Entering the IoT Era: Is it Too Late to Save Privacy? – Georgetown Public Policy Review
We live in an increasingly interconnected world, where our embrace of digital technology continues to blur the lines between public and private. The formation of the Internet allowed people from all over the globe to get and share information, and the Internet of things is poised to further revolutionize how we communicate and interact with the world around us. The Internet of things (IoT) refers to the network of physical objects and devices that connect and exchange data with each other via the Internet. The IoT field emerged in the mid-to-late 2000s, when the number of internet connected devices per person ratio grew rapidly from 0.08 in 2003 to 1.84 in 2010. In 2020, the number of IoT compatible products surpassed the number of non-IoT products for the first time. And by 2025, it is expected that there will be more than 30 billion IoT connections and almost 4 IoT devices per person on average worldwide. These complex systems of IoT devices will benefit and assist many areas of our daily lives, but at the same time will be collecting vast amounts of personal data and pose a serious threat to privacy. As we move forward into the IoT era, developers, manufacturers, regulators, and consumers of IoT devices must work together to address these major privacy and security issues.
The very concepts of IoT and privacy have often been described as directly opposed to one another. How can the two coexist when the goal of IoT is interconnectivity and the goal of privacy is to keep things self-contained? The UN’s 1948 Universal Declaration of Human Rights states in Article 12 that “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence…” and explicitly establishes the right to privacy in one’s home, but in the age of IoT, how will this right to privacy be affected by consumer adoption of smart home technology with the capacity to record and monitor them 24/7? Already, products such as Amazon’s Alexa record audio and usage data from any connected device and Amazon stores this information indefinitely. The potential personal data recorded by IoT enabled home devices would be of enormous value to third parties. For example, a kitchen containing a smart refrigerator that helps keep an inventory and smart ovens or microwaves that can remember settings for specific recipes or foods offer remarkable convenience. But a health insurance company could use the information collected from such appliances to calculate rates based on your diet. Similarly, as IoT devices become further integrated into cars, car insurance companies will be able to use the data provided to determine your policy. In another real-world example, an employee with a company car was tracked by their manager on their lunch break and fired for attending a local strip club. The employee successfully sued for wrongful termination and argued such tracking was a violation of their privacy. In such cases, questions arise as to who ultimately owns and should have access to data recorded from IoT devices. Is it the consumer, employer, manufacturer, or will insurance companies also stake their claim?
Given the established right to privacy it is easy to argue consumers should have control over their data, especially when it is collected in their own homes, but this is not always the case. There have already been several instances of data from IoT devices being used as evidence in criminal cases. Eventually, determining what reasonable expectations of privacy in the IoT era will be left up to lawmakers. While the European Union has sought to address data privacy issues through legislation like the General Data …….