Internet of Things: privacy and security implications
On November 19, 2013 the U.S. Federal Trade Commission held a workshop in Washington DC to examine the privacy and security implications created by the growing connectivity of devices for communication with each other and with people (the Internet of Things, or “IoT”). This phenomenon affects consumers both in the home (home automation, smart home appliances and connected devices) and when they are on the move (including health and fitness devices, personal devices, or cars).
The European Commission has also spent time on this subject in a public consultation, the conclusions of which were unveiled in February 2013 together with the work done by the Group of Experts on the Internet of Things appointed by the Commission itself.
The Group of Experts has examined the potential privacy, data protection and security risks that may be created by IoT technologies, depending on the critical nature of the circumstances affecting each application or system in which these technologies are rolled out. As far as the Group of Experts is concerned, the risks depend on the context and the situation, and on the functions performed by the connected devices (for instance, health monitoring devices, geolocation or smart network devices). Moreover, the complexity is growing if we consider that IoT systems can be updated digitally, meaning that they can acquire hitherto unforeseen functionalities for which they were not designed originally, going on to capture new types of data and/or for purposes different from those envisaged initially.
The concern not only lies in access to sensitive data, but also in the possibility that technological problems or hacking may cause systems operation failures or disruptions that may even lead to personal injury or damage to critical physical infrastructure.
This analysis by the European and U.S. authorities of the risks that may arise in IoT environments is fundamental for defining public policy on the Internet of Things.
Garrigues Technology & Outsourcing Department
