EurActiv reports on European regulators’ discussion of the “Internet of Things,” which is a computerized network of physical objects. Sensors and data storage devices embedded in objects interact with Web services in the IOT. One example: An IOT networked refrigerator could notify an owner when food spoils, when there are manufacturer recalls or when there are sales of food. (For more on privacy and the IOT, see a Center for Democracy and Technology report that I consulted on and contributed to, “Building the Digital Out-Of-Home Privacy Infrastructure.”
In a world of ubiquitous smart tags, a fridge, for example, would be able to alert the nearest supermarket when a household runs out of eggs. A blind man would be able to ‘see again’ as he safely walks along a tag-filled street with his trusty chip-reader showing him the way. Old people could be reminded of when they need to take their medicine and hospitals could access patients’ historical health data, helping doctors to make tailor-made treatments.
Potential problems also lie ahead, with privacy protection the first among these. “When a smart tag tells me when and where I have forgotten my key in my house, I’m happy with that. But if it tells me that the key is under my neighbour’s bed, there’s a privacy issue,” explained Jaap-Henk Hoepman, a senior scientist at Dutch research organisation TNO ICT.
Indeed, tag-related risks go much further than this and include identity theft, profiling and fraud. Scaremongers warn of the looming advent of a massive surveillance system.
To avoid such dangers, clear and easily applicable rules are necessary, said EU Data Protection Supervisor Peter Hustinx. Speaking at the conference, he dropped two keywords: privacy by design and privacy by default.
‘Privacy by design’ means that smart objects have to be made in a way that favours data protection, for instance with embedded protection systems. This is not always the case today.
With privacy by default, Hustinx referred to services which protect users’ private data without them having to specifically ask for it. With such a system in place, only people who are voluntarily interested in sharing their data with other people – like private companies, public authorities or strangers – can ask for the barriers to be taken down.