Executive Summary

Why Privacy is important and why its relevance is crucial to the Internet of things

A EU project called Virt-EU focusing on Internet of things (IoT) has identified three main ethical implications of the use of IoT: (1) lack of personal data privacy (2) lack of data security (3) data being monetized without fair compensation. This matter because IoT describes the incorporation of intelligent objects in citizen’s daily life, such as smart watches, that can track and store data on their behavior. When addressing these implications, the challenge is to balance corporation’s economic growth created by citizen’ data and the citizen’s data privacy and security. The project therefore argues for a solution that is composed in collaboration with several stakeholders, including corporation, legislators, citizens and the academic community.

One argument comes from the scientific community who recommend corporations to adopt an “ethical design” in their products that by design secures the user’s data security and privacy. The aim is to contextualize new technological designs taking into consideration, the ethical, legal, economical and technical aspects of smart objects both addressing users and companies producing them. However, the project argues for legal measures to implement such ethical design if corporation are unwilling to comply. Legislations remains a very effective tool to secure the rights of citizens and can be necessary. The challenge is in this regard is to create awareness of the ethical implications of IoT, so it becomes an agenda among the politicians of EU.

Privacy Law is unprepared

It is a challenge to protect user’s privacy when using IoT devices because of the ease of identifying personal information. Even if the data does not include name, address or other obvious information, it would be relatively easy to re-identify the person. Assuming you are using a smartphone or wearing a health tracking device, someone can easily determine your identity, simply based on the data they retrieve from sensors installed in smart phones or the devices. The reason is straightforward: each of us has a unique characteristic like the style of walking and where we walk.

Research suggests that anonymization of IoT data is extremely difficult to achieve, and to re-identify user’s information is far easier than expected. Researchers at MIT recently analyzed data from 1.5 million cell-phone users in Europe over fifteen months. They found that it was relatively easy to extract complete location information about the individual from an anonymized dataset. Due to the fact that advances in computer science makes it possible to attack and identify supposedly ‘anonymized’ databases.

Privacy do not catch the interest of authorities. Corporate counsel, regulators, and legislators have yet to face the reality that Internet of Things user’s private data may all be identifiable. In short, privacy law— is unprepared for the threats created by the IoT. To address this issue, a set of regulations should be prepared.

Some researchers suggest that we should distinguish information of user interacting with IoT to personal identifiable information and other data that is presumed not to reveal identity. This way, we can clearly identify which data that should be protected by rules, through a radical re-working of current laws and practices.

Conclusions

Overall legislation is very effective tool to secure the rights of citizens that is necessary to avoid big privacy breaches that could harm the users. This executive summary calls to action on legislators, corporations and the academic community to create awareness of the ethical implications of IoT, so it becomes an agenda among the politicians of EU. The take away is that we as citizens need to keep momentum in demanding awareness on this near future challenge now before it is to late.