IoT companies should ensure consumer privacy, warns US regulator
Every new gadget revealed at CES seems to be connected to a smartphone, the Internet or location services in one way or the other, whether it's a headset that selects songs that match a runner's heart rate, a fire detector that can send a signal to smartphones, a button-sized computer that fits in tiny coin battery-powered devices orBluetooth snowboard bindings:
This shows that the age of connected devices, commonly referred to as the Internet of Things (IoT), has truly arrived. As billions of devices get connected, benefits for users could be immense as the new tech could help to improve global health, modernize cities and spur economic growth -- but at the same time the IoT has significant privacy and security implications, said FTC Chairwoman Edith Ramirez during a keynote speech at CES on Tuesday.
"Connected devices that provide increased convenience and improve health services are also collecting, transmitting, storing, and often sharing vast amounts of consumer data, some of it highly personal, thereby creating a number of privacy risks," she said.
The constant collection of data from connected devices can lead to unexpected uses of consumer data that could have adverse consequences and undermine consumer trust, Ramirez said. "That trust is as important to the widespread consumer adoption of new IoT products and services as a network connection is to the functionality of an IoT device."
Her concerns follow similar warnings from the industry in the past year. Intel's IoT chief Doug Davis, for instance, has called on developers to design connected devices with privacy and security in mind. It is essential to be able to trust in the devices as well as in the data they generate, he said during the Intel Developer Forum in San Francisco in September.
Former U.S. Deputy CTO Nicole Wong has also warned that IoT companies should be transparent about what data they collect and what they do with it to avoid government regulation of IoT security.
What's more, in the European Union, a group of privacy regulators issued an opinion on IoT in which they said consumers should remain in control of their personal data throughout the life of the product.
While the FTC can only enforce federal consumer protection laws and cannot create new regulation on its own, it can put pressure on U.S. law makers. Ramirez' speech showed that the regulator is clearly interested in the new wave of connected devices coming on the market.
"In my mind, the question is not whether consumers should be given a say over unexpected uses of their data; rather, the question is how to provide simplified notice and choice," Ramirez said.
"Some observers have argued that precisely because the IoT is in its early stages, we should wait to see how it evolves before addressing privacy and security issues. But I believe we have an important opportunity to ensure that new technologies with the potential to provide enormous benefits develop in a way that also protects consumer information," she said, adding that companies that are investing billions of dollars in this growing industry should make appropriate investments in privacy and security.
Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com