Data is often described as “the new oil”, which implies its newfound value in modern society. With the emergent increase of new technologies, and thus more data, large companies can gain almost unlimited access to knowledge about the citizens’ preferences, habits and whereabouts. This is happening without the individual being aware of what exactly the companies knows about them, as the data collection is happening in non-transparent terms, which makes data handling an ethical issue. This report will propose the importance of making the data collection happen in more transparent terms, where the power will be given back to the individual – a responsibility that lies on the large companies, as they are the ones producing the software, which collects the data. As there is so much data which is used worldwide, this journal argues that one law cannot satisfy all stakeholders – instead the way of handling data and privacy issues should be to make individual privacy settings possible for the individual.
The interconnection between technologies is referred to as the Internet of Things (IoT). This implies that all technologies are connected and can exchange data, eg. the smartphone can be connected to the car. This creates great possibilities and efficiency for the individual. Imagine finding a destination on your smartphone, then go to your car and connect it to your phone, so it can show the way on the car’s’ GPS. Furthermore, you want to listen to the new album you just added to your Spotify account on the computer; so you play it from your phone, which is connected to the car’s audio via bluetooth.
Findings related to consent policy show a clear lack of specification and consistency, making them hard to understand and locate. For example, IoT devices such as fitness watches and home electricity devices lack a keyboard or touchscreen, which means that it cannot ‘ask’ for user consent. The user must actively search for the consent form online, which studies show, is extremely difficult to find. Furthermore, the ambiguous language used in consent forms makes it tough for users to know exactly what they are accepting. Lastly, the policies omit important aspects as well as being inconsistent in access, modification and deletion rights for the user.
Drifting away in the possibilities of IoT, one may forget the fact that it has not been engineered to actually protect data security. Yet another crucial finding within this project, is the issue of the vulnerabilities of these IoT devices to hacking and other security breaches. What has been discovered is that there often exists a trade-off between battery efficiency and device security, from the manufacturers perspective. This absence of thinking about security can lead to new ways of attack, data being breached, stolen and compromised. What IoT does, is merely to turn everyday life objects into an information security target, while distributing those targets far more widely than the current version of the Internet – thus enhancing the risks of security.
Intrusion on privacy has been recognized as yet another interrelated challenge with IoT. The issue originates in different things, such as the user being unaware of the quantity and detail of gathered data and the extensive profiling capabilities of the ever more data that is generated by IoT. The Smart Home, as an example, is a home made up by a variety of consumer sensor devices, including thermostats, internet, television, energy management, security etc., all generating piles of data that can be assembled, further analyzed, and reveal specific aspects of habits, behaviors and preferences about the people living there. Gathered data that is considered very sensitive. The challenge of privacy is also bound in the users’ lack of control over their data. This is especially clear when third-party monitors are used, as they may not even ensure the data to be used for the original purpose(s).
Privacy and security policies within the IoT network, needs to be up to date and clear to users. This is not only in the best interest of the user but also the enterprises offering IoT devices, who avoid lawsuits and complaints by satisfying privacy and security needs through a clear and concise policy framework. Organizations, who fail to meet needs and demands in an increasingly digitized and technological future, will become outdated and redundant.
Since the ethics surrounding the IoT are so diverse and cannot be specified universally for everyone, a simple law on data-policies cannot work. This journal tries to propose a way to allow users to take control of their own privacy and security measures. Every user should be able to judge for themselves what type of data should and should not be shared. In order for this to work, companies need to be transparent in their handling of data and enhanced education for users, especially those who are not as computer affine as the younger generation, is required to make educated decisions about their policies. SecKit, an implementation of said framework, is an initial advancement in the field which allows users to use pre-existing policies or completely customize their own.