This document discusses privacy considerations for Internet of Things devices. It notes that IoT devices collect personal data that, even when fragmented, can reveal sensitive information when aggregated and analyzed. Many IoT manufacturers do not adequately explain how they collect, use, store, and allow deletion of personal information. The document advocates adopting privacy by design principles to build privacy protections into IoT technologies from the early stages of development through privacy impact assessments and data protection impact assessments. This helps understand privacy needs, shape better policies, and improve transparency while demonstrating adherence to high data protection standards.
2. 2
WHAT DO I
DO?
I am a programmer, data analyst, privacy and data protection advocate.
I value open society and fair policies.
I am a CEO of Privacy and Security Analysis Centre.
We work together with organisations and companies to ensure that
security, privacy and ethics are included in all aspects of technology and
data processing.
CONTACT:
mr@privacysecuritycentre.org
@Apsalaar
3. Internet of Things devices add to the pool of personal
data collected about us.
Even fragmented data - gathered, collated and
analysed - can reveal sensitive information.
We surrender our privacy because we are unaware
what data is collected and how it’s being used. Time
to change this.
The number of connected
devices is constantly growing.
It is predicted that Internet of
Things will expand to 25 billions
devices until 2020.
3
5. 5
What
happens to
our data?
We don’t
know.
➔ 59% of devices failed to adequately explain to
customers how their personal information was
collected, used and disclosed
➔ 68% failed to properly explain how information
was stored
➔ 72% failed to explain how customers could
delete their information off the device, and
➔ 38% failed to include easily identifiable contact
details if customers had privacy concerns
INTERNATIONAL STUDY SHOWS THAT
INTERNET OF THINGS MANUFACTURERS
DON’T COMMUNICATE PRIVACY TO THEIR
CUSTOMERS*
* Source: https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2016/09/privacy-regulators-study-finds-internet-of-things-shortfalls/
6. ● Giant data pool: Federal Trade Commission
states that fewer than 10.000 households can
generate 150 million discrete data points every
day
● Secondary uses of data: “predictive analytics”
and commercial data brokers
○ a data broker might handle more than 350
kinds of information about single user!
● Privacy becoming a “premium feature” or a
product for privileged users willing to pay for it
● Loss of consumers’ confidence and trust
blocking the innovation and IoT potential
Internet of Things Privacy Risks...
6
Image: https://www.flickr.com/photos/whaleforset/
7. 7
● Privacy standards are ensured best when you
introduce them during the design stage - Privacy by
Design is a methodology to follow
○ Proactive approach
○ Privacy as a default setting
○ Privacy embedded into design
○ Fully functional
○ End-to-end security
○ Transparency
○ User-centric
● Privacy Impact Assessment and Data Protection
Impact Assessment are tools helping to identify and
mitigate risks as well as producing better policies and -
in general - systems and APIs safer for their users.
… and how to mitigate them at very early stage
8. 8
BENEFITS OF
PRIVACY
IMPACT
ASSESSMENT
● It helps you to understand data protection needs
● … and shape better Privacy Policies
● It is also the best way to demonstrate that an Organisation follows
the highest data protection standards
● It greatly improves transparency
● conducting a Data Protection Impact Assessment might be
mandatory (GDPR) when processing of sensitive data is involved