FPF Releases A New Privacy Paradigm for the “Internet of Things”

FPF Releases A New Privacy Paradigm for the “Internet of Things”

Today the FTC is hosting a workshop on the Internet of Things, which will feature many great panelists including FPF’s Co-Chairman Christopher Wolf.  Chris and FPF Executive Director Jules Polonetsky have also today released a whitepaper arguing for a new privacy paradigm in the new highly connected world.

The whitepaper argues that current implementations of Fair Information Practice Principles (FIPPs) are becoming outdated in the world of the Internet of Things, where nearly every device or appliance will be connected to the internet and collecting data about consumers.  Attempting to provide meaningful “notice” in a world of billions of connected devices is not feasible when many devices lack meaningful user interfaces or screens, and relying on consumers to read thousands of Privacy Policies will lead to many simply “giving up” on their privacy. Similarly, FIPP’s strict usage limitations may thwart technological progress, because many socially valuable uses of data are not discovered until the data is already collected.  The challenge then is to allow practices that will support progress, while providing appropriate controls over those practices that should be forestalled or constrained by appropriate consent.

To that end, the paper proposes the following principles:

Use anonymized data when practical.  Anonymizing personal information decreases the risks that personally identifiable information will be used for unauthorized, malicious, or otherwise harmful purposes.  Although there is always some risk of Re-Identification, when data sets are anonymized and stored properly, re-identification is no easy task.

Respect the context in which personally identifiable information is collected.  Managing consumer expectations is a good first step; however, respect for context should not focus solely on what individuals “reasonably” expect.  There may be unexpected new uses that turn out to be valuable societal advances or important new ways to use a product or service.  Rigidly and narrowly specifying context could trap knowledge that is available and critical to progress. Finding a balance may require more sophisticated privacy impact assessments that can analyze the impact of risks or harms and assess the potential benefits for individuals and society.

Be transparent about data use.  Organizations making decisions that affect individuals should, whenever feasible, disclose the high-level criteria used when making those decisions.  This will help insure that factors – such as a user’s ethnicity, sexual orientation, and political preferences – are not factored into a company’s determinations when they would be irrelevant or unduly discriminatory.

Automate accountability mechanisms.  Automated accountability mechanisms could monitor data usage and determine whether the uses comply with machine readable policies.

Develop Codes of Conduct.  Self-regulatory codes of conduct will be the most effective means to honor these preferences and others in the rapidly evolving landscape of the Internet of Things.  Codes of conduct could establish frameworks that enable individuals to associate usage preferences with their connected devices.

Provide individuals with reasonable access to personally identifiable information.  This will likely enhance consumer engagement with and support of the Internet of Things.

FPF has worked on a number of projects related to the Internet of Things and is looking forward to tomorrow’s workshop.

Comments

Posted On
Nov 19, 2013
Posted By
Ruby Zefo

Thanks for posting the whitepaper — I entirely agree on the difficulty of applying FIPPs to IoT. Further, some of these devices are proving challenging in the enterprise environment (she says, as she beta tests a new wearable compute device).
Cheers!
~Ruby

Posted On
Nov 20, 2013
Posted By
Amedeo Maturo Senra

Hi,
Very interesting initiative.
Thansk,
Amedeo Maturo Senra

Leave a Reply


Privacy Calendar

Jan
26
Mon
8:30 am Privacy as a Profit Center: Leve... @ Old Slip by Convene
Privacy as a Profit Center: Leve... @ Old Slip by Convene
Jan 26 @ 8:30 am – Jan 27 @ 4:15 pm
Learn how those on the leading edge of privacy governance and digital innovation from companies including Cigna, Cisco Systems, eBay Inc. Public Policy Lab, FocusMotion,Ghostery, Goodyear Tire & Rubber Company, Google, HP Enterprise Security Products, JPMorgan[...]
Jan
28
Wed
all-day Data Privacy Day
Data Privacy Day
Jan 28 – Jan 29 all-day
“Data Privacy Day began in the United States and Canada in January 2008, as an extension of the Data Protection Day celebration in Europe. The Day commemorates the 1981 signing of Convention 108, the first[...]
Mar
4
Wed
all-day Global Privacy Summit 2015
Global Privacy Summit 2015
Mar 4 – Mar 6 all-day
For more information, click here.
Mar
10
Tue
6:00 pm CDT Annual Dinner “TechProm” 2015
CDT Annual Dinner “TechProm” 2015
Mar 10 @ 6:00 pm – 9:00 pm
Featuring the most influential minds of the tech policy world, CDT’s annual dinner, TechProm, highlights the issues your organization will be facing in the future and provides the networking opportunities that can help you tackle[...]
Mar
13
Fri
all-day BCLT Privacy Law Forum
BCLT Privacy Law Forum
Mar 13 all-day
This program will feature leading academics and practitioners discussing the latest developments in privacy law. UC Berkeley Law faculty and conference panelists will discuss cutting-edge scholarship and explore ‘real world’ privacy law problems. Click here[...]
May
27
Wed
all-day PL&B’s Asia-Pacific Roundtable (...
PL&B’s Asia-Pacific Roundtable (...
May 27 all-day
PROFESSOR GRAHAM GREENLEAF, Asia-Pacific Editor, Privacy Laws & Business International Report, will lead a roundtable on the countries of most interest to business in the Asia-Pacific region. Click here for more information.
Jul
6
Mon
all-day PL&B’s 28th Annual International...
PL&B’s 28th Annual International...
Jul 6 – Jul 8 all-day
The Privacy Laws & Business 27th Annual International Conference featured more than 40 speakers and chairs from many countries over 3 intensive days. At the world’s longest running independent international privacy event participants gained professionally by[...]

View Calendar