We all know there’s an explosion in machines and devices being connected to the Internet. Gartner estimates that 4.9 Billion devices or things were Internet connected in 2015, and projects that number to grow to almost 21 billion by 2020.
We are at the point where connected devices will outnumber the population on the planet by next year. Besides fearing (or welcoming) that we may be approaching the Singularity that Ray Kurzweil has long predicted, we may have reasons to fear (or welcome) the Tsunami of persona; data being collected by these smart and sometimes not so smart devices.
In consumer devices, the explosion in Smartphone use generates a trove of data – where we go, what we eat, who we communicate with and how, how fast we get somewhere, what we take pictures of, what we like and dislike, and much more. In fitness wearables and smartwatches, our heart rate, amount of exercise, sleep time, and other information is collected. In cars, data is (or can be) collected on speed, braking, location, g forces exerted around curves, driving habits, and much more. In the home, intelligent thermostats, lights, cameras, devices, and sensors collect data that can tell much about what you do and when you do it.
Combine all this information with big -data analytics in the cloud, and the amount of information that can be gleaned about our health, lifestyle, and activities is staggering. The technology, as is typical, far outstrips the law’s ability to protect how this data might be used. The amount of data, the sheer number of devices that generate it, and the multitude of applications that crunch it also makes it difficult to guarantee the security of it. This creates some very real issues with how this data can and should be used.
In connected cars, do we know how much data is being aggregated on our driving habits? Cars have enough computing power and sensors to collect all this data. As they increasingly get connected to the Internet, our driving habits can be analyzed. What if this is provided to insurance companies? What if this data is provided to law enforcement? Could we get traffic violations without ever being caught by a real cop? We’re not there yet, but there are battles already forming over data generated by automobiles, how it will be accessed, who will own it, and how it can be used. While consumers may understand all the great applications that can come of it, like semi autonomous and ultimately autonomous driving, and better understanding of road and traffic conditions to avoid and perhaps eliminate accidents – the data could also be used for things that we may not like.
In wearables, innovation is proceeding at a frantic pace. A June 2015 study found that from 2010 to 2015, over 41,000 patents were granted around wearable technology. In health and wellness, wearables are seen by many as the power of technology to fix some of the ills of modern society, encouraging us to move more, tracking our sleep, temperature, monitoring glucose levels and heart rate, and using all this data to help us lead healthier lives. Microsoft’s Band, for example, incorporates galvanic skin response sensors, similar to those used in lie detectors. Austin based digital agency T-3 created a Tinder app concept for the Apple Watch that selects potential matches by measuring your heart rate when looking at the pictures – no need to swipe left or right. Combining all this data in the right applications could make inferences about our mood and energy level, predicting issues with productivity or even relationships. At CES earlier this month, the first Bluetooth-connected pregnancy test debuted, with its own app of course. The capability of smart devices being able to track almost every aspect of our lives is not science fiction – it’s happening.
In the health arena, HIPAA regulations create strict rules around the sharing of health information. There is a fair amount of discussion around whether devices like Fitbit violate HIPAA rules. HIPAA has not really kept up setting rules around the wealth of biometric data available from wearables or connected EKG monitors. While the health area is a big one, thermostats, appliances, and beacons in retail stores are also collecting information as well.
Last year, the Federal Trade Commission (FTC) published a paper on IoT and consumer data privacy. It noted many issues that can affect privacy, and focused on four areas that will need constant monitoring and improvement: security, data minimization, notice, and choice.
Many apps say they use “bank grade security and encryption” for your data, but in reality, do users know what that means and what it entails at the data center? How many times do we see an app asking for access to your smartphone camera, contacts, location and other data when perhaps you’re just trying to track your steps for fitness? Or sometimes these permissions are buried in a click through approval of an end user agreement that’s necessary to activate a device or app. Data minimization refers to reducing the amount of data collected to only what’s necessary for that application – for privacy reasons – including deleting older data. The report did note that minimization might affect innovation. How? Collecting extra information that perhaps doesn’t have a specific need in the present may help in correlation with other data in a future application. Collecting larger data sets over time can also yield greater insights – potentially translating into better applications and products for consumers. Finally, notice and choice are about informing the consumer about what data they are willing to share, how much, and being able to opt in or opt out.
While everyone agrees on the need for security with collected data, there is no standard that everyone adheres to.
What are your thoughts on how our information is shared through our devices and the cloud? Do you see any more potential areas that will be at risk with our growing use of technology? Let us know in a comment below, we’d love to keep the conversation going.