Kevin Ashton, an expert on digital innovation, stated 15 years ago that, “If we had computers that knew everything there was to know about things—using data they gathered without any help from us—we would be able to track and count everything, and greatly reduce waste, loss and cost. We would know when things needed replacing, repairing or recalling, and whether they were fresh or past their best.” We are a lot closer to that reality now than when Mr. Ashton first wrote those words.
As most people know by now, the Internet of Things is the ever-more-present future in which everyday objects like refrigerators and thermostats have network connectivity, allowing them to send and receive data to a source—whether you know it or not. Potentially helpful uses include things like smart meters that conserve energy in homes, saving natural resources as well as money for consumers. But not all uses are necessarily helpful. For example, what about health care insurance providers tracking measurable health information and making decisions on insurability based on such measures? And what happens if hackers take over networks where connected devices reside?
As one can quickly surmise, the Internet of Things can be great, or it can be risky. Whatever your perspective, the reality is that the Internet of Things is here and will only become more ingrained in society. Our lives and our digital environment are becoming increasingly interconnected.
In January 2015, the FTC released a report, “Internet of Things: Privacy and Security in a Connected World.” It is an important read. In it, the agency describes the technological landscape, reviews the benefits and risks, and develops its thinking on the incorporation of privacy principles into the design of the Internet of Things. Such principles as data security, data minimization (collect only what you need), and notice and choice are a part of the FTC’s thinking in this area.Though the privacy risks are real, the FTC’s report doesn’t advocate legislation to address those risks. No doubt this decision will be revisited. In addition, the FTC has a history of breaking into new areas of technological advancement that implicate privacy by bringing enforcement actions under Section 5 of the FTC Act, even without first making it clear to the players in the field what the rules are. Thus, developers and manufacturers of new, connected technologies should be exploring “privacy by design.” No one wants to be the FTC’s target in its first Internet of Things enforcement action.