A lot has been written about the Internet of Things (IoT) recently. We have also previously published articles on IThappens about privacy and applications of the Internet of Things in the healthcare sector. IoT is seen as the technology of the future and has the potential to drastically change our daily lives. IoT proponents tout the infinite possibilities IoT has to offer, however, privacy protection is often forgotten. This article therefore takes a broad look at the privacy issues of IoT across multiple sectors.
A lot has been written about the Internet of Things (IoT) recently. We have also previously published articles on IThappens about privacy and applications of the Internet of Things in the healthcare sector. IoT is seen as the technology of the future and has the potential to drastically change our daily lives. IoT proponents tout the infinite possibilities IoT has to offer, however, privacy protection is often forgotten. This article therefore takes a broad look at the privacy issues of IoT across multiple sectors.
What is IoT?
IoT makes it possible to connect everyday devices over the Internet and exchange data between them. This goes beyond connecting a laptop or smartphone. It is expected that more and more devices will connect to the Internet. These might include a refrigerator that automatically orders new products when a product runs out or a smart thermostat that detects when you are home.
As smart everyday products are increasingly incorporated into our lives, the amount of data these products send has only increased. The fact that you set up a smart product based on your preferences often means that the company knows these preferences right away. These products are so incorporated into our daily lives that they can collect information about us anytime. Information such as locations, health data, and purchase histories are data we share through these means. Companies benefit from collecting data because this data has monetary value to the company. It is therefore desirable for a company to increase the amount of data. As these devices communicate and the IoT grows, more and more data traffic is taking place.
Privacy issues of the IoT
The problem with IoT regarding privacy often comes from the fact that it is not clear what data is being shared. Little by little, consumers reveal more of their privacy without realizing it because they do not know the data being shared. By exchanging data between these devices, a company gets a better and better picture of us as consumers. Meanwhile, as a consumer, you often don’t realize all that a company knows about you. Combining data creates an increasingly clear picture of us as consumers. A great example of how data can be combined, to create a picture of us as consumers, is given by Will Ockenden’s metadata case. This case looks at what we can find out about a person’s life by analyzing telecom data. It turns out that by analyzing this data it becomes much clearer about Will’s daily life such as where he lives, works, and spends his free time. Therefore, this case is a good example of how data can be combined to find out a lot of information about consumers. As IoT grows, the picture of consumers will also become more and more detailed. As a result, there are also increasing concerns about our privacy in this new world of smart devices. Privacy is therefore a topic inextricably linked to the growth of IoT.
Potential solutions
During the development of an IT application, privacy is often not taken into account. As a result, the privacy element is often added later through an “add-on” instead of a “built-in” solution. This often results in lower data protection in the final product. Companies must be already aware of privacy protection during the construction of an application. A possible solution to this problem is given in the paper “Privacy Implications of the Internet of Things.” Three places are named where adjustments should be made. They are application development, access control policies, and improved regulation. During application development, privacy middleware should be introduced to better protect personal data. This could be part of software that identifies what data is being sent and tries to minimize it. Access control policies should be transparent and choices in them, by the consumer, should be permanent. This includes, for example, your privacy settings in a specific application. Finally, there needs to be proper enforcement by a government agency that oversees consumer data protection.
Concerning privacy protection, the easiest way to get companies to take steps seems to be to create restrictions for companies on data collection or require better anonymization of data. However, creating restrictions will slow down IoT developments. In addition, creating restrictions for companies is very difficult. After all, each company collects different data and uses it for different purposes. Consumers also distinguish between different companies depending on the data they want to share. Therefore, my personal preference is that a government body should avoid restrictions on data collection. The public body should focus more on increasing IT application transparency and better control of data anonymization. By shifting the focus from restrictions on data collection to transparency, IoT development can continue without serious obstacles. For companies, this means making it clearer what kind of data they collect and not hiding it in general terms and conditions. By requiring companies to be more transparent in the data they collect, from the consumer, you essentially give power back to the consumer. Consumers can then decide to what extent they are willing to share their data.
Conclusion
As the IoT continues to grow, it is increasingly important to think about our privacy. This raises the question of whether IoT developments are moving too fast and whether we as consumers are still in control of our data. The most important step for now is to create transparency in the amount of data companies receive from consumers. This will make consumers more aware of the implications of IoT. In addition, consumers should have enough options for data protection.
Sources:
[1] Gudymenko I., Borcea-Pfitzmann K., Tietze K. (2012) Privacy Implications of the Internet of Things. In: Wichert R., Van Laerhoven K., Gelissen J. (eds) Constructing Ambient Intelligence. AmI 2011. Communications in Computer and Information Science, vol 277. Springer, Berlin, Heidelberg
[2] Bradburry, D. (2015) How can privacy survive in the era of the internet of things?https://www.theguardian.com/technology/2015/apr/07/how-can-privacy-survive-the-internet-of-things
[3] Liddy, M. (2000) What reporter Will Ockenden’s metadata reveals about his life. http://www.abc.net.au/news/2015-08-24/metadata-what-you-found-will-ockenden/6703626
