I attended an interesting conference yesterday, the Hypercat Summit in London. The conference was primarily about how new technology and smart systems will affect all aspect of life and business.
One of the recurring themes, particularly during the Internet of Things session and panel debates, was with regards to data privacy and data collection. There were long debates on the problems with data collection from smart devices and how this data may be used.
For example smart fridge data. The monitoring benefits are obvious but then again so are the pitfalls. The data could be used in all sort of ways it was not intended to be used to expose eating habits, types of foods stored etc.
The problems is exacerbated when you consider how this data may be shared. John Davies, from BT, said “We need to avoid silos and move towards an open ecosystem. This will ensure we can realise the maximum value from data on the IoT by making it open to as many people as possible.” Open is good from an iOT perspective but potentially bad from a data privacy perspective.
The debate meandered in some interesting ways, one of which was blaming the freemium model for an implicit acceptance that free use of a service was a freudian pact that enable the company offering the service to do what they will with the data collected or stored. The premise being that there is no free lunch, which indeed there is not.
An interesting suggestions was for freemium services to enable users to pay a fee to use the service rather than give carte blanche access to their data. Perhaps this could indeed be successful given that one of the panelists, Symantec, volunteered the information that in a recent survey they found that consumers now view data privacy as more important than quality of service
There was a push by certain members of the IOT panel around the use of anonymised data as a means to combat the privacy issues, but do consumers and businesses really trust anonymised data ?
Personally I think “trust” itself is the bigger issue to resolve. Individuals and users need to trust the companies and the governments who collect and have access to their data, and have confidence in them honouring their obligations of how this data is protected, how it is accessed, and who has access to it.
We can split this out into two scenarios
Data Security – This secure access to data but it is not in and of itself data protection.
Data Protection – Protects access to data through a privacy policy /and a strict governance and data handling framework.
Trust is a key piece of the whole thing. This can be related to the trust users place in a company with regards to securing their data but it is equally applicable to the trust users place in the company as to who they let have access to this data.
Companies and individuals can quickly lose trust and there should be strict and severe penalties for companies who store data who breach this trust as this itself will force companies to take trust issues seriously as well as giving consumer confidence that breaches of trust are suitably punished.
There were interesting comments around data privacy and standards. Rather than dig into these I shall use a very apt comment from IBM’s Andy Stanford-Clark, “IoT standards are like toothbrushes – everyone needs them, but nobody wants to use anybody else’s” – so very true.
Perhaps the last words should be left to Darren Thomson from Symantec whose view I echo and which was that security, encompassing privacy concerns, needs to be a key fabric of IOT given that so much personal information is likely to be shared via the use of it. Unfortunately I don’t think we are yet very far along the road to making that happen.