FPF Releases A New Privacy Paradigm for the “Internet of Things”

FPF Releases A New Privacy Paradigm for the “Internet of Things”

Today the FTC is hosting a workshop on the Internet of Things, which will feature many great panelists including FPF’s Co-Chairman Christopher Wolf.  Chris and FPF Executive Director Jules Polonetsky have also today released a whitepaper arguing for a new privacy paradigm in the new highly connected world.

The whitepaper argues that current implementations of Fair Information Practice Principles (FIPPs) are becoming outdated in the world of the Internet of Things, where nearly every device or appliance will be connected to the internet and collecting data about consumers.  Attempting to provide meaningful “notice” in a world of billions of connected devices is not feasible when many devices lack meaningful user interfaces or screens, and relying on consumers to read thousands of Privacy Policies will lead to many simply “giving up” on their privacy. Similarly, FIPP’s strict usage limitations may thwart technological progress, because many socially valuable uses of data are not discovered until the data is already collected.  The challenge then is to allow practices that will support progress, while providing appropriate controls over those practices that should be forestalled or constrained by appropriate consent.

To that end, the paper proposes the following principles:

Use anonymized data when practical.  Anonymizing personal information decreases the risks that personally identifiable information will be used for unauthorized, malicious, or otherwise harmful purposes.  Although there is always some risk of Re-Identification, when data sets are anonymized and stored properly, re-identification is no easy task.

Respect the context in which personally identifiable information is collected.  Managing consumer expectations is a good first step; however, respect for context should not focus solely on what individuals “reasonably” expect.  There may be unexpected new uses that turn out to be valuable societal advances or important new ways to use a product or service.  Rigidly and narrowly specifying context could trap knowledge that is available and critical to progress. Finding a balance may require more sophisticated privacy impact assessments that can analyze the impact of risks or harms and assess the potential benefits for individuals and society.

Be transparent about data use.  Organizations making decisions that affect individuals should, whenever feasible, disclose the high-level criteria used when making those decisions.  This will help insure that factors – such as a user’s ethnicity, sexual orientation, and political preferences – are not factored into a company’s determinations when they would be irrelevant or unduly discriminatory.

Automate accountability mechanisms.  Automated accountability mechanisms could monitor data usage and determine whether the uses comply with machine readable policies.

Develop Codes of Conduct.  Self-regulatory codes of conduct will be the most effective means to honor these preferences and others in the rapidly evolving landscape of the Internet of Things.  Codes of conduct could establish frameworks that enable individuals to associate usage preferences with their connected devices.

Provide individuals with reasonable access to personally identifiable information.  This will likely enhance consumer engagement with and support of the Internet of Things.

FPF has worked on a number of projects related to the Internet of Things and is looking forward to tomorrow’s workshop.


Posted On
Nov 19, 2013
Posted By
Ruby Zefo

Thanks for posting the whitepaper — I entirely agree on the difficulty of applying FIPPs to IoT. Further, some of these devices are proving challenging in the enterprise environment (she says, as she beta tests a new wearable compute device).

Posted On
Nov 20, 2013
Posted By
Amedeo Maturo Senra

Very interesting initiative.
Amedeo Maturo Senra

Leave a Reply

Privacy Calendar

all-day 6th Biannual International Surveillance & Society Conference
6th Biannual International Surve…
Apr 24 – Apr 25 all-day
The 6th Biannual International Surveillance & Society conference hosted by the University of Barcelona and supported by the Surveillance Studies Network is currently calling for [...]
12:00 pm Data Privacy in Education: Ensuring Student Security while Encouraging Innovation in K-12 Education @ Rayburn House Office Building, Room B-354
Data Privacy in Education: Ensur… @ Rayburn House Office Building, Room B-354
Apr 24 @ 12:00 pm – 1:00 pm
The Congressional E-Learning Caucus in cooperation with Into and the National Coalition for Technology in Education and Training presents a luncheon to discuss “Data Privacy [...]
all-day IAPP Europe Data Protection Intensive 2014
IAPP Europe Data Protection Inte…
Apr 29 – May 1 all-day
The IAPP Europe Data Protection Intensive features timely programming centred on the top issues impacting the European data protection community, with a focus on addressing [...]
5:30 pm InSecurity: Race, Surveillance and Privacy in the Digital Age @ New America Foundation
InSecurity: Race, Surveillance a… @ New America Foundation
Apr 30 @ 5:30 pm – 7:30 pm
Now more than ever, digital tools sit at a precarious tipping point, and many question whether they will be used to address pre-existing disparities, [...]
all-day Foreign Intelligence Surveillance in an Era of “Big Data” @ Jacob Burns Moot Court Room, George Washington Law School
Foreign Intelligence Surveillanc… @ Jacob Burns Moot Court Room, George Washington Law School
May 2 all-day
Discussions: Panel 1: Why Do We Conduct Foreign Intelligence Surveillance? What Are the Requirements? Panel 2: Making the Trade-Offs Between Surveillance and Civil Liberties Panel [...]
all-day IAPP Canada Privacy Symposium 2014
IAPP Canada Privacy Symposium 2014
May 7 – May 9 all-day
The IAPP Canada Privacy Symposium is the leading conference for education, debate and discussion of issues that matter most to Canadian privacy and data protection [...]
all-day Privacy Law Scholars Conference (7th Annual) @ The George Washington School of Law
Privacy Law Scholars Conference … @ The George Washington School of Law
Jun 5 – Jun 6 all-day
  UC Berkeley School of Law and The George Washington University Law School will be holding the seventh annual Privacy Law Scholars Conference (PLSC) on [...]
all-day Computers, Freedom, and Privacy 2014 Conference @ Airlie Center
Computers, Freedom, and Privacy … @ Airlie Center
Jun 8 – Jun 10 all-day
Mark your calendars! The 2014 Computers, Freedom, and Privacy Conference will be held June 8-10 at the Airlie Center in Warrenton, Virginia. The Airlie Center [...]

View Calendar