Internet of Things and Privacy

The Internet of Things (a/k/a “IoT”) functions through smart devices that communicate with each other and collect data without human interaction. These devices include smart cars, smart homes, smart hospitals, smart highways, or smart factories.  However, the lack of security protecting information is creating privacy concerns as data is collected by companies and shared with third parties (e.g., marketing firms, governmental agencies).  Also, the smart device can be accessed without authorization (i.e., hacked) by third parties and its information can be used for various illegal purposes.

What is the Internet of Things and what private information does it hold?

According to the Organization for Economic Cooperation and Development (“OECD”), one of the Fair Information Practice Principles is the collection limitation of personal data. Stated otherwise, data should be collected with the owner’s consent, through fair and lawful means, and should be limited.  The OECD has issued its guidelines that are considered as minimum standards for the protection of privacy and individual liberties.  From a practical standpoint, these principles (and relevant guidelines) should be uniformly enforced in the United States and other countries.

The Internet of Things is the term for the network of objects that are connected and controlled remotely while collecting data. For example, fitness trackers connect to your smartphone and show where you have been running, how fast you have been running, and are used by people to keep track of their eating habits.  In general, the information in the Internet of Things differs from the information on the Internet because most of the information on the Internet (i.e., world-wide-web) is public.  One of the main electronic devices that collects data is a smartphone. When using apps, data is collected from a number of things that are private.  For example, apps can collect data for advertising companies, product development companies, and even the government.  Although, it may seem that this information is harmless, however, information such as bank accounts, credit card numbers, or social security numbers constitute private information.

What are the effects of a privacy breach?

One of the most recent, and widely discussed incidents, involves the Internet of Things in relation to automobile systems. In fact, in July 2015, Fiat Chrysler was required to recall 1.4 million vehicles due to computer hackers’ access into their vehicle’s dashboard connectivity system, which was called “Uconnect.”  Although, an obvious concern is the security risk of hackers being able to remotely control the vehicle, the other concern is protecting the privacy of data that the vehicle holds within its computer system. The data may include a person’s contacts, where he/she drives and how he/she gets there, his/her music preferences, and other information that a person would consider as private. From shopping to the games played, the food eaten to the pregnancy monitoring, private information is available and collectable by and through smart devices that are within the realm of the Internet of Things. Therefore, a privacy breach may result in identity theft and invasion of privacy.

At our law firm, we assist clients with legal issues related to privacy, cloud computing, and cybersecurity. You may contact us to set up an initial consultation.