sdecoret - stock.adobe.com

Tip

IoT data privacy forces organizations to rethink data ownership

Now more than ever, providers of IoT devices and experiences play an integral role in addressing IoT data privacy issues and influencing outcomes, market forces and societal health.

Ubiquitous sensors, ever-advancing machine learning and increasingly networked devices don't just introduce more technology into the world; they force people to reassess numerous sociological issues. Three such issues -- IoT data privacy, the rise of biometric authentication and data ownership -- illustrate how technology unleashes radical implications for society.

Privacy is today's elephant in the room

Privacy is generally defined as freedom from unwanted knowledge, observation or company of others. It is also culturally and individually relative. As consumers use IoT to digitize every realm of life, including human genomes, homes, cars, schools, workplaces and cities, the very nature of how people understand, consent and safeguard IoT data privacy shifts. Not only do consumers struggle to wield any sort of inventory -- never mind control -- over personal data collected, the vast majority have no awareness or visibility into how organizations use, share, monetize and categorize such data to manipulate consumers toward revenue-generating outcomes.

The news reports on countless abuses, mishandling and breaches of personal data with disproportional effects on low-income and minority groups. IoT data privacy has become an obvious societal problem that people don't want to talk about as consumers, employees, organizations and legislators struggle to agree on rules, all viewing the problem from different angles.

Biometric authentication rises as tomorrow's method of proof

Biometric authentication, or the ability to use biological characteristics like faces, eyes or voices to authenticate and interact digitally, is booming thanks to recent advances in AI. Biometrics have an annual growth rate of 22.5%, according to a report from Research and Markets; use of biometrics is no longer just in the domain of healthcare. Across sectors, organizations use biometrics, such as ID-replacement in airports and banks or personalized device and car experiences.

How individuals exercise their rights to the data they generate has everything to do with how that data can be monetized and what consumers' roles are as economic agents.

The mass digitization, collection, sharing, centralized storage and reliance on human biometrics for commercial services will have untold ramifications. Biometrics can't be replaced or revoked the way a username or credit card number can. Biometrics are more valuable. Health data breaches went up 84% since 2010, making IoT data privacy increasingly important.

Organizations already use facial, emotional, heart and sweat-based biometrics for advertising, hiring and reputation scoring, which exacerbates issues around consent, manipulation and information asymmetry. Such capabilities can be used to surveil and prosecute at unprecedented scale, yet accuracy is still an issue, especially among minority populations. Society is already driven by big data, but implications abound as consumers scan their way into a big biometric-data-driven society.

Data ownership plays the economic fulcrum of the future

As organizations across every industry digitally transform their processes and monetization models, they face the nagging question of who owns the data. The majority of current regulatory regimes have no specification around data ownership, resulting in a widespread assumption that whatever entity collects the data owns the data.

Many consumers don't give much thought to this question today, but it will play an essential role for how economic and societal structures will function in the future. How individuals exercise their rights to the data they generate -- including biometrics, genomic, behavioral and asset -- has everything to do with how that data can be monetized and what consumers' roles are as economic agents.

GDPR personal data
Many types of personal data fall under GDPR regulation.

What are the costs when free services vacuum up and then own individual data? In the age of biometrics and increasingly intimate data collection, should individuals own their own data? With ever more viable models of digital currency and marketplace technologies emerging, should individuals be able to monetize their data and digital interactions?

Across these areas, every business should put into place three best practices:

  1. Empower end users with clear communications and controls. Consumers demand it. Articulate intended uses, offer easy-to-access choices and granular controls and ensure they are integrated across products.
  2. Lean into regulatory guidance. This includes GDPR, California Consumer Privacy Act or even those specific to health and biometric data, even if they don't yet apply. Worst case scenario, the organization is prepared and compliant when they pass, and best case scenario is they've implemented practices that increase data integrity, security, portability and reduce risks of litigation or reputational backlash.
  3. Consider areas ripe for innovation and differentiation. Privacy-enhancing technologies, such as homomorphic encryption, distributed ledgers and new methods of on-device machine learning, have emerged to manage and steward data with less reliance on centralized repositories and far more granular methods of obfuscation, provisioning and controls.

Part two of this two-part series will examine how organizations should plan for and address new interfaces, anthropomorphic machines and tech ethics.

Dig Deeper on Internet of things security

CIO
Security
Networking
Data Center
Data Management
Close