The Internet of Things (IoT) was, once again, one of the hottest topics at the annual Consumer Electronics Show (CES) in Las Vegas this year, and also featured at Mobile World Congress (MWC). But amid the excitement and investment, privacy concerns about this brave new connected world persist.
At CES earlier this year, technology vendors such as Philips Hue, Honeywell and LG showcased new wares, intent on capturing a share of the burgeoning IoT market. CES marked the culmination of a steady string of launches of IoT devices over the previous year. For instance, Google started testing self-driving cars in 2014, and was followed by Mercedes, Audi and BMW announcing their own self-driving car prototypes. Rumour has it that Apple is also looking to join the race.
Connected devices have moved into the traditional mobile arena of the MWC. As Jennifer Belissent from analyst firm Forrester notes in her blog about the event: "The reign of mobility gives way to the new rule of connectivity. Yes, we are mobile but the key is that while we are roaming the halls at work or the streets of a foreign city, we remain connected to the people and things we want and need to interact with."
The IoT and its wearable technology subset are seen by industry experts to have huge growth potential. Researchers at Deloitte predict that one billion wireless IoT devices will be shipped this year, a 60% increase on 2014. But amid excitement at the prospect of a world in which all manner of 'things' – including cars, appliances, houses and even our bodies – are connected over the internet, there are concerns about the privacy and data security implications of this seemingly inevitable future.
Smart devices that have appeared over the past few years – be they kitchen appliances, security systems, cars or watches – highlight a key trend: connected technology is set to become increasingly ubiquitous and intimate. There are already examples of people connecting the inside of their body to the internet in 'bio-hacking' experiments. Even if not taken to this extreme, however, smart wearable technology, in particular, makes the human body just as much a part of the growing IoT as a smart TV – connected to a colossal, networked ecosystem and generating large quantities of personal data.
What becomes of data generated, collected or processed by the IoT is clearly an important question for all involved in the development, manufacture, application and use of related technologies. If this area grows as predicted, then more things, and more types of things, will be sharing more comprehensive personal data. For instance, always-on sensors inside someone's body might automatically transmit health information to remote servers, which is then analysed by the technology vendor, stored in the cloud and potentially shared with third parties. Although such activity might benefit all concerned, it is likely to become increasingly difficult for individuals to keep track of and control what data is shared, when and with whom, and where it's stored.
In a vision of the future where everything is connected, personal data will be collected from a multitude of devices such as an individual's phone, laptop, tablet, car, fridge, bed, contact lenses, watch, t-shirt, fitness band, home lighting system and even a microchip under their skin. It would be very difficult – if not impossible – to read all the privacy policies for these devices and give informed consent to the use of their personal data. Privacy concerns have focused on the lack of transparency about data processing and there have been calls for manufacturers to be up front about who will have access to the data, and for what purpose.
Under EU data protection law, individuals must be given clear and transparent information about what data is collected about them and how it will be used, in addition to rights to manage their personal data - for example by requesting that inaccurate data is corrected. The IoT may make these rights increasingly difficult to exercise in practice. EU law also requires the collection of data to be limited to what is needed for the primary purpose of the technology (the 'data minimisation' principle). However this concept does not sit comfortably with the 'big data' trend of aggregating and crunching pools of data for new applications.
Data security has also been highlighted as a key concern for consumers of wearables and other devices. Hacked devices could expose a huge amount of intimate and extensive personal data about an individual's health, home and work life. This can – and does – already happen with laptops and smartphones, but the potential scale and intrusiveness of such breaches in a connected future is already ringing alarm bells.
Of course, some people may not be concerned about these issues. Many consumers are prepared to accept that to reap the benefits of the connected world they have to effectively trade their data and lose some control over it. However, for others, the benefits of connected devices do not yet outweigh the privacy concerns and they fear that in the excitement of the race to create a connected future, these concerns will be brushed under the (smart) carpet.
To address these concerns and data compliance issues, manufacturers need to address privacy and security issues and legislative requirements at the design stage – and not as an afterthought – and, in the EU at least, will need to develop technological solutions to empower individuals to track and manage their own data. These are major challenges, but meeting them would help ensure the future of ubiquitous computing and connectivity, and open the way to huge growth in the IoT market.