TrustArc Blog

Finding a New Paradigm – Consent and Choice for the IOT

July 01, 2015

At the IoT Privacy Summit on June 17th a panel of four data privacy experts discussed, “Finding a New Paradigm – Consent and Choice for IoT.” The panel consisted of Marc Loewenthal, Director, Promontory Financial Group LLC; Emilio Cividanes, Partner, Venable LLP; Debra Farber, Senior Privacy Consultant & Product Manager, TRUSTe; and Erin Kenneally, Founder & CEO Elchemy, Inc., University of California at San Diego.


Old world technologies such as corporate telephone systems give clear notice that your conversation may be recorded. Callers can act on that information by hanging up or proceeding with the call thereby giving an implied consent to the possible recording of the conversation. The main consideration when providing consumer notice is that it is conspicuous and prior in time to the collection/use of data. A good example in mobile is Geo-location notice. Consumers see a pop-up notice that they can act upon that requests access to their location information and they can deny such access.

In the IOT it is fundamental to understand the nature of the information and the links between all of the entities that have legitimate interest in that data. One panelist felt that a consumer may not have to know every piece of data that is being collected and shared, but does have a right to have their data used in a way consistent with their expectations. Some saw notice in the IOT context evolving into a set of obvious symbols inferring what is happening with the data, which is in line with the proposed EU General Data Privacy Regulation (GDPR).

Read more “Finding a New Paradigm – Consent and Choice for the IOT”

Can Self-Regulation Meet Privacy Challenges of IoT?

June 23, 2015

By Matthew E.S. Coleman, JD, CIPP/US, Enterprise Privacy Solutions Manager at TRUSTe

Regulators are struggling. They are struggling to find a paradigm to protect consumer privacy in the face of rapid technological change. This sentiment kicked off a panel titled, “Can Self-Regulation Meet Privacy Challenges of IoT?” at TRUSTe’s Internet of Things (IoT) Privacy Summit in Menlo Park, CA on Wednesday. The panel, moderated by Nancy Libin, former Chief Privacy Officer of the Department of Justice, contained a diverse array of privacy professionals from private, public, and, non-profit backgrounds. Panelists included Alex Reynolds, Director and Regulatory Counsel, Consumer Electronics Association; Justin Brookman, Director of Consumer Privacy, Center for Democracy & Technology; Hilary Cain, Director of Technology & Innovation Policy, Toyota Motor North America, Inc.; and Nithan Sannappa, Senior Attorney, Federal Trade Commission.

The panelists largely focused on the recommendations presented in the Federal Trade Commission’s January 2015 report titled, “Internet of Things: Privacy and Security in a Connected World.” There are three main principles from the report touted as a workable privacy standard for IoT device manufacturers: 1) Security; 2) Data Minimization; and 3) Notice and Choice.

The FTC has historically enforced reasonable security as a part of its unfair practices purview. In the context of IoT devices, what is deemed reasonable is largely based on context. What types of information is the device collecting? Is it sensitive personal information (e.g., geolocation, protected health information, etc.)? What quantity of data is collected? The higher the risk profile associated with the data collected then the stronger the protections required on a device.

Read more “Can Self-Regulation Meet Privacy Challenges of IoT?”

2015 IoT Privacy Summit Recap [PICS]

June 17, 2015


Here’s an interesting thought: If you buy a home 10, 20 or 30 years from now and the home contains a smart fridge and other smart appliances — who will own that data? The buyer or the seller?

This is just one of the many thought-provoking scenarios shared at this year’s IoT Privacy Summit.


The day began at 9 a.m. with one opening session in a large room at the beautiful Rosewood Hotel on Sand Hill Road in Menlo Park. Then, for most of the day, the room was separated into two rooms where numerous sessions and panels on a wide variety of hot IoT topics took place. Panelist covered topics including smart cars and privacy considerations for the future; smart homes and how to prevent ‘bandits’ from accessing that information; how privacy leaders can prepare for the next wave of IoT innovations through best practices, as well as the issues the latest IoT inventions might create.

Read more “2015 IoT Privacy Summit Recap [PICS]”

IoT Summit Session: ‘Protecting Your Home from IoT Bandits’

June 16, 2015

Leading up to the second annual IoT Privacy Summit on June 17th we’ll be featuring a series of blog posts about the panels and speakers at the upcoming event. It’s finally here! The 2nd Annual IoT Privacy Summit 2015 is this Wednesday in Silicon Valley. We look forward to all the interesting and timely IoT topics that’ll be discussed in the numerous panels, as well as meeting a wide variety of people working in privacy in some capacity. During the past couple weeks we’ve been sharing some details about the panels attendees at the Summit will have the opportunity to … Continue reading IoT Summit Session: ‘Protecting Your Home from IoT Bandits’

Connected Cars and Privacy: The Automobile Industry’s Push for Self-Regulation

June 11, 2015

Leading up to the second annual IoT Privacy Summit on June 17th we’ll be featuring a series of blog posts about the panels and speakers at the upcoming event. At the upcoming IoT Privacy Summit 2015 on June 17th, one of the many panels will focus on privacy self-regulation in the automotive industry – a topic that’s received a lot of press ever since the connected car concept was introduced. The panel titled, “How the Automobile Industry Took the Lead in Industry Self–Regulation” at 10:45 a.m. will cover the rapid evolution of privacy best practices in the automotive industry, and … Continue reading Connected Cars and Privacy: The Automobile Industry’s Push for Self-Regulation

Privacy & The Internet of Things: The Importance of Transparency in Accounting for What We Can’t See

June 04, 2015


By Jessica Groopman, Industry Analyst, Altimeter Group

Perhaps the most important lesson the Internet has taught us is that connectivity itself has infinite implications—for good, bad, and most importantly, the unforeseen. We’ve watched digital transform entire industries like publishing, media, music, and retail. As we enter into the next phase of the Internet—the so-called Internet of Things, or more accurately, the digitalization of the physical world through sensors, data and connectivity— the potential for unforeseen implications and unintended consequences skyrockets.

We Can’t Know What We’ve Never Seen

The ratio of unforeseen consequences of data use, aggregation, sharing and targeting eclipses what we can predict. Yet we can illuminate our understanding of this with the following two implications:

  • Connecting things anoints them with context through the data that is inherently created.
  • Connecting things renders the things themselves and the data these things emit vulnerable to threats—to security, privacy and safety.

As the IoT industry grapples with these two competing implications, weighing innovation, opportunity, and potential on the one hand with security, privacy, and safety risks on the other, all constituents involved have a role in helping pave the way. Today we see a dizzying amount of activity and discussion around how to navigate these implications, but we’re in the infancy of this discourse, nevermind its application.

Read more “Privacy & The Internet of Things: The Importance of Transparency in Accounting for What We Can’t See”