Ever more objects are becoming smart; smart Barbies, smart bras and even smart surveillance drones in school playgrounds. These objects connect to the internet and use intelligent software in the cloud to tailor services to consumers. Smart dolls can respond to children’s conversations, and smart bras advise us about our activity patterns and calories burned. That also means that smart devices continuously gather information from very personal environments, which raises fundamental questions about the safeguarding of privacy in an Internet of Things era.
This exploratory study aims to inform policy-makers in the Netherlands about privacy protection in the Internet of Things, by mapping the views of stakeholders in Silicon Valley.
Eskens, S., Timmer, J., Kool, L., and Est, R. van, Beyond control. Exploratory study on the discourse in Silicon Valley about consumer privacy in the Internet of Things, Rathenau Instituut, Den Haag 2016
The idea of the Internet of Things has been around for a long time. Today, it seems to be making its way to the consumer market. Based on our consultations with stakeholders, we can conclude that we are still at the early stages of this development, but expectations regarding its potential growth are high. Stakeholders point out that it is evident that when the Internet of Things comes into full bloom, data streams will start to permeate everyday life to an unprecedented degree. This raises questions about whether existing ways of protecting privacy will be sufficient for the Internet of Things.
The stakeholders consulted for this study conceptualise privacy in terms of control over personal data. Their main concern is that in the Internet of Things, users will lose control, and they are starting to recognise that this ‘control paradigm’ has its limits when it comes to respecting consumers’ privacy in the Internet of Things. It places the burden of control over privacy largely in the hands of the consumer, while at the same time it becomes more difficult for the consumer to remain in control. With the arrival of the Internet of Things, stakeholders are searching for new concepts and solutions, such as trust-based approaches and the improvement of software liability and consumer protection oversight. These approaches are beginning to shift the burden of privacy control from the consumer to companies offering Internet of Things services, and to supervisory authorities with strong oversight of these companies. Such approaches are already common for the development of traditional products (think, for example, of safety guidelines for Barbies, televisions and cars). Considering the (practical) limits of control for consumers in the Internet of Things, the Rathenau Instituut believes that similar approaches are needed for Internet of Things services, without the burden of control being placed solely upon the consumers. Concepts like trust, shared responsibility and accountability are essential to such approaches.
However, the privacy concerns of stakeholders are not limited to loss of control. The Internet of Things also impacts upon more value-laden aspects of privacy such as autonomy and self-realisation, for example through detailed profiling and possibilities for persuasion. Consider the smart TV, where the idea of control over data does not take into account the effects of the smart TV’s monitoring on other family members and on the unhindered development of their own identities. It is therefore important to include the safeguarding of autonomy, personality development and human dignity in the search for new approaches to the protection of privacy in the Internet of Things.