Clearly Opaque: Privacy Risks of the Internet of Things

Rosner, Gilad and Kenneally, Erin, Clearly Opaque: Privacy Risks of the Internet of Things (May 1, 2018). IoT Privacy Forum

151 Pages Posted: 4 Mar 2019

See all articles by Gilad Rosner

Gilad Rosner

University of Nottingham - Horizon Digital Economy Research Institute; Internet of Things Privacy Forum

Erin Kenneally

Elchemy ; International Computer Science Institute (ICSI); UC San Diego, CAIDA

Date Written: May 1, 2018

Abstract

The proliferation of network-connected devices, also known as the “Internet of Things” (IoT), offers unprecedented opportunities for consumers and businesses. Yet devices such as fitness trackers, personal home assistants (e.g., Amazon Echo, Google Home), and digital appliances are changing the nature of privacy as they operate silently in the background while transmitting data about a broad range of human activities and behaviors. As “smart” becomes the new default setting for devices, consumers are further losing the ability to monitor and control the data collected about them, and they often have little awareness of what is done with their data downstream. The risks of sharing data through smart devices are not always clear, particularly as companies combine data from different sources to infer an individual’s habits, movements, and even emotions.

This report is the culmination of eighteen months of empirical research into the privacy risks of the internet of things, involving over forty experts, scholars, business-people, advocates, regulators, lawyers, engineers, and other experts. It provides an overview of some of the key privacy issues resulting from the expansion of the IoT, as well as emerging frameworks that could help policymakers and corporate leaders reduce potential harms through regulation and product design. Among the findings outlined in this paper:

• The IoT has the potential to diminish the sanctity of spaces that have long been considered private, and could have a “chilling effect” as people grow aware of the risk of surveillance. Yet the same methods of privacy preservation that work in the online world are not always practical or appropriate for the personal types of data collection that the IoT enables.

• Several frameworks have emerged for addressing the privacy issues that the IoT presents. Some focus on giving users more meaningful, granular control over the data that is collected, when it's collected, and how it is shared, while others focus on the accessibility and correct timing of privacy notices.

• Policymakers should take steps to regulate the privacy effects of IoT before mass sensor data collection becomes ubiquitous, rather than after. Omnibus privacy legislation can help regulate how data is handled in the grey areas between sectors and contexts. Europe’s General Data Protection Regulation (GDPR), coming into force in 2018, will have an impact initially on IoT devices created and sold in the EU, and will affect those from the US as well over time.

• Having broad non-specialist conversations about the use, collection, and effects of IoT data is essential to help the populace understand technological changes in this space and how they affect privacy expectations.

• Makers of IoT products and services should employ a variety of standard measures to provide greater user management and control, as well as more effective notification about how personal data is captured, stored, analyzed, and shared.

Keywords: internet of things, privacy, IOT, notification, governance, technology policy

Suggested Citation

Rosner, Gilad and Kenneally, Erin E., Clearly Opaque: Privacy Risks of the Internet of Things (May 1, 2018). Rosner, Gilad and Kenneally, Erin, Clearly Opaque: Privacy Risks of the Internet of Things (May 1, 2018). IoT Privacy Forum. Available at SSRN: https://ssrn.com/abstract=3320656

Gilad Rosner

University of Nottingham - Horizon Digital Economy Research Institute ( email )

United Kingdom

Internet of Things Privacy Forum ( email )

Erin E. Kenneally (Contact Author)

Elchemy ( email )

8677 Villa La Jolla Drive # 1133
La Jolla, CA 92037
United States

HOME PAGE: http://www.elchemy.org

International Computer Science Institute (ICSI) ( email )

Berkeley, CA
United States

HOME PAGE: http://https://www.icsi.berkeley.edu/icsi/

UC San Diego, CAIDA

9500 Gilman Drive
Mail Code 0502
La Jolla, CA 92093-0112
United States

Register to save articles to
your library

Register

Paper statistics

Downloads
14
Abstract Views
64
PlumX Metrics