The Internet of Things (IoT) has the potential to make people's lives easier and more efficient, but the trade-off could be the potential issues that could arise over the security of collected personal data.
If you're developing IoT devices, you must address these privacy issues when designing your device. Do so despite the current lack of an up-to-date guiding law in the area.
Recently a report was released by the FTC (Federal Trade Commission) which provides guidance for companies and manufacturers on how they can build privacy and security measures into their devices.
Without proper privacy practices, the FTC Chairwoman Edith Ramirez believes that consumer confidence could be damaged:
The only way for the Internet of Things to reach its full potential for innovation is with the trust of American Consumers. We believe that by adopting the best practices we've laid out, businesses will be better able to provide consumers the protections they want and allow the benefits of the Internet of Things to be fully realized.
Please be aware that if your spoken words include personal or other sensitive information, that information will be among the information captured and transmitted to a third party.
The spoken words needed to use the TV are those for using the TVÃ•s functions, such as changing the channel, it is easy to see that users may be concerned that any other information spoken around the TV may also be stored.
Recommendation 1: Data minimization
FTC's suggestion is that you limit the user data that you collect and how long you keep it for. This is known as data minimization.
This practice essentially reduces two risks in one:
If your company is not storing large amounts of data it is less of a target to data thieves or hackers.
The less data that is collected and the less time it is stored for the lower the chance that the data will be used in ways that contradict the users' expectations.
The FTC is flexible as to how you can approach data minimization.
You can choose collect no data, collect data limited to the categories required to provide the service offered by the device, collect less sensitive data, or de-identify the data you collect.
Recommendation 2: Notice and choice
Another guideline by the FTC is that you notify your users and give them choices about how their information will be used, especially when the data collection may go beyond the users' reasonable expectations.
With the ever-developing world of IoTs notification will become more and more difficult and the FTC has acknowledged that there can be no one-size-fits-all approach, so there are other ways to make your users feel more at ease with the use of their data:
Always make personal information anonymous in a way that makes re-identifying the user impossible. This removes the user's concerns about the nature and use of data collected.
Monitor data transmissions so that misuses can be blocked.
What's clear from the FTC's report is that you must consider the privacy of the data when manufacturing IOT devices, but you must also balance this with the potential to collect valuable data.
Europe's Article 29 Working Party has published an opinion, called Opinion 8/2014 on the on Recent Developments on the Internet of Things, that focuses on:
Wearable Technology: clothes, watches, contact lenses with ensors, microphones with cameras embedded, and so on
Quantified Self: pedometers, sleep monitors, and so on
Home Automation: connected households using smart fridges, smart lighting and smart security systems, and so on
Europe's Article 29 Working Party is the same entity that issued a guidance to Google to ensure that Google is in compliance with EU data protection laws.
If you're a designer or developer developing a new IoT device within the categories mentioned above, the opinion by the Article 29 Working Party would be useful to you as guidance when implementing your first privacy practices.
The Working Party found the following issues with the current IoT devices:
Users do not have control over the communication of their data
Consent given by users badly implemented
Previous activities that were private can become identifiable or public when IoT devices are used or connected
Limitation imposed on removing anonymous data while using the IoT device
Risks regarding the security of data collected
Based on their guidance document, here's what the Article 29 Working Party suggests to IoT developers:
Users must be able to access, view and remove the data you collect from them. Users should be able to disconnect their IoT devices when they want to do so.
Consent of users must be gained to store their personal data on the IoT device.
Here's are the current steps you can follow to increase your chances of compliance:
Analyze the impact of how your IoT device designed on the privacy of users using it
Design your device is such ways that raw data will be deleted as soon as it is no longer required for processing
Learn the principles of Privacy by Design and apply them when you design your device
Users should have control over the IoT device (connect and disconnect as they want to do so) and control over the collected data (view or delete data)
Make sure the information you collect from users is easily accessible by users
The consent users give you must be freely given, explicit and informed. Users should have the ability to withdraw their consent if they want to do so.
Here's how an iOS app would ask users to provide their location:
Here are some of these principles that you can follow:
The principles of the Privacy by Design must be at every step of your device development. Security regarding the data collected from users should be built in, and not be an afterthought.
Inform users about the information you'll collect, which information is personal and which is not, and so on.