CTO Insights: Internet of Things — Whose Data Is It, Anyway?
Everywhere you look, it seems to be that everything is becoming “smart”. On my wrist, I frequently wear a smart watch that monitors how many steps I take, what my heart rate is, and so on. At home, a smart thermostat can be controlled via an app, or even be programmed based on my own behavior. I can even have a camera that will either let me see who’s at the door, or let me talk to my cats while I’m in the office.
All of these devices are generating one thing: data. The smartwatch is keeping track of my health data. The thermostat is keeping track of what’s going on inside my home. The cameras are keeping track of what they see and when they are turned on. A lot of this data is passed on to the providers of these services, which frequently say they are “free”.
This may well be the most concrete way that users will feel “Big Data”. Service providers can – and already, are – using Big Data to provide improved services to their customers. In a way, they already know you better than you know yourself.
Who is in control of all this data? Is it us consumers, or is it the service providers? What happens to the data – is it used just to provide services to the customers, or is it also sold off to other third parties?
Businesses may say as part of their terms of service that they won’t sell your information, but is that really the case? When the American retailer RadioShack went bankrupt, customers may have thought that their personal information would simply vanish into thin air, but that wasn’t the case. RadioShack is actually trying to sell this information! This includes your name, address (both physical and e-mail), phone number, and what items you bought.
You may not feel this information is particularly secret, but few of us would be happy to see this info sold to the highest bidder. It’s a good thing that several states have expressed concern about this, as ordinary consumers deserve to have their information protected.
Consider who could be interested in the data that your smart devices collect. Your health insurance would be very interested; imagine if they charged people who didn’t meet their daily steps goal higher premiums! Some people may not particularly like this idea, and I can see why.
What’s important is consent and opt-in. Users need to be in control of their data – who gets it, and what is it used for. What should the creators of smart devices to to protect and reassure their users? Their devices – and the data they contain – must be designed with the following three basic principles in mind:
- Security by design: smart devices need to be designed with security in mind. It is easier to secure something that is on a secure foundation, instead of something where security was an afterthought.
- Secure user data: treat any information collected by smart devices as valuable. Encrypt it and ensure that proper authentication is in place to access them.
- Transparency and clarity: ensure that the organization is always transparent and clear with what happens to their data: what it’s for, who has access to it, etcetera. The user has to be in control of what is ultimately their data
The Internet of Things can be a venue for innovation and new possibilities, but it can also be used to break basic notions of privacy and confidentiality. Companies should endeavor to keep the interests of users in mind, otherwise, I can foresee government regulations being used to protect consumers. This may have consequences that we cannot predict.