Internet of Things industry questioned by privacy regulator!

The Internet of Things (IoT) is becoming exponentially reviewed by regulators.  After the report from the Italian telecom regulator (AgCom), the Italian privacy authority just launched a consultation seeking inputs from the industry on how to regulate the IoT.

I had discussed in this blog post about the report issued by AgCom on the Internet of Things which raised considerable issues in terms of telecom compliance including whether or not B2C operators need to hold a telecom license in addition to the license held by the telecom operator.

As to the privacy issues relating to the Internet of Things, the European privacy regulators had already touched such issue in the past in the opinion of the Article 29 Working Party on the matter that we had covered the matter in this blog post.  And the issue had been tackled also by the US regulators in the recommendations of the Federal Trade Commission on the Internet of Things covered in this blog post.  Also, I had touched the data protection issues affecting the IoT as a whole as well as wearable technologies, eHealth, connected carsdrones and smart homes that are all part of the Internet of Things in previous posts.

The Internet of Things privacy consultation

The Italian data protection authority (the Garante) decided to launch a consultation to obtain a feedback from the market and identify potential issues in relation to:

  • The level of transparency of the information communicated to individuals whose personal data is processed through IoT technologies, the purposes for which the data is processed and the term of storage of collected data also in order to ensure that a valid consent is given;
  • The types of personal data that are processed, the reliability of such data with reference in particular to the health related data and the type of monitoring of data that often occurs without a full knowledge by the individuals;
  • The security of processed data with reference also to the communications to third parties, their improper usage and the loss of personal data also taking into account the number of entities involved, the volume of data collected and the usage of radio communications that can be vulnerable.
  • The need to put in place a privacy by design approach as outlined in the ENISA Report to ensure privacy compliance of an IoT apparatus;
  • The cryptography techniques used in relation to the data communicated through the different IoT devices;
  • The modalities of processing of personal data also in relation to the usage of anonymization techniques as outlined this blog post;
  • The models of business implemented also in relation to the interoperability of the platforms, the portability of the information and the standards put in place to ensure that users have a full control of their personal data and the ways they are used;
  • The potential certifications to be adopted also at the international level as well as protocols of authentication or mutual recognition.

What is the industry asked for and what are the deadlines?

The players of the IoT market are requested by the data protection authority to provide their feedback on the modalities in which the above mentioned principles can be adopted in an Internet of Things environment with reference in particular to

  • The profiling activities of the users occurring also without their knowledge;
  • The necessity to provide transparent information to users also for the purposes of obtaining a valid consent to the data processing;
  • The risks related to the possible monitoring of the data as well as the security measures implemented;
  • The applicability of a privacy by design approach;
  • The business models used by the industry;
  • The standardization aspects; and
  •  The potential usage of certifications.

This consultation will be crucial to identify solutions aimed at ensuring privacy compliance of Internet of Things devices according to modalities that preserve their efficiency and economic value.

The consultation is now closed an the contribution submitted by IoTItaly is available here.

@GiulioCoraggio

Advertisements

One thought on “Internet of Things industry questioned by privacy regulator!

  1. Thanks for posting this article. This is becoming a really interesting issue, with a balance to be found between an individual’s right to privacy, and the common social good the IoT could potentially bring. I think it will be a fun few years as we work through the the issues and solution processes and architectures.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s