IoT data management: Establishing connected data use agreements
Connected devices continue to move into the mainstream, but they raise major IoT data management questions for both businesses and their customers.
In recent years, low cost methods of deploying remote sensors, controllers and integrated apps on mobile devices has powered the growing integration of internet-connected devices with consumer goods. The trend has contributed to the evolution of the Internet of Things (IoT) and how IoT data management is beneficial to the business world. In some cases, manufacturers are embedding IoT technology within the product, and in other situations the IoT devices are connected to existing products downstream. Another alternative is having apps installed on personal smart devices that collect and communicate data to a centralized server.
All of these types of IoT applications are designed to provide increased value to users. Some examples of these benefits are below:
Precision agriculture provides farmers with actionable intelligence regarding how crops are growing, how much water or fertilizer is required or how potential threats, such as insects, are affecting plantings. Companies like John Deere are developing self-driving tractors that use GPS guidance systems to make farming more efficient and precise. John Deere also provides a data management service that helps farmers collect and analyze data generated by the autonomous tractors.
Usage-based insurance (UBI) aligns automobile premiums with driving behaviors using in-car telecommunications devices. These devices monitor distance traveled, rates of acceleration and braking, driving speeds and use GPS to determine where the car is driven. The data is designed to help formulate risk profiles to allow the company to provide lower-cost premiums for safer drivers.
Intelligent factories are increasingly being created by manufacturing companies that retrofit line machinery with IoT connected devices. These devices monitor a variety of environmental variables, including temperature, power use, air quality, vibration and productivity. Those measurements are then sent to servers where analyses can help predict part failures, determine when to modulate production speed, or speed changeover times. This information streamlines the manufacturing process, while lowering costs and increasing margins.
These are just a few examples where the accumulation and sharing of data streamed from a multitude of IoT connected devices is intended to provide financial and productivity benefits to the consumer. At the same time, organizations integrating their products with IoT devices also benefit from this integration and its ability to analyze associated data streams.
For example, machine utilization data provides the following information:
- How products are used;
- When they are used and who is using them;
- Their efficiency, including power consumption and environmental variables such as temperature and air quality; and
- General wear and tear
Using this information, the manufacturer can analyze the data to infer knowledge that can influence future product design, or use it to drive product marketing and sales.
The obstacles to IoT data management
A manufacturer's desire to consume IoT data is understandable, but the adoption of this relatively new technology poses an additional problem: Who owns the data and is responsible for IoT data management? More to the point, who delineates the rights of use for data collected and streamed by an IoT device? To answer these questions, we need to analyze the actions of both the integrator and the user. The integrator is typically the manufacturer (if the IoT device is embedded) or the packager (such as the insurance company that provides an IoT device being integrated with an automobile). The user is the individual or organization using products with integrated IoT devices.
Usage data may provide valuable insight into user behaviors. For example, monitoring how farm equipment is used may betray competitive secrets about the farmer's business that the farmer would not want to have exposed, such as what crops are being planted and what the expected yields would be. If the user owns the data, then what rights does the integrator have to use that data? Can the user enforce protection of sensitive usage information? Conversely, if it is the company that owns the data, are there limits to how that data can be used? And to what extent is the integrator accountable for protecting user data?
Without legal precedent, one has to consider similar personal data protection scenarios. One interesting example is the restriction of using Customer Proprietary Network Information (CPNI) for marketing purposes, as delineated in the Telecommunications Act of 1996. According to the U.S. Code, CPNI is
"(A) information that relates to the quantity, technical configuration, type, destination, location, and amount of use of a telecommunications service subscribed to by any customer of a telecommunications carrier, and that is made available to the carrier by the customer solely by virtue of the carrier-customer relationship; and (B) information contained in the bills pertaining to telephone exchange service or telephone toll service received by a customer of a carrier."
This data is "usage data," but telecommunications companies (in this case, the integrator) are bound by law to not use that data for certain purposes. This scenario is similar to but does not completely mirror the IoT data management example. This is because other than getting the provided service, there is no additional user benefit provided by the CPNI data analysis.
That being said, it may be worthwhile for the integrator to propose both an ownership model and a data use agreement. For example, the agreement could state that the usage data is owned by the user but can be accessed by the integrator for a specific list of uses. In addition, the data use agreement can also delineate the integrator's responsibilities for protecting usage data and put limits on data sharing, aggregations or analyses.
We are still in the early days of navigating the compliance challenges of IoT connected devices and their associated usage data. However, one might suggest that a best practice would be to anticipate the need for clearly defined roles and responsibilities for protecting potentially sensitive data. Doing so will establish goodwill with user communities while promoting further adoption of IoT connected devices -- and the data analysis benefits they provide.