economies that grant patent rights within their individual economies. The World Intellectual Property Organization (WIPO), a self-funding agency of the United Nations, helps to provide alignment of patent policies internationally. 

The government agencies granting patents charge fees for their services. Under the Patent Cooperation Treaty (PCT), a single application can be presented to obtain patent rights in multiple jurisdictions, though this will result in fees to the relevant agencies in those jurisdictions. While inventors can file patent applications on their own, it is generally advisable to retain competent patent counsel to file on their behalf in order to maximize the scope of patent coverage and avoid procedural missteps in the filing process.

Rational inventors with limited budgets must balance the costs of obtaining patents with the breadth of patents rights they seek. This balance is obviously affected by the business strategy of the inventor (or, in many cases, the corporate assignee) – e.g., is international exploitation of the patent planned? If so in which markets, and how valuable are those markets expected to be? The role of patents in the business strategy is a broader question – e.g. whether the invention is planned to be practiced directly or licensed to others. For startups and other early-stage innovators, patent rights may be useful assets to help establish corporate valuations.  Entities which do not practice their inventions, but rather only license them are referred to as Non-Practicing Entities (NPEs). There exists a broad range of NPEs from Universities to more specialized and speculative investors acquiring assets through bankruptcy[1].

As with the metes and bounds of real property, patent grants are delimited by the enumerated claims. Generally, existing patents only expire with time (20 years in USA) or through some other legal action to invalidate the patent. Some patent licensing obligations may be created by the assignee participating in Standards setting activities.  Patents are required to be novel; and, often build on existing well-known technologies and other patents to provide additional functionality. Granting of a new patent does not invalidate an existing patent. In some cases, this can result in the creation of a patent thicket[2] where the existence of many overlapping and underlying patents may complicate licensing arrangements and constrain the commercial utilization of new patents. The smartphone, for example, may have hundreds of thousands of applicable patents[3].

Entities intending to commercialize novel technologies should be aware of the existing patent landscape.  A patent landscape provides a snapshot of patenting activity in a particular technology area.  A competitive landscape is one tool for developing business strategy and Patent Landscape Reports can provide that perspective for competing intellectual property. The recent WIPO technology trends report on Artificial Intelligence is perhaps a good example of a patent landscape report on a currently popular area of technology innovation. 

While patent landscaping can help with broad strategic questions, more tactical decisions may require more targeted patent-related legal opinions to minimize legal risks and optimize commercial opportunities. These may include opinions of counsel on patentability, invalidity, infringement or freedom to operate.  Depending on the business need, intellectual property may play greater or lesser roles; in the commercialization of technology research, however, the intellectual property representation of that technology research likely needs to be central to the business strategy. While technology developers are primarily focused on the implementation of their technology, the commercial valuation often lies in the relative strength of the intellectual property position vs competitors. Traditional competitive analysis of market positioning looks at offers available in the marketplace. Evaluating the patent landscape can identify potential new entrants based on their patent portfolios, as well as potential weaknesses in the positions of other known competitors.

If you are interested to get started with patent landscaping, you could use the patent office search tools (e.g., USPTO, WIPO, Google Patents) to extract the list or relevant patents to analyze; and WIPO publishes a manual on open source tools that could be helpful for custom analytics on patents. While this may be a good way to learn the method, it may not always be the best use of your time. Lawyers and other intellectual property specialists can provide commercial-grade reports for a fee. There are some commercial tools (e.g., ip vision, patent insight pro, vantage point) and some free tools that may also be a useful place to start (Lens.org, PIUG, patent inspiration).

[1] Steven A. Wright, Preserving Patent Licensor’s SSO Commitments, Assn. of Insolvency & Restructuring Advisors J., (2012).

[2] Carl Shapiro, “Navigating the Patent Thicket: Cross Licenses, Patent Pools, and Standard Setting,” Innovation Policy and the Economy 1 (2000): 119-150. https://doi.org/10.1086/ipe.1.25056143

[3] Reidenberg, Joel R. and Russell, N. Cameron and Price, Maxim and Mohan, Anand, Patents and Small Participants in the Smartphone Industry (2014). WIPO Working Paper, IP and Competition Division, 2014; Fordham Law Legal Studies Research Paper No. 2674467. Available at SSRN: https://ssrn.com/abstract=2674467