The Internet of Things (or the Internet of Everything, as some refer to it) is changing the way of the world for businesses, governments and consumers, as devices and services are increasingly connected to the Internet in real-time, 24/7. This allows for the practically ubiquitous collection, storage and sharing of data on an always-on basis, which heralds countless innovations for enterprises and individuals alike. However, with increased connectivity comes the potential for increased vulnerability—in both the cyber and physical worlds. This is why Privacy by Design is a paramount business practice for companies engaged in the IoT space, as well … Continue reading Privacy Risk Summit Preview: Privacy by Design for IoT
At the IoT Privacy Summit on June 17th a panel of four data privacy experts discussed, “Finding a New Paradigm – Consent and Choice for IoT.” The panel consisted of Marc Loewenthal, Director, Promontory Financial Group LLC; Emilio Cividanes, Partner, Venable LLP; Debra Farber, Senior Privacy Consultant & Product Manager, TRUSTe; and Erin Kenneally, Founder & CEO Elchemy, Inc., University of California at San Diego.
Old world technologies such as corporate telephone systems give clear notice that your conversation may be recorded. Callers can act on that information by hanging up or proceeding with the call thereby giving an implied consent to the possible recording of the conversation. The main consideration when providing consumer notice is that it is conspicuous and prior in time to the collection/use of data. A good example in mobile is Geo-location notice. Consumers see a pop-up notice that they can act upon that requests access to their location information and they can deny such access.
In the IOT it is fundamental to understand the nature of the information and the links between all of the entities that have legitimate interest in that data. One panelist felt that a consumer may not have to know every piece of data that is being collected and shared, but does have a right to have their data used in a way consistent with their expectations. Some saw notice in the IOT context evolving into a set of obvious symbols inferring what is happening with the data, which is in line with the proposed EU General Data Privacy Regulation (GDPR).
By Matthew E.S. Coleman, JD, CIPP/US, Enterprise Privacy Solutions Manager at TRUSTe
Regulators are struggling. They are struggling to find a paradigm to protect consumer privacy in the face of rapid technological change. This sentiment kicked off a panel titled, “Can Self-Regulation Meet Privacy Challenges of IoT?” at TRUSTe’s Internet of Things (IoT) Privacy Summit in Menlo Park, CA on Wednesday. The panel, moderated by Nancy Libin, former Chief Privacy Officer of the Department of Justice, contained a diverse array of privacy professionals from private, public, and, non-profit backgrounds. Panelists included Alex Reynolds, Director and Regulatory Counsel, Consumer Electronics Association; Justin Brookman, Director of Consumer Privacy, Center for Democracy & Technology; Hilary Cain, Director of Technology & Innovation Policy, Toyota Motor North America, Inc.; and Nithan Sannappa, Senior Attorney, Federal Trade Commission.
The panelists largely focused on the recommendations presented in the Federal Trade Commission’s January 2015 report titled, “Internet of Things: Privacy and Security in a Connected World.” There are three main principles from the report touted as a workable privacy standard for IoT device manufacturers: 1) Security; 2) Data Minimization; and 3) Notice and Choice.
The FTC has historically enforced reasonable security as a part of its unfair practices purview. In the context of IoT devices, what is deemed reasonable is largely based on context. What types of information is the device collecting? Is it sensitive personal information (e.g., geolocation, protected health information, etc.)? What quantity of data is collected? The higher the risk profile associated with the data collected then the stronger the protections required on a device.
Leading up to the second annual IoT Privacy Summit on June 17th we’ll be featuring a series of blog posts about the panels and speakers at the upcoming event. It’s finally here! The 2nd Annual IoT Privacy Summit 2015 is this Wednesday in Silicon Valley. We look forward to all the interesting and timely IoT topics that’ll be discussed in the numerous panels, as well as meeting a wide variety of people working in privacy in some capacity. During the past couple weeks we’ve been sharing some details about the panels attendees at the Summit will have the opportunity to … Continue reading IoT Summit Session: ‘Protecting Your Home from IoT Bandits’
Leading up to the second annual IoT Privacy Summit on June 17 we’ll be featuring a series of blog posts about the panels and speakers at the upcoming event. No one knows for certain the exact impact big data will have on the future of privacy, or how the government might respond to big data’s exponential growth. However, privacy experts and thought leaders can provide some educated insight into what we might be able to expect. The panel titled, “Can Self-Regulation Meet Privacy Challenges of IoT?” at the upcoming IoT Privacy Summit 2015 at 11:30 a.m. on June 17, will … Continue reading IoT Privacy Summit: Self-Regulation & IoT Panel
The Internet of Things is continuing to take center stage in the tech world and is a game-changing moment in our relationship with technology and personal data. But with all the excitement surrounding connected homes, fitness trackers and smart watches, there are still many challenges facing the industry. As Edith Ramirez, chairwoman of the Federal Trade Commission, highlighted at CES this week the trend toward having so many things constantly connected to the Internet presents serious risks that start-ups and big companies need to take seriously. Research shows that concerns surrounding the privacy and security of the personal data collected through these devices could be an obstacle for the growth of this industry
With 35% of Americans now owning a smart device other than a phone, the Internet of Things is now an everyday reality. However, few best practices currently exist for providing consumers with transparency and choice in how their data is being used.
The first Internet of Things Privacy Summit in 2014 #IoTPrivacy brought together 26 speakers and over 200 experts including regulators, privacy professionals and IoT experts to define the privacy needs of the new interconnected world and scope out the next generation of solutions. Across eight sessions the group reviewed the latest research, use cases and debated the adequacy of current regulations and whether a new privacy model was needed for connected devices.