Additional Comments to the FTC about the Internet of Things


On Friday, the Future of Privacy Forum provided an additional set of comments to the FTC in the wake of the Commission’s workshop on the Internet of Things (IoT) last November.   The comments expand on FPF’s recent white paper, An Updated Privacy Paradigm for the “Internet of Things”, and address two important themes from the FTC’s workshop: (1) the importance of data security and (2) the privacy issues raised by the comprehensive collection of information.

FPF’s whitepaper explores why IoT is not well-suited to a one-size-fits all approach to consumer privacy.  The myriad types of connected devices and the varied contexts in which those devices will operate will require the implementation of flexible frameworks designed to address evolving privacy issues and consumer preferences.  The imposition of rigid or universal standards to promote privacy within IoT may harm innovation and, moreover, be ill-suited to the privacy risks and consumer preferences that ultimately emerge.

Our comments note that data security may have been the most frequently raised concern at the FTC’s workshop.  Inadequate security presents the biggest risk of actual consumer harm within IoT.  With it, bad actors will have access to all manner of connected devices, and will be able to pry into intimate spaces or perpetrate fraud or identity theft.  Company must devote adequate resources to security before and after their products reach the market.  Fortunately, companies large and small are aware of this concern and are taking steps to address it.

Another concern posed by the IoT is the ubiquitous data collection of “deeply personal” information.  Still, it must be recognized that not all connected devices will facilitate the large-scale collection of personally identifiable information.  And this issue is neither new nor unique to IoT.

FPF’s comments urge the FTC to continue its advocacy of the high-level principles of privacy by design, simplified consumer choice, and transparency while being mindful of the need for flexibility described above. High-level principles are particularly well-suited for the Internet of Things as they allow policies and procedures to be tailored to the nature of connected devices, the environments in which they are used, the purposes for which the information is used, and the evolution of consumer preferences.  Simplified consumer choice and increased transparency by industry should also be encouraged.  Industry must ensure that consumers understand how they will benefit from IoT and see that measures are in place to promote consumer privacy and security.

Again, our complete set of comments are available to read here.  Our whitepaper, An Updated Privacy Paradigm for the “Internet of Things”, is also available, as are our initial set of comments regarding the Internet of Things from May 2013.