The EU’s Article 29 Working Party on the Protection of Individuals with regard to the Processing of Personal Data has released “Opinion 8/2014 on the on Recent Developments on the Internet of Things” (Working Party pdf; archive pdf). We’ve discussed before the “Internet of Things,” which is a computerized network of physical objects. In IoT, sensors and data storage devices embedded in objects interact with Web services. (For more on privacy and the IoT, see a Center for Democracy and Technology report that I consulted on and contributed to, “Building the Digital Out-Of-Home Privacy Infrastructure.”) The Working Party writes in its summary:
The Internet of Things (IoT) is on the threshold of integration into the lives of European citizens. The viability of many projects in the IoT still remains to be confirmed but “smart things” are being made available which monitor and communicate with our homes, cars, work environment and physical activities. Already today, connected devices successfully meet the needs of EU citizens on the large-scale markets of quantified self and domotics. The IoT thus hold significant prospects of growth for a great number of innovating and creative EU companies, whether big or small, which operate on these markets.
The WP29 is keen that such expectations are met, in the interests of both citizens and industry in the EU. Yet, these expected benefits must also respect the many privacy and security challenges which can be associated with the IoT. Many questions arise around the vulnerability of these devices, often deployed outside a traditional IT structure and lacking sufficient security built into them. Data losses, infection by malware, but also unauthorized access to personal data, intrusive use of wearable devices, or unlawful surveillance are as many risks that stakeholders in the IoT must address to attract prospective end-users of their products or services. Read more »