ENTERPRISE | CONSUMER PRIVACY TIPS | DATA BREACHES & ALERTS | WHITEPAPERS

Report Urges Transparency and Consent Management for IoT Privacy

Lawmakers, regulators and manufacturers need to address IoT privacy risks on smart devices, according to a report issued by University of California’s Center for Long-Term Cybersecurity and the IoT Privacy Forum. The report details how the growth in Internet of Things (IoT) devices, such as fitness trackers, personal home assistants and digital appliances, is leading to an unprecedented amount of data sharing brings with it privacy risks.

The dialogue about IoT devices was primarily centered on cybersecurity before Facebook-Cambridge Analytica happened. Despite the conversation shift toward individual privacy generally, the report calls for more attention to the privacy risks and challenges of IoT devices.

Among the recommendations of the report were:

Omnibus privacy legislation is needed before mass sensor data collection becomes pervasive.
IoT Devices should engage in more transparency and use consent management with preference controls.

fitnesstracker

Where is all of this data coming from?

Companies are predicting billions of internet connected devices due to miniaturization, cheap sensors, and inexpensive network access. The authors of the report compiled a partial list of IoT devices that are capable of collecting data and sharing it back to the manufacturer or other third parties:

On the Consumer side:

smart speakers
smart TVs
connected cars
smart lighting
fitness / health wearables
networked thermostats
robot vacuums
internet-connected toys
networked bathroom appliances
indoor security systems
smart locks

On the Enterprise side:

productivity tracking devices
smart office lighting
autonomous trucking
drones
disease management systems
employee wellness trackers
automated retail checkout
security cameras with facial recognition
building management sensors
augmented reality maintenance equipment

What are the privacy risks and challenges of these devices?

Diminishment of Private Spaces: The presence of network-connected devices in private spaces such as one’s home can remove the sense of control and privacy, leading to the alteration of behavior. Malicious actors can also use the plethora of IoT devices to collect, use and disclose data in an attempt to exploit sensitive personal information for financial gain.

Bodily and Emotional Privacy: Wearable devices, implantable chips, fertility trackers and pills with the capability of communication are all challenging traditional notions of personal space. IoT connected devices also have the ability to read emotions through facial data, voice analysis, biometrics and other methods, which could lead to manipulation for marketing or use for other purposes.

Choice and Meaningful Consent: It can be difficult for consumers to get information about data collection and the privacy of devices, as well as tough to make changes to the privacy settings since IoT devices often lack screens. When combined with the fact that many people aren’t reading privacy notices, or doing so only during the initial agreement, it is hard to say that they are knowingly consenting.

User Control and Privacy Management

What can be done in order to enhance IoT device privacy? The report went into three primary areas of implementation that would help improve their user privacy:

Identity Management and Privacy Dashboards: The ability to identify people using a device, ensure authorization to see information, and modify privacy settings based on the consent and preferences of each user (on a multi-user device).

Transparency: The report suggests the use of just-in-time notifications (notices just before data collection occurs), periodic notifications (regular reminders to confirm ongoing data collection practices), layered notifications (use separate notifications to give users different information at different times, and context-dependent notifications.

Privacy by Design: Device manufacturers need to ensure that privacy is protected as part of the normal operation of the device given the unprecedented scale of data collection concerning people’s activities and behaviors. The report suggests companies should conduct privacy impact assessments, give users more power to control data collection, and withdraw consent to store data that has been previously collected.

Here is the link to the report (pdf) if you are interested in more information.

Need Help?

Clarip can assist IoT device manufacturers with the implementation of these recommendations and help improve the data privacy practices of the company. To see a demo of our software, call 1-888-252-5653.

Discover the Benefits of Privacy Management Software with Clarip

The Clarip data privacy software and team are available to help improve privacy and trust at your organization. Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo or speak to a member of the Clarip team.

If you are working towards GDPR compliance, try our modular GDPR software. Start with our automated GDPR data mapping software, enhance your privacy program with DPIA software, and meet ePrivacy requirements with the cookie consent manager.

If CCPA compliance in 2020 is on your radar, ask us about our California Consumer Privacy Act software. Improve efficiency of responses to data subject access requests with our DSAR Portal, or provide the right to opt out of the sale of personal information with our consent software.

Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo and speak to a member of the Clarip team.

Report Urges Transparency and Consent Management for IoT Privacy

Contact

888-252-5653

About

Consumers

Businesses