The Information Commissioner’s Office (“ICO”) has recently released a blog post in which they highlight concerns about the potential data protection implications which sit alongside developments in the internet of things.  They urge caution to be taken both by companies involved in the advance of this fast-growing area, and by the public in their use of technology which will increasingly permeate their everyday lives over the coming years.

The ICO blog post comes during the consultation period for a document published by Ofcom in which they seek input on similar issues, and views on the actions required to ensure that the UK takes a leading role in the emerging internet of things.

Background – what is the ‘Internet of Things’?

This phrase has been coined to describe those devices which are and will become capable of communication via the internet either through programmed commands, or by ‘learning’ patterns of behaviour and activity so as to recognise common occurrences in our everyday lives, and communicate with other devices accordingly. 

There are many obvious advantages to having this kind of technology available; from a house which knows when you are home and can deactivate your burglar alarm, turn on your central heating and your lights, to a fridge which knows what to add to you weekly shop, to an umbrella which can beep to remind you to take it out with you if it is forecast to rain.  At the more serious end of the spectrum the potential health benefits of devices having this kind of communicative quality could be incredibly valuable. 

Data Protection and Privacy Concerns

Whilst the exciting development of devices bounds ahead, it brings with it new concerns regarding the potential vulnerability of device owners’ personal information.  In order to fulfil their role within the internet of things, devices will undoubtedly have access to information about an individual which that person may not be comfortable sharing with others.  A security breach could see that information being unwittingly shared with a much wider audience. 

The ICO blog refers to research carried out by Which? suggesting that “the information currently provided to consumers is inconsistent and the choices allowing consumers to stop some of their information being used are often difficult to find and understand”.

Companies will need to ensure that they stay on the right side of Data Protection legislation and make it clear to consumers what they are agreeing to when they purchase and activate smart devices.  In addition to UK statute, companies will also need to be mindful of the proposed new EU regulation regarding data protection when they formulate new policies and review existing policies, to ensure that they are and remain in compliance with all applicable law. Consumers will need to be proactive in seeking out the terms and conditions of the service they are purchasing, and understanding whether they have the ability to opt out of providing details which they would not want communicated.

Next Steps

The concerns raised by the Information Commissioners Office are seemingly echoed by Ofcom, who have published a consultation document: ‘Promoting Investment and Innovation in the Internet of Things’.  Ofcom are inviting input from stakeholders regarding, among other things, their thoughts on the scale and nature of security and resilience risks, and their views on the next steps to be taken to mitigate those risks.  They also want to understand the scale and nature of privacy issues that will emerge through development of the internet of things.  The deadline for responses to Ofcom’s consultation paper is 1 October 2014, and it will be interesting to see the view they develop in light of the feedback they obtain.

The internet of things looks set to break new ground not only in terms of the everyday lives we lead and the place which technology has in it, but also to raise searching moral and legal questions regarding the boundaries for sharing personal information, and how much is too much?

To see the Information Commissioner’s Office full blog post please click here

To access Ofcom’s paper please click here