The Internet of Things (“IoT”) is one of the latest technology which integrated into our lives and surroundings that is connecting more devices every day. This rapidly-spreading new technology brings network access to all sorts of devices even into non-computer products such as from cameras to washing machines. Nowadays, its use extends into the home, retail, and public spaces, enabling new forms of interaction, entertainment, commerce, and communication. According to a forecast by Business Insider, there will be over 64 billion IoT devices by 2025.
It is undoubtedly beneficial to extend this technology to different uses. Having a smart lighting system is not only a cool smart home feature but also can reduce overall energy consumption and lower your electric bill or using a pair of headphones that allows you to connect with all of your devices at the same time. However, since more devices are connected to other types of devices which increases the connectivity and data collection, protecting privacy becomes a hot topic due to the increasing difficulty in control.
The methods of data collection in the IoT lead us to privacy challenges such as obtaining consent for data collection, allowing users to control, customize, and choose the data they share, and ensuring the use of collected data is limited to the stated purpose. These challenges are made more difficult by the increased potential for misuse of personal data by the IoT developers that may lead to “profiling” through tracking of habits, behaviors, and locations over a period of time.
In order to tackle these privacy-related problems, many organizations are trying to increase awareness and create some guidelines for the industries. The World Economic Forum (“WEF”) is one of them which teamed up with the Massachusetts Institute of Technology (“MIT”) and in 2018 published a white paper called “Realizing the Internet of Things: A Framework for Collective Action”. In this document, “Security and Privacy” were given as one of the “Five Pillars Shaping the Development of IoT”. It is very clear that the terms security and privacy are used together to define a single issue. This approach is quite common while addressing these problems in IoT, due to the fact that most of the privacy breaches happen after a security breach.
As a simple guideline, the U.S. Department of Homeland Security published a document, namely “Strategic Principles for Securing the Internet of Things (IoT)” that provides a set of guiding principles to offer stakeholders a way to organize their thinking about how to address these IoT security challenges. Among these principles, the one that truly combines the privacy aspect as well is “Incorporating Security at the Design Phase”, because the design phase is also the perfect time to implement the famous “Privacy by Design” and “Data minimization” principles. Therefore, an IoT infrastructure should be designed in a way that the collection and handling of personal data should be minimized to a level that is necessary for the operation of the IoT device and/or service.
In conclusion, it is clear that IoT devices are going to be more prevalent in the future but privacy concerns are a significant topic even today. Inarguably, ensuring security and minimizing the amount of data in the design phase of an IoT architecture is a huge step towards reaching a better level of privacy.
Burak Özdemir, CIPP/E