TrustArc Blog

Finding a New Paradigm – Consent and Choice for the IOT

July 01, 2015

At the IoT Privacy Summit on June 17th a panel of four data privacy experts discussed, “Finding a New Paradigm – Consent and Choice for IoT.” The panel consisted of Marc Loewenthal, Director, Promontory Financial Group LLC; Emilio Cividanes, Partner, Venable LLP; Debra Farber, Senior Privacy Consultant & Product Manager, TRUSTe; and Erin Kenneally, Founder & CEO Elchemy, Inc., University of California at San Diego.


Old world technologies such as corporate telephone systems give clear notice that your conversation may be recorded. Callers can act on that information by hanging up or proceeding with the call thereby giving an implied consent to the possible recording of the conversation. The main consideration when providing consumer notice is that it is conspicuous and prior in time to the collection/use of data. A good example in mobile is Geo-location notice. Consumers see a pop-up notice that they can act upon that requests access to their location information and they can deny such access.

In the IOT it is fundamental to understand the nature of the information and the links between all of the entities that have legitimate interest in that data. One panelist felt that a consumer may not have to know every piece of data that is being collected and shared, but does have a right to have their data used in a way consistent with their expectations. Some saw notice in the IOT context evolving into a set of obvious symbols inferring what is happening with the data, which is in line with the proposed EU General Data Privacy Regulation (GDPR).

Read more “Finding a New Paradigm – Consent and Choice for the IOT”

Can Self-Regulation Meet Privacy Challenges of IoT?

June 23, 2015

By Matthew E.S. Coleman, JD, CIPP/US, Enterprise Privacy Solutions Manager at TRUSTe

Regulators are struggling. They are struggling to find a paradigm to protect consumer privacy in the face of rapid technological change. This sentiment kicked off a panel titled, “Can Self-Regulation Meet Privacy Challenges of IoT?” at TRUSTe’s Internet of Things (IoT) Privacy Summit in Menlo Park, CA on Wednesday. The panel, moderated by Nancy Libin, former Chief Privacy Officer of the Department of Justice, contained a diverse array of privacy professionals from private, public, and, non-profit backgrounds. Panelists included Alex Reynolds, Director and Regulatory Counsel, Consumer Electronics Association; Justin Brookman, Director of Consumer Privacy, Center for Democracy & Technology; Hilary Cain, Director of Technology & Innovation Policy, Toyota Motor North America, Inc.; and Nithan Sannappa, Senior Attorney, Federal Trade Commission.

The panelists largely focused on the recommendations presented in the Federal Trade Commission’s January 2015 report titled, “Internet of Things: Privacy and Security in a Connected World.” There are three main principles from the report touted as a workable privacy standard for IoT device manufacturers: 1) Security; 2) Data Minimization; and 3) Notice and Choice.

The FTC has historically enforced reasonable security as a part of its unfair practices purview. In the context of IoT devices, what is deemed reasonable is largely based on context. What types of information is the device collecting? Is it sensitive personal information (e.g., geolocation, protected health information, etc.)? What quantity of data is collected? The higher the risk profile associated with the data collected then the stronger the protections required on a device.

Read more “Can Self-Regulation Meet Privacy Challenges of IoT?”

IoT Summit Session: ‘Protecting Your Home from IoT Bandits’

June 16, 2015

Leading up to the second annual IoT Privacy Summit on June 17th we’ll be featuring a series of blog posts about the panels and speakers at the upcoming event. It’s finally here! The 2nd Annual IoT Privacy Summit 2015 is this Wednesday in Silicon Valley. We look forward to all the interesting and timely IoT topics that’ll be discussed in the numerous panels, as well as meeting a wide variety of people working in privacy in some capacity. During the past couple weeks we’ve been sharing some details about the panels attendees at the Summit will have the opportunity to … Continue reading IoT Summit Session: ‘Protecting Your Home from IoT Bandits’

IoT Privacy Summit: Self-Regulation & IoT Panel

May 15, 2015

Leading up to the second annual IoT Privacy Summit on June 17 we’ll be featuring a series of blog posts about the panels and speakers at the upcoming event.   No one knows for certain the exact impact big data will have on the future of privacy, or how the government might respond to big data’s exponential growth. However, privacy experts and thought leaders can provide some educated insight into what we might be able to expect. The panel titled, “Can Self-Regulation Meet Privacy Challenges of IoT?” at the upcoming IoT Privacy Summit 2015 at 11:30 a.m. on June 17, will … Continue reading IoT Privacy Summit: Self-Regulation & IoT Panel

Internet of Things Privacy Summit – Call for Speakers

January 08, 2015

The Internet of Things is continuing to take center stage in the tech world and is a game-changing moment in our relationship with technology and personal data. But with all the excitement surrounding connected homes, fitness trackers and smart watches, there are still many challenges facing the industry. As Edith Ramirez, chairwoman of the Federal Trade Commission, highlighted at CES this week the trend toward having so many things constantly connected to the Internet presents serious risks that start-ups and big companies need to take seriously. Research shows that concerns surrounding the privacy and security of the personal data collected through these devices could be an obstacle for the growth of this industry

With 35% of Americans now owning a smart device other than a phone, the Internet of Things is now an everyday reality. However, few best practices currently exist for providing consumers with transparency and choice in how their data is being used.

The first Internet of Things Privacy Summit in 2014 #IoTPrivacy brought together 26 speakers and over 200 experts including regulators, privacy professionals and IoT experts to define the privacy needs of the new interconnected world and scope out the next generation of solutions. Across eight sessions the group reviewed the latest research, use cases and debated the adequacy of current regulations and whether a new privacy model was needed for connected devices.

Read more “Internet of Things Privacy Summit – Call for Speakers”

Majority of Consumers Want to Own the Personal Data Collected from their Smart Devices [SURVEY]

January 05, 2015

No doubt, connected devices are an increasingly hot commodity as the Internet of Things market continues to grow and will again be a major focus at the 2015 Consumer Electronics Show this week in Las Vegas. However, the one issue that could put a damper on this growth is consumer concerns about data privacy issues and sharing personal information.

Today, TRUSTe released some interesting new data related to the privacy concerns surrounding the growing Internet of Things (IoT). Two studies commissioned by TRUSTe, one in the U.S. and one in the U.K., show that 35% of U.S. consumers and 41% of British consumers own one or more smart devices other than a smart phone. The survey also showed that 79% of U.S. consumers and 80% of British consumers are concerned about the idea of their personal information collected by smart devices.

Slightly more Americans (20%) than Brits (14%) believe that the benefits of smart devices outweigh any privacy concerns, however both numbers are notably low. Perhaps not surprisingly, the majority of consumers – 69% of U.S. consumers and 73% of British consumers – believe they should own any data collected through their smart devices, raising even more questions around the uncertainties of privacy in the big data era.

Read more “Majority of Consumers Want to Own the Personal Data Collected from their Smart Devices [SURVEY]”

Subscribe to Blog