The Internet of Things presents “significant privacy and security implications,” Federal Trade Commission Chairwoman Edith Ramirez told attendees of the Consumer Electronics Show earlier this month.
“Connected devices that provide increased convenience and improved health services are also collecting, transmitting, storing, and often sharing vast amounts of consumer data, some of it highly personal, thereby creating a number of privacy risks,” Ramirez said at the annual CES event.
Ramirez, who led an agency-sponsored workshop on the issue, focused on three “key challenges” at the intersection of the Internet of Things and consumer privacy: ubiquitous data collection, unexpected uses of consumer data, and heightened security risks.
With sensors and devices everywhere we turn – from our homes to our cars, and even our bodies – the everyday lives of consumers leave an increasingly robust digital trail, Ramirez said. This “ubiquitous data collection,” when coupled with an unexpected use, could have adverse consequences, she explained.
“Your smart TV and tablet may track whether you watch the history channel or reality television, but will your TV-viewing habits be shared with prospective employers or universities? Will they be shared with data brokers, who will put those nuggets together with information collected by your parking lot security gate, your heart monitor, and your smart phone?” she asked. “And will this information be used to paint a picture of you that you will not see but that others will – people who might make decisions about whether you are shown ads for organic food or junk food, where your call to customer service is routed, and what offers of credit and other products you receive?”
Going further, she noted the possibility that “as businesses use the vast troves of data generated by connected devices to segment consumers to determine what products are marketed to them, the prices they are charged, and the level of customer service they receive, will it exacerbate existing socio-economic disparities?”
Data security – already challenging – presents unique concerns in the Internet of Things context, she added.
How should we deal with these problems?
To enhance consumer privacy and security, the Chairwoman suggested that developers take three steps. First, adopt “security by design” by conducting a risk assessment as part of the design process, by testing security measures prior to launch, and by monitoring products throughout their life cycle.
Second, engage in data minimization. “[C]ompanies should collect only the data needed for a specific purpose and then safely dispose of it afterwards,” Ramirez said. “Data that has not been collected or that has already been destroyed cannot fall into the wrong hands. Collecting and retaining large amounts of data greatly increases the potential harm that could result from a data breach.” De-identification, where possible, will also help, she added.
To read Chairwoman Ramirez’s prepared remarks, click here.
Why it matters: Chairwoman Ramirez did recognize the “immense” potential benefits of connected devices – such as smart glucose meters that can make glucose readings accessible to those with diabetes and their doctors – but emphasized the need to protect consumer privacy as the industry develops. “We are on the cusp of a new technological revolution,” she told attendees. “I believe we have an important opportunity to ensure that new technologies with the potential to provide enormous benefits develop in a way that also protects consumer information.”