The internet of things (IoT) will enable a future where everyday physical objects are connected to the internet. These objects will have the ability to identify themselves to other devices in a world in which machines, networked devices and cloud-based applications not only connect but also cooperate with each other, and where big data analytics enable intelligent decision-making.
From the convenience of intelligent homes to the emergence of in-home healthcare monitoring, the internet of things’ (IoT) potential for meaningful innovation is tremendous. But in a world with billions of connected devices, privacy and data security becomes of paramount importance.
There are three key challenges facing IoT companies:
Benefits and privacy trade-off
Data is IoT’s lifeblood, but the quality and quantity of data generated from end users will significantly affect the application of IoT in the development of consumer products, alongside concerns about the privacy of the information gathered.
Users contribute to smart ecosystems by allowing companies to access their information to better understand and predict behaviour and anticipate their needs. However, a significantly different approach towards the ownership and use of data will be required to guarantee privacy.
An organisation-centric approach – in which a company uses personal data without the control of users – needs to be balanced with policies that allow consumers to determine how their personal data can be used and shared.
Sharing comes at a price
IoT data is granular in nature and when overlaid across devices and applications, companies are able to analyse and capitalise on this information quickly and in near real-time.
This throws up new ethical questions: should the usage patterns of your dishwasher and choice of dishwasher tablets be available to the appliance manufacturer? If you drive through a red light is it ethical for your insurance provider to use that information to adjust your premium and reassess your policy?
Where a customer wishes to share personal data but limit the extent of the information released, schemes such as the use of application programming interfaces (APIs) have been developed. APIs share proxies and use social graphs coupled with identified web authentication mechanisms or Representational State Transfer to achieve greater granularity in the monitoring and control of this data.
Without these manageable controls consumers could potentially lose faith in the IoT, and data sharing would fail to achieve its potential.
Data privacy and security are topics that are certainly not exclusive to data generated by the IoT. The key difference is the question of a “privacy contract” between machine and human.
We have come to accept that some smart devices, such as our mobile phone, capture individual interactions – but even the ownership of this data is a matter of conjecture – and consumers have never had to consider an appliance or a vehicle with that kind of potential.
The IoT is about personal data, and how such data is processed remains a privacy and ownership concern. So the question becomes: who has control of the data generated by connected devices and what is the acceptable or legal usage of this data?
A best-case scenario is for consumers to be sufficiently educated to make informed decisions about the personal information they are giving away and for organisations to provide transparency that allows users to control who has access to their data.
But when the IoT introduces multiple data controllers and co-controllers, particular stakeholders may rely on others to perform the duties required by the data protection and privacy laws. This can cause confusion as to who is responsible for what, leaving the consumer potentially vulnerable.
There is no doubt that consumers should be able to control their own data. It is important, however, to emphasise that not all data is equally sensitive and consumers must have confidence in how that information is to be used. Highly sensitive data such as health, financial and individual communications should be subject to more stringent privacy and security requirements than data that has been voluntarily given.
A user may wish, for example, to share information with a wearable device about their shopping preferences, but they also have a right to expect that their personal address and credit card information will be protected when they transact business online.
So what’s next?
In this connected world, the proliferation of intelligent devices has created a market for entirely new solutions based on IoT technology. With the ever-increasing amount of data that is generated in this increasingly connected world, it is essential that guidelines are developed to address privacy and security concerns while also educating the consumer on where and how their data is being shared.
Dominique Guinard is co-founder of IoT smart products platform EVRYTHNG
To get weekly news analysis, job alerts and event notifications direct to your inbox, sign up free for Media Network membership.
All Guardian Media Network content is editorially independent except for pieces labelled “Brought to you by” – find out more here.
guardian.co.uk © Guardian News & Media Limited 2010