Executive summary by Alexcecilie

Data is often described as “the new oil”, which implies its newfound value in modern society. With the emergent increase of new technologies and thus more data, large companies can gain almost unlimited access to knowledge about the citizens’ preferences, habits, and whereabouts. This is happening without individual citizen participation as the data collection is happening in non-transparent terms, which makes data handling an ethical issue. This report will propose the importance of making the data collection happen in more plain terms, where the power will be given back to the individual – a responsibility placed on large organizations, as they are the ones producing the software, which collects the data. As there is so much data which is used worldwide, this report argues that one law cannot satisfy all stakeholders – instead, the way of handling data and privacy issues should be to make individual privacy settings possible.

The interconnection between technologies is referred to as the Internet of Things (IoT). This implies that all technologies are connected and can exchange data, e.g. the smartphone can be connected to the car. This creates great possibilities and efficiency for the individual. Imagine finding a destination on your smartphone, then go to your car and connect it to your phone, so it can show the way on the car’s’ GPS.

Findings related to consent policy show a clear lack of specification and consistency, making them hard to understand and locate. For example, IoT devices such as fitness watches and home electricity devices lack a keyboard or touchscreen, which means that it cannot ‘ask’ for user consent. The user must actively search for the consent form online, which studies show, is extremely difficult to find. Furthermore, the ambiguous language used in consent forms makes it tough for users to know exactly what they are accepting. Lastly, the policies are inconsistent in access, modification and deletion rights for the user.

Drifting away in the possibilities of IoT, one may forget the fact that it has not been engineered to actually protect data security. Yet another crucial finding within this project is the issue of the vulnerabilities of these IoT devices to hacking and other security breaches. What has been discovered is that there often exists a trade-off between battery efficiency and device security, from the manufacturers perspective. This absence of thinking about security can lead to new ways of attack, data being breached, stolen and compromised. What IoT does, is merely to turn everyday life objects into an information security target, while distributing those targets far more widely than the current version of the Internet – thus enhancing the risks of security.

Intrusion on privacy has been recognized as yet another interrelated challenge with IoT. The issue originates in different things, such as the user being unaware of the quantity and detail of gathered data, and the extensive profiling capabilities of the ever more data that is generated by IoT. The Smart Home as an example, is a home made up of a variety of consumer sensor devices, including thermostats, internet, television, energy management, security etc., all generating piles of data that can be assembled, further analyzed, and reveal specific aspects of habits, behaviors and preferences of the people living there. Gathered data that is considered very sensitive. The challenge of privacy is also bound in the users’ lack of control over their data. This is especially clear when third-party monitors are used, as they may not even ensure the data to be used for the original purpose(s).

Privacy and security policies within the IoT network needs to be up to date and clear to users. This is not only in the best interest of the user but also the enterprises offering IoT devices, who avoid lawsuits and complaints by satisfying privacy and security needs through a clear and concise policy framework.  Organizations, who fail to meet needs and demands in an increasingly digitized and technological future, will become outdated and redundant.

With the ethics surrounding IoT, tailor-made solutions are the best way to integrate privacy regulations into companies as well as to the individual citizen. The report proposes a way to allow users to take control of their own privacy measures. Every user should judge for themselves what type of data should and should not be shared. For this to work, companies need to be transparent in their handling of data and enhance education for users. Especially those who are not as computer affine as the younger generation are required to make well-informed decisions about their privacy settings. An initial advancement in privacy policy framework, SecKit, offers a software program, which allows users to use pre-existing policies or completely customize their own.




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s