Subscribe via RSS Feed Connect on Google Plus Connect on LinkedIn Connect on YouTube

The privacy implication of the “Internet of Things” and good business practices

June 6, 2013 1 Comment

Internet LawyerThe future has arrived early. The ability of consumer devices, such as cars, appliances, smartphones and medical devices, to communicate with each other and with people is the next big thing.  The “Internet of Things” is the name often used to refer to this advanced generation of good. Billions of such smart devises are predicted to come life in the next five years.

Even though such items have long been relegated to the realm of sci-fi wishful thinking, it is already giving rise to very real privacy and security concerns. For instance, the Federal Trade Commission’s recently decided to hold a workshop in November examining such issues.

Privacy is likely to become a mainstream concern.

Currently, many customers do not perceive privacy to be a serious concern.  Relatively few members of the general public have given up on their Facebook accounts or refrain from Googling stuff for fear of being tracked.

But that perception may rapidly change as companies’ ability to collect data becomes ubiquitous and their reach expands from online to the real physical world. So far, data collection was limited because only online computer data could be collected. In other words, these companies could not know you, they could only know you as far as your online conduct was concerned. But now, companies will be able to get to know you up close and personally.

In short, the Big Brother effect, now diffused, is likely to become more insidious as your Kitchen becomes expert at mastering your palate proclivity and orders food for you.

In view of all this, hi-tech companies would be well-advised to take privacy concerns seriously and take matter into their own hands before a privacy scandal occurs – which would give Congress reasons to preemptively regulate, which is never a good idea. Privacy law freebies should be a no-brainer because benefits far outweigh the costs.

Recommendation.

Privacy give-away should include the following:

1)      Collection limitation: Collect only data absolutely required for a particular business purpose.

2)      Data encryption. Protect the data flow from third party intrusion. Note that encryption technology is now cheaper and faster than ever before.

3)      Transparency. Tell the customers what the company will do with the data and who can use it, and for what purpose.

4)      Compliance & Enforcement. Establish security procedures to prevent the release of information.

In addition to all that, standard legal considerations such as customer consent, opt-out clause, and making the privacy policy easily understandable, are likely to remain the cornerstones of an enforceable policy.

In this uncharted territory, providing a variety of privacy freebies is to err on the side of caution. It is also a pragmatic solution as privacy-enhancing technologies are emerging as an effective and cost-conscious way to counteract threats posed by privacy-intruding devices.

As Tobias Kowatsch, a senior researcher at the Institute of Technology Management at the University of St. Gallen and publisher of a paper regarding privacy in the context of the Internet of Things and Services, recently commented,

“Although personal interest and perceived usefulness may override privacy concerns in the first instance, the latter must be considered to a great extent as well. If there is a problem only once – remember the issues regarding stolen credit card data – it will be a really huge problem for the organization. Trust in the service providing organization is a key asset!”

Guest author Steven Buchwald is a law clerk on Tim’s internet law team at Handal & Morofsky. Steven is currently a law student at the Benjamin N. Cardozo School of Law and will graduate in June 2014 with concentrations in intellectual property law and litigation.

Share

Leave a Reply