IoT Policy, Law and Reality
(Demonstrating the art of keeping fellow panelists riveted)
Last week I was invited to participate in a panel in New York put on by the International Association of Privacy Professionals (IAPP) along with Jules Polonetsky, Executive Director and Co-chair, Future of Privacy Forum; Gary A. Kibel, a technology and privacy specialist at hosts Davis & Gilbert law firm; and Ron De Jesus, the Cybersecurity and Privacy Manager at PwC.
The focus of the event was on IoT consumer disclosures, security, privacy and functions and the panel was called: “The Internet of Things – Policy, Law and Reality”. EVRYTHNG was there to represent the “reality”. In other words, the IAPP was keen to balance the policy and legal perspectives with those who could speak about privacy and data challenges from the pov of a technology provider operating smart products for global brands at scale.
Security and Privacy (security of course being intrinsically linked to data privacy – the former protecting the latter) is an area EVRYTHNG is enormously interested in; they’re two of the weightiest issues in IoT and the biggest barriers preventing widespread adoption.
(Source: Business Insider, April 2015)
Commenting on security inefficiencies in the recent FTC report “Privacy and Security in a Connected World” [PDF, 671KB], FTC Chairwoman Edith Ramirez said: “The only way for the Internet of Things to reach its full potential for innovation is with the trust of American consumers.”
For consumer brands, where intangibles account for an ever-growing portion of a company’s value, trust has always been a brand’s single most valuable brand asset. If you define a brand as ‘a promise delivered’, then trust is the emotional shortcut to a belief that the brand will continue to deliver on its promise. When you trust a brand there’s no need to read the small print, no need to shop around, and every reason to spread the word to others so they can believe and buy it too. In short: consumers are more likely to prefer, pay more for and recommend brands they trust compared to similar products in the market.
This loads a tremendous responsibility on brands to properly manage consumer data, keep it safe and respect individual permissions and sharing preferences. The careful balancing act between managing enough data to provide a valuable consumer experience through personalization, and maintaining a firm grip on privacy is the next great brand challenge.
Each user should be able to provide their individual permissions for how data can be shared and know exactly how it will be used; brands need to be as transparent as they are compliant. Applications powered by this data need to be flexible with multiple data points, touch points, and lifespans, simplifying the complexity of the digital ecosystem connections the app needs to make. And the data transferred between different products and devices needs to be managed within strict parameters, such as type, time, frequency, usage, and application type. It must be easy to revoke permissions at any time, including the right to be forgotten.
Fellow panelist Jules Polonetsky pointed out a number of IoT grey areas with current legal guidelines. For instance “data minimization” – limiting what is collected and the period it needs to be kept for. He agreed with my point, that the more sophisticated these new ecosystem connections become, the more data will be required to enable the most relevant, useful and personal consumer experiences – so how much data is too much?
(What’s inside Amazon’s Echo device)
To illustrate the complexities of how brands remain compliant and transparent, Jules talked about voice-activated interfaces to IoT which are constantly listening for commands and storing data on 3rd party servers potentially being analyzed with 3rd party vendor software. Amazon Echo does this well by listening for the right command before it transmits, analyzes and stores relevant voice data. By contrast, Samsung got into trouble earlier this year when it wasn’t clear what was being done with user data when they activated the voice feature on their Smart TVs.
Legal definitions are also changing fast as technology evolves and constantly need to be updated. Wearables were once defined as portable technology you wear on your body. Now they have to include companion accessories you might also put under your mattress to track sleep patterns, or by your bed to track air quality and noise.
In our Wearables white paper we talked about the importance of ecosystem connections and enabling the controlled sharing of data horizontally across device clouds to enable a number of connected life scenarios – such as aggregating fitness data resulting in lower health insurance. This is already starting to happen: John Hancock insurance has partnered with incentive-based health program specialists The Vitality Group to offer policyholders discounts on their premiums based on their level of fitness activity using tracking data from wearable devices like Fitbit.
To maintain privacy and security as these connected data services expand, you need software like EVRYTHNG to manage the fine-grained access and permission controls, plus real-time data relationships with other people, products, apps and enterprise systems, for a diverse set of digital object identities at scale. It’s a non-trivial, real-time data management challenge.
Every product manufacturer has to find the right balance between privacy and personalization for their brands. Enabled by the right IoT technology data systems, if consumers can enjoy the benefits of IoT (personalization, convenience, efficiency) without having to compromise privacy or security, that would be the best of both worlds.