From smart spoons to umbrellas, Fexco’s Group Data Governance Officer, Group Compliance, Jared Browne, recently discussed all things ‘The Internet of things’ with a number of our colleagues.
What is the IoT?
The IoT is a system of interrelated computing devices, digital machines or objects that are equipped with unique identifiers (UIDs). The IoT has the ability to transfer data through a network without the requirement of human-to-computer or human-to human interactions. According to Forbes, smart cities are the largest development within the IoT field with London being the world’s leading smart city in 2019.
The IoT was borne of:
- Widespread and inexpensive network access
- Cheap sensors and computing power
- Location positioning technology
- Inexpensive prototyping
- Mass adoption of smartphone as a platform for device interfaces.
The growth of IoT
Today, there around 7 billion IoT devices. It is estimated the IoT world could increase to c.75 billion devices by 2025. In just a few years, we will be living with numerous devices per person.
Many modern devices within the home and business world encompass some form of ‘’smart’’ technology such as connected cars, drones, smart TV’s, fitness trackers, facial recognition cameras, in home assistances such as Amazon’s Alexa or Google Home etc.
The marketing opportunity with IoT
As users increase their adoption and use of smart devices into their homes and lives, brands must alter and adjust their advertising approaches. The present and future of product and service marketing lies in passive and always-on data collection. This information is referred to as ’the holy grail’, the real time information collected of customer needs and emotions which come directly from the user themselves though many are unaware of such information being collected and subsequently shared.
This IoT world is not just confined to our offices or homes; it can be applied to a whole city. A smart city is an urban area that uses different types of IoT sensors to collect data in order to manage the city’s resources and services. These smart cities can improve energy distribution, streamline trash collection, decrease traffic congestion, and even improve air quality.
Historically, enterprises, governments and individuals have kept data as private as possible. For smart cities to thrive multiple sectors must come together to achieve sustainable outcomes through the urban landscape. From New York’s congestion management system to Copenhagen’s air quality measures, cities across the world continue to further embed smart technologies into their eco-systems.
IoT and data safety
A study of Alexa, Amazon’s voice-enabled home assistant found that staff whose role is to listen to conversations to improve the speech recognition and natural language processing of Alexa devices can hear up to 1,000 conversations per 9-hour shift. . For some this warrants concern as data is recorded via Alexa devices whether the device has been activated or not.
Many devices within the home contained what Jared refers to as ‘camouflaged monitoring’, this includes concealed cameras, AI (artificial intelligence) processors, monitoring human movements and compiling user profiles.
Data safety pertains to much more within the home than users may think. Toy manufacturers Spiral Toys released CloudPets, a smart teddy that had the ability to send and receive voice messages from children and parents. In 2017, the toy was implicated in a data breach first highlighted by tech expert Tony Hunt, which saw more than 800,000 user accounts affected. CloudPet’s database was intercepted and ransom was sought from some of the impacted users.
The CloudPet’s incident underlines the dangers associated with connected devices throughout the home, including toys.
IoT privacy issues
IoT promises to transform our daily lives by simplifying tasks. With such promises comes a myriad of IoT privacy and security issues.
If you are living in a smart home, data might be collected on: what music you listen to (thanks to your smart speaker), the food you eat (thanks to your smart fridge), what your children think (thanks to their smart toys), and who is visiting your house (thanks to your smart doorbell).
The fundamental privacy problems with the IoT
As the IoT world grows over time, there is a fear that boundary erosion may happen without much concern or notice. One’s privacy begins to blur, private spaces may diminish with users feeling ‘always on’. There is concern from compliance officials that there is a risk of normalisation, users may become accustomed to perpetual surveillance.
The laws protecting our right to privacy:
An overview of some of the legalisation in Ireland and Europe that are related to protecting our privacy in this new era.
- Article 7 of the Charter of Fundamental Rights of the EU: “Everyone has the right to respect for his or her private and family life, home and communications.”
- Article 8 of the European Convention on Human Rights provides a right to respect for one’s “private and family life, his home and his correspondence”
- GDPR Recital 4: This Regulation respects all fundamental rights and observes the freedoms and principles recognised in the Charter as enshrined in the Treaties, in particular the respect for private and family life, home and communications, the protection of personal data
- Our right to bodily integrity and general right to privacy is covered by article 40.3 of Irish Constitution
- A citizens home (i.e. the inviolability of the dwelling) is covered by Article 40.5 of the Irish Constitution
IoT privacy consent and the use of personal data:
Smart device customers are presented with lengthy privacy policies up front and are given a binary choice to fully consent or not use the product.
Examples of IoT and privacy questions:
- How to achieve transparency? What are all the intended purposes of my personal data?
- Do controllers even know what all the potential purposes are?
- Where consent is required for processing, how will it be obtained?
- How will our personal data be stored?
The solution: privacy by design
The manufactures of IoT devices should be taking a Privacy by Design approach. By creating devices, that give the user greater control on their personal data. Not just simply a “fire and forget it” approach to consent.
Privacy by design features:
- Building in easy-to-use “do not collect” switches
- Using standard wake and sleep words, such as “Alexa”
- Clear indications the device is monitoring i.e. beeps and lights
- Privacy dashboards that allow to help you control who your data is shared with
- Use of notifications to regularly remind users about what data is collected and shared
In the not so distant future, we will be living in smart cities where IoT devices are omnipresent. Keeping IoT privacy front of mind is important. In order to avoid a world where privacy is an out dated concept and it is impossible to disconnect from the “online world”.