Meeting in one of the world’s most remote and private locations – the island of Mauritius off the coast of Africa – top global privacy regulators could have focused on any number of issues. But they were especially concerned that the Internet of things, everything from health sensors to monitors in a car, depends on connectivity which could expose users to significant privacy and security risks.
Data privacy commissioners from countries as different as Albania and Uruguay, Japan and Ghana last week discussed a wide range of developments related to personal data and security, but gave special attention to the growing array of networked devices that surround us at every turn of life.
“These devices can make our lives much easier,” the data and privacy commissioners said in a declaration. “The internet of things however, can also reveal intimate details about the doings and goings of their owners through the sensors they contain.”
“Personal development should not be defined by what business and government know about you. The proliferation of the internet of things increases the risk that this will happen.”
Data privacy commissioners watch a dance performance at their annual conference, held this year in... [+]
Although we buy these devices to gain data about ourselves or our surroundings – such as to monitor how many steps we take in a day or whether food is running low in the kitchen – the information could also prove valuable to manufacturers as they can sell it to others. In a recent article I profiled a medical device entrepreneur struggling with the fact that he would have to forgo income by not selling information users produce on his device.
Many companies say they only sell aggregated anonymized data – details about you and many others like you gathered into one large pile. But the data privacy commissioners worry that outsiders will still be able to identify you. That may not seem to matter much if all the data suggests is you need a new gallon of milk, but might be more sensitive if it showed your vital statistics were looking weaker month after month.
Come to think about it, even milk could reflect details about our lifestyles paired with other information, for it could show whether we prefer whole fat or fat free.
Or even more obviously, consider the announced but as of yet unavailable Sexfit penis ring by British company Bondara which transmits sex data. And as my colleague Kashmir Hill wrote in 2011, some Fitbit users in the past have found statistics about their sexual activity posted online.
“Internet of things’ sensor data is high in quantity, quality and sensitivity. This means the inferences that can be drawn are much bigger and more sensitive, and identifiability becomes more likely than not,” the Mauritius declaration said.
The seriousness of the Mauritius meeting, also attended by officials from Facebook,
Data privacy commissioners pose for a group photo at their annual conference in Mauritius (Photo by... [+]
So when it comes to the interconnected devices known as the Internet of things, private officials say companies should not surreptitiously collect data, if anonymously.
“Transparency is key: those who offer internet of things devices should be clear about what data they collect, for what purposes and how long this data is retained,” the privacy commissioners agreed. “They should eliminate the out-of context surprises for customers. When purchasing an internet of things device or application, proper, sufficient and understandable information should be provided.
France’s privacy commissioner Isabelle Falque-Pierrotin put it simply: “The Internet of things should stay under the control of the user.”
And a 5,000 word privacy policy that nobody reads does not provide true control. “Consent on the basis of such policies can hardly be considered to be informed consent,” the commissioners said in their statement. “Companies need a mind shift to ensure privacy policies are no longer primarily about protecting them from litigation.”
Yes, it is easy to make fun of government bureaucrats who fly to a paradise island to formulate policies (and it is not always the case: last year they met in Warsaw, next conference will be in Amsterdam). But they have provided some important insights to consider as gadgets surrounding our lives become ever smarter and linked to the world beyond.
