Executive Summary

Why Privacy is important and why its relevance is crucial to the Internet of things

A EU project called Virt-EU focusing on Internet of things (IoT) has identified three main ethical implications of the use of IoT: (1) lack of personal data privacy (2) lack of data security (3) data being monetized without fair compensation. This matter because IoT describes the incorporation of intelligent objects in citizen’s daily life, such as smart watches, that can track and store data on their behavior. When addressing these implications, the challenge is to balance corporation’s economic growth created by citizen’ data and the citizen’s data privacy and security. The project therefore argues for a solution that is composed in collaboration with several stakeholders, including corporation, legislators, citizens and the academic community.

One argument comes from the scientific community who recommend corporations to adopt an “ethical design” in their products that by design secures the user’s data security and privacy. The aim is to contextualize new technological designs taking into consideration, the ethical, legal, economical and technical aspects of smart objects both addressing users and companies producing them. However, the project argues for legal measures to implement such ethical design if corporation are unwilling to comply. Legislations remains a very effective tool to secure the rights of citizens and can be necessary. The challenge is in this regard is to create awareness of the ethical implications of IoT, so it becomes an agenda among the politicians of EU.

Privacy Law is unprepared

It is a challenge to protect user’s privacy when using IoT devices because of the ease of identifying personal information. Even if the data does not include name, address or other obvious information, it would be relatively easy to re-identify the person. Assuming you are using a smartphone or wearing a health tracking device, someone can easily determine your identity, simply based on the data they retrieve from sensors installed in smart phones or the devices. The reason is straightforward: each of us has a unique characteristic like the style of walking and where we walk.

Research suggests that anonymization of IoT data is extremely difficult to achieve, and to re-identify user’s information is far easier than expected. Researchers at MIT recently analyzed data from 1.5 million cell-phone users in Europe over fifteen months. They found that it was relatively easy to extract complete location information about the individual from an anonymized dataset. Due to the fact that advances in computer science makes it possible to attack and identify supposedly ‘anonymized’ databases.

Privacy do not catch the interest of authorities. Corporate counsel, regulators, and legislators have yet to face the reality that Internet of Things user’s private data may all be identifiable. In short, privacy law— is unprepared for the threats created by the IoT. To address this issue, a set of regulations should be prepared.

Some researchers suggest that we should distinguish information of user interacting with IoT to personal identifiable information and other data that is presumed not to reveal identity. This way, we can clearly identify which data that should be protected by rules, through a radical re-working of current laws and practices.


Overall legislation is very effective tool to secure the rights of citizens that is necessary to avoid big privacy breaches that could harm the users. This executive summary calls to action on legislators, corporations and the academic community to create awareness of the ethical implications of IoT, so it becomes an agenda among the politicians of EU. The take away is that we as citizens need to keep momentum in demanding awareness on this near future challenge now before it is to late.





The paper, introduces the concept of Ethical Design with the aim of empowering the user in the interaction with the Internet of Things (IoT). The paper raises the main challenges in the evolution of the Internet towards the IoT.  The challenges are to ensure that the personal data of individuals are protected no matter where or what form of processing is undertaken. According to the author the concept of privacy today should be revisited, as the amount of collected data from the IoT will be too difficult to control—and the complexity becomes even higher when attempting to determine which data are personal and which are not. However, the authors present their solution to the problem, the software Seckit, that enables users to decide what data that is made from them. Lastly the paper describes the potential implementation of the Ethical design concept.

All in all, the paper is build up by an introduction to the problem followed by a possible solution and ending with how this solution could be implemented into IoT devices. The paper bases its findings from many different research articles. Ex. (White House 2012), Weber (2015), (Weinberg et al. 2015; Article 29 Working Party 2014), Privacy Enhancing Technologies (PET) and the application of Privacy Enhancing Measures (PEM) remain limited (Cave et al. 2011), Nissenbaum (2015), And many more.

Select points of critique for the author to consider

 How does the author move from one idea to another? Are the transitions between the ideas effective?

I like the construction of the paper, it makes sense as there is an introduction to the problem, a possible solution and an implementation of the solution. The author does a good job introducing each section by letting the reader know what the next section is about and more importantly refers to earlier sections in the paper and external scientific papers for the reader that wants to delve more into the subject.

What is the intention of the text – teach, share knowledge, entertain?
I suggest that it could have been stated more clearly in the abstract whom this paper is intended for.