Today, January 28, 2015, is Data Privacy Day. As such, it’s apt that the US Federal Trade Commission (FTC) chose the previous day to release a major staff report on privacy and security for the Internet of Things (IoT). It’s worth noting that the FTC isn’t the only major government body taking action on IoT privacy. On September 16, 2014, a key European Union body tasked with protecting data privacy, the Article 29 Data Protection Working Party, also adopted a report on IoT privacy and security.
Such government action on protecting data privacy is welcome and timely. Consumer use and acceptance of IoT devices and services such as fitness monitors, connected cars, thermostats, smart watches, etc. is on the rise, and is a promising new market for technology companies around the world. Still, the market is nascent and vulnerable to changes in public sentiment. Already we are seeing IoT privacy issues with potential threats to individual privacy in the IoT market. Digital advertising, an industry which in the past has seen members adopting questionable techniques which could infringe privacy, is clearly signaling interest in the IoT market. Already at the beginning of 2015, a mobile advertising company has announced an advertising platform for the Apple Watch. Advertising can benefit individuals and clearly can play a beneficial role in the IoT market. Given the potential for data privacy violations of IoT data to expose very sensitive data, the advertising industry, and technology industry as a whole, needs to proactively take concrete action to protect data privacy on IoT. A failure to do so could jeopardize this promising market before it fully takes off.
Looking at the the recommendations the FTC released in its report, they are basic, common sense actions applicable to most any digital business. They include adopting security by design, minimizing the data collected and retained by organizations, and ensure that individuals have proper notice and consent around services which collect their data. Yet there is another recommendation the technology industry needs to take very seriously. It’s important to note that the FTC only has power to enforce existing laws, but they can be a powerful influence on legislation. In the report, the FTC calls on the US Congress to pass “strong, flexible, and technology-neutral” data security legislation. Should the technology industry ignore the FTC and the inevitable IoT data privacy scandal becomes part of the national conversation, this legislation could take a form which the technology industry won’t like.