The Internet of Things is quickly gaining momentum around the world. With this growth, comes the reality that consumers are surrendering their privacy without even realizing it because they are unaware of what data is being collected and how it is being utilised. Older devices on the market are being replaced by mobile applications, wearables and other Wi-Fi-connected consumer products that have the ability to monitor or track consumers.
Because consumers want the latest in technology they often don’t think twice about their privacy.
The need for greater IoT transparency
This is where companies need to take responsibility and provide a level of transparency when it comes to their customers’ privacy rights.
But how will this improved level of transparency be attained? According to Christine Bannan, a legal intern at the Electronic Frontier Foundation, it would have to be either by industry self-regulation or governmental regulation requiring companies to receive informed and meaningful consent from consumers before data is collected from consumers’ devices.
Taking responsibility for a consumers’ right to privacy
Generally, industries will respond if their customers demand more privacy. A good example of this is after McKinsey, a management and consulting company, reported that new-car buyers are worried about the data privacy and security of connected cars, the Alliance of Automobile Manufacturers (a trade association of 12 automotive manufacturers) responded by developing privacy principles they agreed to follow.
Businesses can self-regulate by developing and adopting industry-wide best practices on cybersecurity. When companies collect data, it is essential that responsibility is taken when it comes to protecting the privacy of their users. So basically, if they don’t want to be held responsible for the data, they should not be in the business of collecting it at all.
Some companies, such as Fitbit, an American company known for its products that measure data, embed privacy into their technology.
The benefit of industry self-regulation is that each industry can create standards specific to the needs of their customers and the sensitivity of the data they collect whereas government regulation would be country or region specific.
Layered privacy policies
Bannan suggests that layered privacy policies be a best practice adopted by industries and that ‘Creative Commons’ licenses could serve as useful models. These licenses have a three-layer design: the “legal code” layer, the “human-readable” layer and the “machine-readable” layer.
Bannan says: “These best practices would make tremendous progress in protecting the privacy of consumers, but they are not enough. Companies must be legally bound to the promises they make to their customers.”
Because this is such a complex issue, involving a number of industries and implicating various privacy concerns, an adequate solution will require participation by consumers, businesses and the government.
IoT in the energy industry
Energy companies are certainly not immune to this challenge and although they are viewed as pioneers in working with multiple, large data sets and real-time challenges, it doesn’t mean that utilities are immune to the IoT trend and the security around it. IoT enables the connection of multiple new physical devices to the power grid and to the data networks that support the power grid. Rooftop solar, electric cars, home energy batteries, smart meters, smart thermostats and smart appliances all change the local distribution grid into a dynamic, bi-directional, and multi-party marketplace for energy, rather than the old one-way system of energy delivery. These new connected devices can cause chaos on distribution grids that were never designed to handle these new dynamics. Added to this is the challenge surrounding privacy and security. [How IoT data analytics is remaking the energy sector.]
As utilities search for new revenue streams and aim to please customers in an increasingly competitive industry, IoT devices, supplied or supported by utilities, will only grow.
In our upcoming webinar, The Limits of Utility IoT: The Policy, Privacy, and Security Landscape of the Internet of Things, David B Coher Principal, Reliability and Cybersecurity, Southern California Edison, discusses how to ensure end-user privacy, and the current and anticipated regulation of IoT (both in and outside the utility sector)!. This webinar is part of Engerati’s "IoT - Path to the Intelligent Grid" In focus track.