Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

FTC chief gives startups warning over Internet of Things privacy

John E Dunn | Jan. 9, 2015
Meanwhile, UK firms worry about the General Data Protection Directive

Wearables and the Internet of Things might be hot sectors on the floor of the floor of the CES Show in Las Vegas, but FTC head Edith Ramirez has issued a sharp reminder to tech firms not to get carried away and ignore security and privacy concerns that might cause problems down the line.

In a well-trailed speech promoting a forthcoming FTC report on the topic, Ramirez underlined the risks of rushing to build a new generation of products that captured a lot of sensitive personal data without necessarily being well secured.

"In the not-too-distant future, many, if not most, aspects of our everyday lives will be digitally observed and stored. That data trove will contain a wealth of revealing information that, when patched together, will present a deeply personal and startlingly complete picture of each of us," she said.

This would attract criminals, something compounded by the sheer number of devices that could be attacked in the home and beyond with the arrival of the Internet of Things.

It was essential for firms developing products in this area - especially startups focused on buiilding market presence - to ponder the risks to privacy that such data collection would create.

"I question the notion that we must put sensitive consumer data at risk on the off chance a company might someday discover a valuable use for the information," Ramirez said.

There were also questions about how data would be used in the absence of clear consent.

"Will this information be used to paint a picture of you that you won't see but that others will?," she said before sending a clear warning that firms should not over-step the mark.

"Reasonable limits on data collection and data retention is the first line of defence for consumer privacy," she said.

Exactly what such limits should be and how they can be defined remain unclear in the US where such debates quickly become ideological.

For UK organisations, meanwhile, the soon-to-be-finalised EU General Data Protection Directive (GDPR) is the sort of legal regime that could in time set a de facto benchmark for behaviour across the globe. This will undoubtedly have some effects on the way Internet of Things technologies are deployed because it demands clear consent, good user controls and transparency and a rationale for collecting date in the first place.

In October, EU Commissioner Andrus Ansip criticised the US for eroding the current Safe Harbour agreements, underscoring the perception that the US has gone soft on privacy.

Estimates about the number of IoT devices range up to 5 billion being lit up during 2015, the success of which will be influenced by the ability of vendors to do a better job of securing them than they have done with current designs such as PCs, routers and mobile devices.

 

Sign up for CIO Asia eNewsletters.