Privacy by design – essential for the growth of the Internet of Things?

Technology vendors such as Intel, Sony and LG, showcased new wares, intent on capturing a major share of these burgeoning markets. But amid excitement at the prospect of a world in which all manner of ‘things’ – including cars, appliances, houses and even our bodies – were connected over the internet, concerns were raised about the privacy and data security implications of this seemingly inevitable future.

The IoT and its wearable technology subset are seen by many to have huge growth potential. Analyst firm, Gartner, predicts that the IoT, excluding PCs, smartphones and tablets, will grow to 26 billion units installed in 2020. As mentioned in my recent article on wearable technology in business, Credit Suisse suggests that the wearable technology market will grow to a substantial US$50 billion by 2018. Indeed, it’s hard to find a list of tech industry predictions for this year that doesn’t include something on the continuing rapid rise of wearable technology and/or the IoT.

As the CES confirms, many companies – from multinationals to startups and their backers; and not just conventional ‘tech’ firms – are already investing heavily in this area. For example, on the ‘smart’ or connected devices front, LG, Samsung and others showed a host of home and kitchen appliances that could communicate with smartphones or tablets. Car manufacturers such as BMW and Audi demonstrated their latest driverless car technology.

Looking at wearables in particular, Sony announced ‘SmartBand’, a health and fitness tracker expected later this year, and a company called Sleep Number unveiled a smart ‘superbed’, which monitors the entire body and may improve people’s sleep and even stop snoring. Tech startup, Innovega, showcased a prototype smart contact lens and glasses system that is claimed to give the wearer superhuman vision and augmented reality functionality.

The wearable examples above highlight a key trend: smart technology is set to become increasingly ubiquitous and intimate. Some commentators see this leading to devices worn inside the body, with huge potential healthcare benefits. There are already examples of people connecting the inside of their body to the internet in ‘bio-hacking’ experiments. Even if not taken to this extreme, however, smart wearable technology makes the human body just as much a part of the growing IoT as a smart TV – connected to a colossal, networked ecosystem and generating large quantities of personal data.

What becomes of this data is an important question for all involved in the development, manufacture, application and use of the IoT and wearable technology. If these areas grow as predicted, then more things, and more types of things, will be sharing more comprehensive personal data. For instance, always-on sensors inside someone’s body might automatically transmit health information to remote servers, which is then analysed by the technology vendor, stored in the cloud and potentially shared with third parties. Although such activity might benefit all concerned, it is likely to become increasingly difficult for individuals to keep track of, and control, what data is shared, when and with whom, and where it's stored.

In a vision of the future where everything is connected, personal data will be collected from a multitude of devices such as an individual's phone, laptop, tablet, car, fridge, bed, contact lenses, watch, t-shirt, fitness band, home lighting system and even a microchip under their skin. It would be very difficult – if not impossible – to read all the privacy policies for these devices and give informed consent to the use of their personal data.  In the wake of the CES, privacy concerns have focused on the lack of transparency about data processing with calls for manufacturers to be up front about who will have access to the data, and for what purpose. 

Under EU data protection law, individuals must be given clear and transparent information about what data is collected about them and how it will be used, in addition to rights to manage their personal data - for example by requesting that inaccurate data is corrected. The IoT may make these rights increasingly difficult to exercise in practice. EU law also requires the collection of data to be limited to what is needed for the primary purpose of the technology (the 'data minimisation' principle). However this concept does not sit comfortably with the 'big data' trend of aggregating and crunching pools of data for new applications.

Data security has also been highlighted as a key concern for consumers of wearables and other devices.  Hacked devices could expose a huge amount of intimate and extensive personal data about an individual's health, home and work life. This can – and does – already happen with laptops and smartphones, but the potential scale and intrusiveness of such breaches in a connected future is already ringing alarm bells.

Of course, some people may not be concerned about these issues. Many consumers are prepared to accept that to reap the benefits of the connected world they have to effectively trade their data and lose some control over it.  However, for others, the benefits of connected devices do not yet outweigh the privacy concerns and they fear that in the excitement of the race to create a connected future, these concerns will be brushed under the (smart) carpet. 

To address these concerns and data compliance issues, manufacturers need to address privacy and security issues and legislative requirements at the design stage – and not as an afterthought – and, in the EU at least, will need to develop technological solutions to empower individuals to track and manage their own data. These are major challenges, but meeting them would help ensure the future of ubiquitous computing and connectivity, and open the way to huge growth in the IoT and wearable technology markets.

If you have any questions on this article please contact us.

Regulatory

Privacy & Cookie Policy

Terms of Use

© 2021 Taylor Wessing LLP