NEWS8 January 2015

US regulator warns of risk of ‘ubiquitous data collection’

News North America

US — The rise of the Internet of Things (IoT) and the associated collection of huge volumes of data poses a risk to privacy warned Edith Ramirez, chair of the Federal Trade Commission, in her speech to the Consumer Electronics Show (CES) in Las Vegas.


While acknowledging that the IoT had the potential to transform people’s lives and citing predictions of there being 25 billion connected devices in the world by the end of this year, she pointed to three specific privacy challenges as a result.

“The first is the ubiquitous collection of personal information, habits, location, and physical condition over time. That data trove will contain a wealth of revealing information that, when patched together, will present a deeply personal and startlingly complete picture of each of us – including our financial circumstances, our health, our religious preferences, and our family and friends,” she said.

“Connected devices are effectively allowing companies to digitally monitor our otherwise private activities.”

Ramirez questioned whether that data would be used solely to provide services to consumers. “Or will the information flowing in from our smart cars, smart devices and smart cities swell the ocean of ‘big data’ which could allow information to be used in ways that are inconsistent with consumers’ expectations or relationship with a company?”

Taking a broader view of the potential societal impact of using all this data she said companies must think hard about these broader questions before continuing down the path of pervasive data collection. “As businesses use the vast troves of data generated by connected devices to segment consumers to determine what products are marketed to them, the prices they are charged, and the level of customer service they receive, will it exacerbate existing socio-economic disparities?” she asked.

Her final privacy challenge centred on the security risks associated with IoT data.

“Any device connected to the internet is at risk of being hijacked. Inadequate security on IoT devices could enable intruders to access and misuse personal information collected and transmitted by the device. The risks that unauthorised access create intensify as we adopt more devices linked to our physical safety, such as our cars, medical care, and homes,” she added.

Ramirez urged companies that collect personal information to follow “the principle of data minimisation”, to collect only data needed for specific purposes and then to safely dispose of it afterwards.