The usual response to identity problems like fraud has been to pile on more identity. On the Internet now we have too much identity! Too much identifiable data seeps out of everything we do online. But in the Internet of Things, Personal Information may pour from everything we do, period. Do we need every new appliance to have its own privacy policy? It depends on whether networked devices are working for their buyers or their vendors. Here we’ll look at how smart devices are smart enough to control data flows and protect their users’ identity and privacy.

1. Rationing Identity in the
Internet of Things
Cloud Identity Summit 2015, La Jolla
© CONSTELLATION RESEARCH, INC. 2010 – 2015 ALL RIGHTS RESERVED
Steve Wilson @Steve_Lockstep
Vice President & Principal Analyst

2. A data torrent is building
© CONSTELLATION RESEARCH, INC. 2010 – 2015 ALL RIGHTS RESERVED 2
• Today data is leaking all across
cyberspace
• And we aint seen nothin yet!
• Ray Kurzweil predicts cars will
soon generate data at 1GB/sec
• Torrents of data are core to IoT
• How much will be personal?
• Regulators are concerned.
“Tracking & Hacking” Senator Ed Markey
http://www.markey.senate.gov/imo/media/doc/2015-02-
06_MarkeyReport-Tracking_Hacking_CarSecurity%202.pdf

3. For every device a policy
• In Feb 2015, people noticed that the new
Samsung smart TV with voice operated
remote control had a privacy policy:
“Please be aware that if your spoken words include personal
or other sensitive information, that information will be among
the data captured and transmitted to a third party”
• The TV transmits speech to an outsourced
bureau for processing and analysis.
© CONSTELLATION RESEARCH, INC. 2010 – 2015 ALL RIGHTS RESERVED 3

4. For every device a policy
So your TV now has a Privacy Policy.
Your electric car has a privacy policy
(Tesla collects your radio listening history).
Your thermostat has a privacy policy ...
© CONSTELLATION RESEARCH, INC. 2010 – 2015 ALL RIGHTS RESERVED 4

5. 5

6. 6
Yes, your kid’s doll now has a Privacy Policy.
© CONSTELLATION RESEARCH, INC. 2010 – 2015 ALL RIGHTS RESERVED

7. Is Consent broken?
• Can consent work for IoT privacy?
• Some say consent can’t work online at all
• Consent has been given a bad name by
cynical exercises like Facebook’s Data Usage
Policy, which they claimed provided consent
for the infamous 2014 Mood Study.
http://www.forbes.com/sites/kashmirhill/2014/06/28/facebook-
manipulated-689003-users-emotions-for-science/
© CONSTELLATION RESEARCH, INC. 2010 – 2015 ALL RIGHTS RESERVED 7

8. Is Consent broken?
8
Data Use PolicyDateof Last Revision: November 15, 2013
I. Information we receive and how it is used
Information we receive about you
Wereceive a number of different types of information about you, including:
Your information
Your information is theinformation that'srequired when you sign up for thesite, as well as theinformation
you chooseto share.
• Registration information: When you sign up for Facebook, you arerequired to provideinformation
such as your name, email address, birthday, and gender. In somecases, you may beable to
register using other information, likeyour telephonenumber.
• Information you choose to share: Your information also includes theinformationyou chooseto
shareon Facebook, such as when you post a status update, upload a photo, or comment on a
friend's story.
It also includes theinformation you chooseto sharewhen you communicatewith us, suchas when you
contact us using an email address, or when you takean action, such as when you add a friend, like a Page
or a website, add a place to your story, useour contact importers, or indicateyou arein a relationship.
Your name, profile pictures, cover photos, gender, networks, usernameand User IDare treated just like
information youchooseto makepublic.
Your birthday allows us to do things likeshow you age-appropriatecontent and advertisements.
Information others share about you
Wereceive information about youfrom your friends and others, such as when they upload your contact
information, post a photoof you, tag you in a photo or status update, or at a location, or add you to a
group.
When peopleuseFacebook, they may storeand shareinformation aboutyouand others thatthey have,
such as when they upload and managetheir invites and contacts.
Other information we receive about you
Wealso receive other types of information aboutyou:
• Wereceive data about you whenever youuseor arerunning Facebook, such as when you look at
another person's timeline, send or receivea message, search for a friend or a Page, click on, view
or otherwiseinteract with things, usea Facebook mobileapp, or makepurchases through
Facebook.
• When you postthings likephotosor videos onFacebook, wemay receive additional related data (or
metadata), such as thetime, date, and place you took thephotoor video.
• Wereceive data from or about thecomputer, mobilephone, or other devices you useto install
Facebook apps or to access Facebook, including when multipleusers log in from thesamedevice.
This may includenetwork and communication information, such as your IP address or mobile
phonenumber, and other informationaboutthings likeyour internet service, operating system,
location, thetype(including identifiers) of thedeviceor browser you use, or thepages you visit. For
example, we may get your GPS or other location information sowecan tell you if any of your
friends are nearby, or we could request deviceinformation to improvehow our apps work onyour
device.
• Wereceive data whenever you visit a game, application, or websitethat uses Facebook Platform or
visit a sitewith a Facebook feature(such as a social plugin), sometimes through cookies. This may
includethedateand timeyou visit thesite; theweb address, or URL, you'reon; technical
information abouttheIP address, browser and theoperating system you use; and, if you arelogged
in to Facebook, your User ID.
• Sometimes weget data from our affiliates or our advertising partners, customers and other third
parties that helps us (or them) deliver ads, understand onlineactivity, and generally make
Facebook better. For example, an advertiser may tell us information aboutyou(likehow you
responded to an ad on Facebook or on another site) in order to measuretheeffectiveness of - and
improvethequality of - ads.
As described in "How weusetheinformation wereceive" we also put together data from theinformation
wealready have about you, your friends, and others, so wecan offer and suggest a variety of services and
features. For example, we may makefriend suggestions, pick stories for your News Feed, or suggest people
to tag in photos. Wemay put together your current city with GPS and other location informationwehave
about you to, for example, tell you and your friends about peopleor events nearby, or offer deals to you in
which you might beinterested. Wemay also put together data about you to serveyouads or other content
that might bemorerelevant to you.
When we get your GPS location, weput it together with other location information wehaveabout you
(likeyour current city). But we only keep it until it is no longer useful to provideyou services, likekeeping
your last GPS coordinates to sendyourelevant notifications.
We only providedata to our advertising partners or customers after wehaveremoved your nameand any
other personally identifying information from it, or havecombined it with other people's data in a way that
it no longer personally identifies you.
Public information
When weusethephrase"public information"(which wesometimes refer to as "Everyoneinformation"),
wemean theinformation you chooseto makepublic, as well as information that is always publicly
available.
Information youchooseto makepublic
Choosing to makeyour information public is exactly what it soundslike: anyone, including peopleoff
Facebook, will beable to see it. Learn more.
Choosing to makeyour information public also means that thisinformation:
can be associated with you (i.e., your name, profile pictures, cover photos, timeline, User ID, username,
etc.) even off Facebook;
can show up when someonedoes a search on Facebook or on a public search engine;
will be accessible to theFacebook-integrated games, applications, and websites you and your friends use;
and
will be accessible to anyonewho uses our APIs such as our Graph API.
Sometimes youwill not beableto select an audience when you post something (likewhen you writeon a
Page's wall or comment on a news article that uses our comments plugin). This is becausesometypes of
stories arealways public stories. As a general rule, you should assumethatif you do not seea sharing icon,
theinformation will bepublicly available.
When others shareinformation about you, theycan also chooseto makeit public.
Information that is always publicly available
Thetypes of information listed below arealways publicly available, and they are treated just like
information youdecided to makepublic:
• Name: This helps your friends and family find you. If you are uncomfortablesharing your real
name, you can always delete your account.
• ProfilePictures and Cover Photos:Thesehelp your friends and family recognizeyou. If you are
uncomfortablemaking any of thesephotos public, you can always deletethem. Unless you delete
them, when you add a new profilepictureor cover photo, thepreviousphoto will remain public in
your profilepictureor cover photo album.
• Networks:This helps you seewho youwill besharing information with beforeyou choose"Friends
and Networks"as a custom audience. If you are uncomfortablemaking your network public, you
canleave thenetwork.
• Gender: This allows us to refer to you properly.
• Usernameand User ID: These allow you to giveout a custom link to your timelineor Page, receive
email at your Facebook email address, and help make Facebook Platform possible.
We may enable access to public information that has been shared throughour services.
We may allow service providers to access information so they can help us provideservices.
We are able to suggest that your friend tag you in a picture by scanning and comparing your friend's
pictures to informationwe'veput together from your profilepictures and theother photos in which you've
been tagged. If this feature is enabled for you, you can control whether wesuggest that another user tag
you in a photo using the“Timelineand Tagging” settings. Learn more
at:https://www.facebook.com/help/tag-suggestions
Deleting and deactivating your account
If you want to stopusing your account, you can either deactivateor deleteit.
Deactivate
Deactivating your account puts your account on hold. Other users will no longer see your timeline, but we
do not deleteany of your information. Deactivating an account is thesameas you telling us not to delete
any information becauseyou might wantto reactivateyour account at somepointin thefuture. You can
deactivateyour account at: https://www.facebook.com/settings?tab=security
Your friends will still see you listed in their list of friends whileyour account is deactivated.
Deletion
When you deleteyour account, it is permanently deleted from Facebook. It typically takes aboutonemonth
to deletean account, but someinformation may remain in backup copies and logs for up to 90 days. You
should onlydeleteyour account if you aresureyou never want to reactivateit. You can delete your account
at: https://www.facebook.com/help/contact.php?show_form=delete_account
Learn moreat: https://www.facebook.com/help/?faq=356107851084108
Certain information is needed to provideyou with services, so weonly deletethis information after you
deleteyour account. Someof thethings you do on Facebookaren’t stored in your account, likeposting to a
group or sending someonea message(whereyour friend may still have a message you sent, even after you
deleteyour account). That information remains after you deleteyour account.
II. Sharing and finding you on Facebook
Control each timeyou post
Whenever you postcontent (likea status update, photoor check-in), you can select a specific audience, or
even customizeyour audience. To do this, simply click on thesharing icon and choosewho can seeit.
Choosethis icon if you want to makesomething Public. Choosing to makesomething public is exactly what
it sounds like. It means that anyone, including peopleoff Facebook, will beable to seeor access it.
Choosethis icon if you want to sharewith your Facebook Friends.
Choosethis icon if you want to Customizeyour audience. You can also usethis to hideyour story from
specific people.
If you tag someone, that person and their friends can see your story no matter what audienceyou selected.
Thesame is true when you approvea tag someoneelseadds to your story.
Always think beforeyou post. Justlikeanything elseyou post ontheweb or send in an email, information
you shareon Facebook can becopied or re-shared by anyonewho can seeit.
Although you choosewithwhomyoushare, theremay beways for others to determineinformation about
you. For example, if you hideyour birthday so noonecan seeit on your timeline, but friends post “happy
birthday!” on your timeline, peoplemay determineyour birthday.
When you comment on or "like" someoneelse's story, or writeon their timeline, that person gets to select
theaudience. For example, if a friend posts a Public story and you comment on it, your commentwill be
Public. Often, you can see theaudience someoneselected for their story beforeyou post a comment;
however, theperson who posted thestorymay later changetheir audience. So, if you comment on a story,
and thestory’s audiencechanges, thenew audiencecan see your comment.
You can control who can seetheFacebook Pages you've"liked" by visiting your timeline, clicking on the
Likes box on your timeline, and then clicking "Edit."
Sometimes you will not seea sharing icon when you post something (likewhen you writeon a Page's wall
or comment on a news article that uses our comments plugin). This is becausesometypes of stories are
always public stories. As a general rule, you should assumethatif you do not seea sharing icon, the
information will bepublicly available.
Control over your timeline
Whenever you add things to your timelineyou can select a specific audience, or even customizeyour
audience. To do this, simply click on thesharing icon and choosewho can seeit.
Choosethis icon if you want to makesomething Public. Choosing to makesomething public is exactly what
it sounds like. It means that anyone, including peopleoff Facebook, will beable to seeor access it.
Choosethis icon if you want to sharewith your Facebook Friends.
Choosethis icon if you want to Customizeyour audience. You can also usethis to hidetheitem on your
timelinefrom specific people.
When you select an audiencefor your friend list, you are only controlling who can seetheentirelist of your
friends on your timeline. Wecall this a timelinevisibility control. This is becauseyour friend list is always
available to thegames, applications and websites you use, and your friendships may bevisibleelsewhere
(such as on your friends' timelines or in searches). For example, if you select "Only Me" as theaudiencefor
your friend list, but your friend sets her friend list to "Public," anyonewill beable to see your connection on
your friend's timeline.
Similarly, if you chooseto hideyour gender, it only hides it on your timeline. This is becausewe, just like
theapplications you and your friends use, need to useyour gender to refer to you properly on thesite.
When someonetags you in a story (such as a photo, status updateor check-in), you can choosewhether you
want that storyto appear on your timeline. You can either approveeach story individually or approveall
stories by your friends. If you approvea story and later changeyour mind, you can removeit from your
timeline.
When you hidethings on your timeline, likeposts or connections, it means thosethings will not appear on
your timeline. But, remember, anyonein theaudience of thoseposts or who can seea connection may still
seeit elsewhere, like on someoneelse's timelineor in search results. You can also delete your posts or
changetheaudience of content you post, which means youcan removepeoplefrom or add peopleto the
audienceof thecontent.
Peopleon Facebook may beable to see mutual friends, even if they cannot seeyour entirelist of friends.
Somethings (likeyour name, profile pictures and cover photos) do not havesharing icons becausethey
are always publicly available. As a general rule, you should assumethat if you do notseea sharing icon, the
information will bepublicly available.
Finding you on Facebook
To makeit easier for your friends to find you, weallow anyonewith your contact information(such as
email address or telephonenumber) to find you throughtheFacebooksearch bar at thetop of most pages,
as well as other tools weprovide, such as contact importers - even if you havenot shared your contact
information with them on Facebook.
You can choosewho can look up your timelineusing theemail address or telephonenumber you added to
your timelinethrough your Privacy Settings. But remember that peoplecan still find you or a link to your
timelineon Facebook through other peopleand thethings they shareabout you or through other posts, like
if you are tagged in a friend's photo or post something to a public page.
Your settings do not control whether peoplecan find you or a link to your timelinewhen they search for
content they havepermissionto see, likea photo or other storyin which you’vebeen tagged.
Access on phones and other devices
Once you shareinformation with your friends and others, they may beableto sync it with or access it via
their mobilephones and other devices. For example, if you sharea photo on Facebook, someoneviewing
that photo could saveit using Facebook toolsor by other methods offered by their deviceor browser.
Similarly, if you shareyour contact information withsomeoneor invitesomeoneto an event, they may be
ableto useFacebook or third party applications or devices to sync thatinformation. Or, if one of your
friends has a Facebook application on oneof their devices, your information (suchas thethings youpostor
photosyoushare) may bestored on or accessed by their device.
You should only shareinformation withpeopleyou trust becausethey will beable to saveit or re-share it
with others, including when they sync theinformation toa device.
Activity log
Your activity log is a place where you can go to view most of your information on Facebook, including
things you’vehidden from your timeline. You can usethis log to manage your content. For example, you
can do things likedelete stories, changetheaudience of your stories or stop an application from publishing
to your timelineon your behalf.
When you hidesomething from your timeline, you arenot deleting it. This means that thestory may be
visibleelsewhere, like in your friends’ News Feed. If you want to deletea story you posted, choosethe
deleteoption.
What your friends and others shareaboutyou
Links and Tags
Anyonecan add a link to a story. Links are references to something on theInternet; anything from a
websiteto a Page or timelineon Facebook. For example, if you are writing a story, you might includea link
to a blog you are referencing or a link to theblogger’s Facebook timeline. If someoneclicks on a link to
another person’s timeline, they’ll only seethethings that they areallowed to see.
A tag is a special typeof link to someone’s timelinethat suggests that thetagged person add your story to
their timeline. In cases where thetagged person isn’t included in theaudienceof thestory, it will add them
so they can seeit. Anyonecan tag you in anything. Onceyou are tagged, you and your friends will beable
to seeit (such as in News Feed or in search).
You can choosewhether a story you'vebeen tagged in appears on your timeline. You can either approve
each story individually or approveall stories by your friends. If you approvea story and later changeyour
mind, you can always removeit from your timeline.
If you do not want someoneto tag you, weencourageyou to reach out to them and givethem that
feedback. If that does not work, you can block them. This will prevent them from tagging you going
forward.
Social reporting is a way for peopleto quickly and easily ask for help from someonethey trust. Learn
moreat: https://www.facebook.com/note.php?note_id=196124227075034&__adt=3&__att=iframe
If you are linked to in a privatespace (such as a message or a group) only thepeoplewho can see the
privatespacecan see thelink. Similarly, if you are linked to a comment, only thepeoplewho can seethe
comment can seethelink.
Other information
As described in the"what your friends and others shareabout you"sectionof this policy, your friends and
others may shareinformation aboutyou. They may sharephotos or other informationaboutyouand tag
you in their posts. If you do notlikea particular post, tell them or report thepost.
Groups
Once you are in a Group, anyonein that Group can add you to a subgroup. When someoneadds youto a
Group, you will belisted as “invited” until you visit theGroup. You can always leave a Group, which will
prevent others from adding you toit again.
Pages
Facebook Pages are public pages. Companies usePages to share information about their products.
Celebrities usePages to talk about their latest projects. And communities usePages to discuss topics of
interest, everything from baseball to theopera.
BecausePages are public, information you sharewith a Page is public information. This means, for
example, that if you post a comment on a Page, that comment may beused by thePageowner off
Facebook, and anyonecan seeit.
When you "like" a Page, you create a connection to that Page. Theconnection is added to your timelineand
your friends may seeit in their News Feeds. You may be contacted by or receive updates from thePage,
such as in your News Feed and your messages. You can removethePages you've"liked" through your
timelineor on thePage.
SomePages contain content that comes directly from thePageowner. Page owners can do this through
online plugins, such as an iframe, and it works just likethegames and other applications you usethrough
Facebook. Becausethis content comes directly from thePageowner, that Pagemay be able to collect
information aboutyou, justlikeany website.
Page administrators may haveaccess to insights data, which will tell them generally about thepeoplethat
visit their Page(as opposed to information aboutspecific people). They may also know when you’vemadea
connection to their Pagebecauseyou’veliked their Page or posted a comment.
To control who can see theFacebook Pages you'veliked, visit our Help Center.
III. Other websites and applications
About FacebookPlatform
Facebook Platform (or simply Platform) refers to theway we help you shareyour information with the
games, applications, and websites youand your friends use. FacebookPlatform also lets youbring your
friends with you, so you can connect withthem off Facebook. In thesetwo ways, FacebookPlatform helps
you makeyour experiences on theweb morepersonalized and social.
Remember that thesegames, applications and websites arecreated and maintained by other businesses
and developers who arenot part of, or controlled by, Facebook, so youshould always makesureto read
their terms of service and privacy policies to understand how they treat your data.
Controlling what informationyousharewith applications
When you connect witha game, application or website - such as by going to a game, logging in to a website
using your Facebook account, or adding an app to your timeline - we give thegame, application, or website
(sometimes referred to as just "applications"or "apps") your basic info (wesometimes call this your "public
profile"), which includes your User IDand your public information. Wealso give them your friends' User IDs
(also called your friend list) as part of your basic info.
Your friend list helps theapplication makeyour experience more social because it lets you find your friends
on that application. Your User IDhelps theapplication personalizeyour experiencebecauseit can connect
your account on that application withyour Facebookaccount, and it can access your basic info, which
includes your public information and friend list. This includes theinformationyouchooseto makepublic, as
well as information that is always publicly available. If theapplication needs additional information, suchas
your stories, photosor likes, it will have to ask you for specific permission.
The“Apps” setting lets you control theapplicationsyouuse. You can seethepermissions youhavegiven
theseapplications, thelast timean application accessed your information, and theaudienceon Facebook
for timelinestories and activity theapplication postson your behalf. You can also removeapplications you
no longer want, or turn off all Platform applications. When you turnall Platform applications off, your User
ID is no longer given to applications, even when your friends usethoseapplications. But you will no longer
beable to useany games, applications or websites through Facebook.
When you first visit an app, Facebook lets theapp know your language, your country, and whether you are
in an age group, for instance, under 18, between 18-20, or 21 and over. Agerange lets apps provideyou
with age-appropriatecontent. If you install theapp, it can access, storeand updatetheinformation you’ve
shared. Apps you’veinstalled can updatetheir records of your basic info, age range, language and country.
If you haven’t used an app in a while, you should consider removing it. Onceyou removean app, it won’t be
ableto continueto updatetheadditional information you’vegiven them permission to access, but it may
still hold theinformation you havealready shared. You always can contact theapp directly and request that
they deleteyour data. Learn more at:https://www.facebook.com/help/how-apps-work
Sometimes a game console, mobilephone, or other devicemight ask for permission to sharespecific
information with thegames and applications youuseon that device. If you say okay, thoseapplicationswill
not beableto access any other information about you withoutasking specific permission from you or your
friends.
Sites and apps that useInstant Personalization receiveyour User ID and friend list when you visit them.
You always can removeapps you’veinstalled by using your app settings at:
https://www.facebook.com/settings/?tab=applications. But remember, apps may still beableto access your
information when thepeopleyou sharewith usethem. And, if you’veremoved an application and want it to
deletetheinformation you’vealready shared with it, you shouldcontact theapplication. Visitthe
application’s pageon Facebook or its own websiteto learn moreabout theapp. For example, Apps may
havereasons (e.g. legal obligations) to retain somedata that you sharewith them.
Controlling what is shared when thepeopleyou sharewith useapplications
Just likewhen you shareinformation by email or elsewhereon theweb, information you shareon Facebook
can be re-shared. This means that if you sharesomething on Facebook, anyonewho can seeit can shareit
with others, including thegames, applications, and websitesthey use.
Information wereceiveabout you, including financial transaction data related to purchases madewith
Facebook, may beaccessed, processed and retained for an extended period of time when it is thesubject of
a legal request or obligation, governmental investigation, or investigationsconcerning possibleviolationsof
our terms or policies, or otherwiseto prevent harm. Wealso may retain information from accounts
disabled for violations of our terms for at least a year to prevent repeat abuseor other violations of our
terms..
Access requests
You can access and correct most of your personal data stored by Facebookby logging into your account and
viewing your timelineand activity log. You can also download a copy of your personal data by visiting your
“Settings” (General Account Settings page), clicking on “Download a copy of your Facebook data” and then
clicking on thelink for your expanded archive. Learn more
at:https://www.facebook.com/help/?faq=226281544049399
Notifications and Other Messages
Wemay send you notificationsand other messages using thecontact informationwehavefor you, likeyour
email address. You can control most of thenotificationsyoureceive, including ones from Pages you like
and applications you use, using controls weprovide, such as a control included in theemail you receive or
in your “Notifications” settings.
Friend Finder
Weoffer tools to help you upload your friends' contact informationso thatyouand others can find friends
on Facebook, and invitefriends who do not useFacebook tojoin, and so wecan offer you and others better
experiences on Facebook through suggestions and other customized experiences. If you do not want us to
storethis information, visitthis help page
at:https://www.facebook.com/contact_importer/remove_uploads.php.
If you giveus your password, wewill deleteit after you upload your friends' contact information.
Invitations
When you invitea friend to join Facebook, wesend a message on your behalf using your name, and we may
also includenames and pictures of other peopleyour friend might know on Facebook. We'll also send a few
reminders to thoseyouinvite, buttheinvitationwill also giveyour friend theopportunityto optoutof
receiving other invitationsto join Facebook.
Memorializing accounts
Wemay memorialize theaccount of a deceased person. When wememorialize an account, wekeep the
timelineon Facebook, but limit access and somefeatures. You can report a deceased person's timelineat:
https://www.facebook.com/help/contact.php?show_form=deceased
Wealso may closean account if we receive a formal request that satisfies certain criteria.
Affiliates
Wemay share information wereceive with businesses that arelegally part of thesame group of
companies that Facebookis part of, or that becomepart of that group (often thesecompanies arecalled
affiliates). Likewise, our affiliates may share information with us as well. This sharing is donein compliance
with applicablelaws including wheresuch applicablelaws require consent. Weand our affiliates may use
shared information to help provide, understand, and improveour services and their own services.
ServiceProviders
Wegive your information to thepeopleand companies thathelp us provide, understandand improvethe
services weoffer. For example, we may useoutsidevendorsto help host our website, servephotos and
videos, process payments, analyze data, conductand publishresearch, measuretheeffectiveness of ads, or
providesearch results. In somecases weprovidetheservicejointly with another company, such as the
Facebook Marketplace. In all of thesecases our partners must agree to only useyour information
consistent withtheagreement weenter into with them, as well as this Data UsePolicy.
Security and bugs
Wedo our best to keep your information secure, but weneed your help. For moredetailed information
about staying safeon Facebook, visit theFacebook SecurityPage. Wetry to keep Facebook up, bug-freeand
safe, but can’t make guarantees about any part of our services or products.
Changeof Control
If theownership of our business changes, wemay transfer your information tothenew owner so they can
continueto operatetheservice. But they will still haveto honor thecommitmentswehavemadein this
Data Use Policy.
About instant personalization
Instant personalization(sometimes also referred to as "Start now") is a way for Facebook to help partners
(such as Bing and Rotten Tomatoes) on and off Facebook to createa morepersonalized and social
experience for logged in users than a social plugin can offer. When you visit a siteor app using instant
personalization, it will know someinformation aboutyou and your friends themoment you arrive. This is
becausesites and apps using instantpersonalizationcan access your User ID, your friend list, and your
public information.
Thefirst time you visit a siteor app using instant personalization, you will seea notification letting you
know that thesiteor app has partnered with Facebook to providea personalized experience.
Thenotification will give you theability to disableor turn off instant personalization for that siteor app. If
you do that, that siteor app is required to deleteall of theinformation about youit received from Facebook
as part of theinstant personalizationprogram. In addition, wewill prevent that sitefrom accessing your
information in thefuture, even when your friends usethat site.
If you decidethat you do not wantto experienceinstant personalization for all partner sites and apps, you
can disableinstant personalizationfrom the“Apps” settingspage.
If you turn off instant personalization, thesepartner third party sites and appswill not beableto access
your public information, even when your friends visitthosesites.
If you turn off an instant personalizationsiteor app after you havebeen using it or visited it a few times
(or after you havegiven it specific permission to access your data), it will not automatically delete
information aboutyouit received through Facebook. Likeall other apps, thesiteis required by our policies
to deleteinformation about you if you ask it to do so.
How it works
To join theinstant personalizationprogram, a potential partner must enter into an agreement with us
designed to protect your privacy. For example, this agreement requires that thepartner delete information
about you if you turn off instant personalization when you first visitthesiteor app. It also prevents the
partner from accessing any information about you until youor your friends visit itssite.
Instant personalizationpartners sometimes usean email hash process to seeif any of their users are on
Facebook and get thoseusers' User IDs. This process is similar to searching for someoneon Facebook using
an email address, except in this case, theemail addresses are hashed so no actual email addresses are
exchanged. The partner is also contractually required not to useyour User IDfor any purpose(other than
associating it with your account) until youor your friends visit thesite.
When you visit a siteor app using instant personalization, weprovidethesiteor app with your User IDand
your friend list (as well as your age range, locale, and gender). The siteor app can then connect your
account with your friends' accounts tomakethesiteor app instantly social. Thesitecan also access public
information associatedwith any of theUser IDs it receives, which it can useto makethem instantly
personalized. For example, if thesiteis a music site, it can access your music interests to suggestsongs you
may like, and access your friends' music interests to let you know whatthey arelistening to. Of courseit
can only access your or your friends’ music interests if they are public. If thesiteor app wants any
additional information, it will haveto get your specific permission.
Public search engines
Your public search setting controls whether peoplewho enter your nameon a public search engine may
seeyour public timeline(including in sponsored results). You can find your public search setting on the
“Privacy Settings and Tools” settings page.
This setting does not apply tosearch engines that access your informationas an application using
Facebook Platform.
If you turn your public search setting off and then search for yourself on a public search engine, you may
still seea preview of your timeline. This is becausesomesearch engines cache information for a period of
time. You can learn more about how to request a search engineto removeyou from cached information at:
https://www.facebook.com/help/?faq=13323
IV. Advertising and Facebook content
Advertising
Facebook offers a range of products that allow advertisers to reach peopleon and off Facebook. In addition
to theinformation weprovidein this section, youcan also learn more about advertising products, how they
work, our partnerships, and thecontrols youhave, by visiting our “Advertising on Facebook” page.
When wedeliver ads, we do not shareyour information (information that personally identifies you, suchas
your nameor contact information) with advertisers unless yougiveus permission. Wemay provide
advertisers with information whenwehaveremoved your nameand other personally identifying
information from it, or combined it with other informationso that it no longer personally identifies you. For
example, we may tell an advertiser how its ads perform or how many peopleviewed or clicked on their ads
or install an app after seeing an ad.
So wecan show you content that youmay find interesting, wemay useall of theinformation wereceive
about you to serveads thataremorerelevant to you. For example, this includes:
• information youprovideat registration or add to your account or timeline,
• things you shareand do on Facebook, such as what youlike, and your interactionswith
advertisements, partners, or apps,
• keywords from your stories, and
• things weinfer from your useof Facebook.
For many ads weserve, advertisers may choosetheir audienceby location, demographics, likes, keywords,
and any other information wereceiveor infer about users. Hereare someof theways advertisers may
target relevant ads:
• demographics and interests: for example, 18 to 35 year-old women who livein theUnited States
and likebasketball;
• topics or keywords:for example, “music” or peoplewho likea particular song or artist;
• Pagelikes (including topics such as products, brands, religion, health status, or political views): for
example, if you likea Page about gluten-freefood, you may receive ads about relevant food
products; or
• categories (including things like"moviegoer" or a "sci-fi fan"): for example, if a person "likes" the
"Star Trek" Page and mentions "Star Wars" when they check into a movie theater, wemay infer
that this personis likely to bea sci-fi fan and advertisers of sci-fi movies could ask us to target that
category.
In addition to delivering relevant ads, Facebook sometimes pairs ads with social context, meaning stories
about social actions that you or your friends havetaken. For example, an ad for a sushi restaurant’s
Facebook Pagemay bepaired with a News Feed story that oneof your friends likes that Page.
Wealso sometimes servethesesametypes of ads on other sites or may servejust thesocial context (such
as with ads served by others), so that theads aremorerelevant to you. Just likeany other content you
shareon Facebook, only peoplewho you’realready sharing with on Facebook would seeit when it is paired
with an ad. We also allow advertisers to reach peopleon Facebook using theinformationthey already have
about you (suchas email addresses or whether you havevisited their websitespreviously). You can learn
moreabout ads, social context, and our partnerships, including therelevant settings and controlsavailable
to you, by visiting theAdvertising on Facebook page.
If an advertiser chooses to run ads, weservetheads to peoplewho meet criteria theadvertiser selects.
So, if someoneviews or otherwiseinteracts with thead, theadvertiser might assumethatthepersonmeets
thecriteria they selected (for example, that theperson is an 18-to-35-year-old woman who lives in theU.S.
and likes basketball). Werequire advertisers to comply with our Advertising Guidelines, including provisions
relating to theuseof sensitivedata.
Advertisers and their partners sometimes usecookies or other similar technologies in order to serveand
measureads and to maketheir ads moreeffective. Learn moreabout cookies, pixels and similar
technologies.
When you post a story on Facebook and an advertiser sponsorsit, nothing changes abouttheaudienceof
thepost. Only thepeoplewho could originally seethepost (thepeopleyoushared it with) areeligible to
seeit.
Facebook content
Welike to tell you about someof thefeatures and tools your friends and others useon Facebook, to help
you havea better experience. For example, if your friend uses our friend finder tool to find morefriends on
Facebook, wemay tell you about it to encourageyou to useit as well. This of coursemeans your friend may
similarly see suggestions based onthethingsyoudo. But wewill try to only show it to friends that could
benefit from your experience.
Your friends and theother peopleyou shareinformation with oftenwant to shareyour information with
applications to maketheir experiences on thoseapplications morepersonalized and social. For example,
oneof your friends might want to usea music application that allows them to seewhat their friends are
listening to. To get thefull benefit of that application, your friend would want to givetheapplication her
friend list – which includes your User ID – so theapplication knows which of her friends is also using it. Your
friend might also want to sharethemusic you “like” on Facebook. If you havemadethat information
public, then theapplication can access it just likeanyoneelse. But if you’veshared your likes with just your
friends, theapplication could ask your friend for permission to sharethem.
You can control most of theinformation other peoplecan sharewith applications theyusefrom the“App”
settings page. But thesecontrols do not let you limit access to your public informationand friend list.
If you want to completely block applicationsfrom getting your informationwhen your friends and others
usethem, you will need to turn off all Platform applications. This means that you will no longer beable to
useany third-party Facebook-integrated games, applications or websites.
If an application asks permissionfrom someoneelseto access your information, theapplicationwill be
allowed to usethat information only in connection withthepersonthatgavethepermission, and no one
else.
For example, someapps useinformation such as your friends list, to personalizeyour experienceor show
you which of your friends usethat particular app.
Logging in to another siteusing Facebook
Facebook Platform lets youlog into other applications and websitesusing your Facebookaccount. When
you log in using Facebook, wegivethe siteyour User ID (just like when you connect with any other
application), but wedo not shareyour email address or password withthatwebsitethrough thisprocess
withoutyour permission.
If you already havean account on that website, thesitemay also beable to connect that account with your
Facebook account. Sometimesit does thisusing what is called an "email hash", which is similar to searching
for someoneon Facebook using an email address. Only theemail addresses in this caseare hashed so no
email addresses are actually shared between Facebook and thewebsite.
How it works
Thewebsitesends over a hashed version of your email address, and wematch it with a databaseof email
addresses that wehavealso hashed. If thereis a match, then we tell thewebsitetheUser ID associated
with theemail address. This way, when you log into thewebsiteusing Facebook, thewebsitecan link your
Facebook account to your accounton thatwebsite.
About social plugins
Social plugins are buttons, boxes, and stories (such as theLikebutton) thatother websitescan useto
present Facebook contentto you and createmoresocial and personal experiences for you. Whileyou view
thesebuttons, boxes, and stories on other sites, thecontentcomes directly from Facebook.
Sometimes pluginsact just likeapplications. You can spot oneof these plugins becauseit will ask you for
permission to access your informationor to publishinformationback to Facebook. For example, if you usea
registration plugin on a website, the plugin will ask your permission to shareyour basic info with the
websiteto makeit easier for you to register for thewebsite. Similarly, if you usean "Add To Timeline"
plugin, the plugin will ask for your permission to publishstories aboutyour activities on that websiteto
Facebook.
If you makesomething public using a plugin, such as posting a public comment on a newspaper's website,
then that websitecan access your comment (along with your User ID) just likeeveryoneelse.
If you post something using a social plugin and you do not seea sharing icon, you should assumethat story
is Public. For example, if you post a comment through a Facebook comment plugin ona site, your story is
Public and everyone, including thewebsite, can seeyour story.
Websites that usesocial plugins can sometimes tell that you haveengaged with thesocial plugin. For
example, they may know that youclicked on a Like button in a social plugin.
We receive data when you visit a sitewith a social plugin. We keep this data for a maximum of 90 days.
After that, weremoveyour nameand any other personally identifying information from thedata, or
combineit with other people's data in a way that it is no longer associated with you. Learn moreat:
https://www.facebook.com/help/social-plugins
V. Cookies, pixels and other similar technologies
Cookies aresmall pieces of data that are stored on your computer, mobilephoneor other device. Pixels
are small blocks of codeon webpages that do things likeallow another server to measureviewing of a
webpageand often are used in connection with cookies.
Weusetechnologies likecookies, pixels, and local storage(like on your browser or device, which is similar
to a cookiebut holds moreinformation) to provideand understanda rangeof products and services. Learn
moreat: https://www.facebook.com/help/cookies
Weusethesetechnologies to do things like:
• makeFacebook easier or faster to use;
• enablefeatures and storeinformation aboutyou(including on your deviceor in your browser
cache) and your useof Facebook;
• deliver, understand and improveadvertising;
• monitor and understand theuseof our productsand services; and
• protect you, others and Facebook.
For example, we may usethesetools to knowyou arelogged in to Facebook, to help you usesocial plugins
and sharebuttons, or to knowwhen you areinteracting with our advertising or Platform partners.
Wemay ask advertisers or other partners to serveads or services to computers, mobilephones or other
devices, which may usea cookie, pixel or other similar technology placed by Facebook or thethird party
(although wewould not shareinformation that personally identifies you with an advertiser).
Most companies ontheweb usecookies (or other similar technological tools), including our advertising and
Platform partners. For example, our Platform partners, advertisers or Page administrators may usecookies
or similar technologies when you access their apps, ads, Pages or other content.
Cookies and things likelocal storagehelp makeFacebook work, likeallowing pages to load faster because
certain content is stored on your browser or by helping us authenticateyouto deliver personalized content.
To learn moreabout how advertisers generally usecookies and thechoices advertisers provide, visit the
Network Advertising Initiativeat http://www.networkadvertising.org/managing/opt_out.asp, theDigital
Advertising Allianceat http://www.aboutads.info/, theInternet Advertising Bureau (US) at
http://www.iab.netor theInternet Advertising Bureau (EU) at http://youronlinechoices.eu/.
Refer to your browser or device's help material to learn what controls you can often useto removeor
block cookies or other similar technologies or block or removeother data stored on your computer or
device(such as by using thevarious settings in your browser). If you do this, it may affect your ability to use
Facebook or other websites and apps.
VI. Someother things you need to know
Safeharbor
Facebook complies with theU.S.-EU and U.S.-Swiss SafeHarbor frameworks as set forth by theDepartment
of Commerce regarding thecollection, use, and retention of data from theEuropean Union. To view our
certification, visit theU.S. Department of Commerce's Safe Harbor websiteat:
https://safeharbor.export.gov/list.aspx. As part of our participation in theSafeHarbor program, we agree
to resolvedisputes youhavewith us in connection with our policies and practices through TRUSTe. If you
would liketo contact TRUSTe, visit:https://feedback-form.truste.com/watchdog/request
Contact us with questionsor disputes
If you havequestions or complaints regarding our Data UsePolicy or practices, pleasecontact us by mail at
1601 Willow Road, Menlo Park, CA 94025 if you residein theU.S. or Canada, or at Facebook Ireland Ltd.,
Hanover Reach, 5-7 Hanover Quay, Dublin 2 Ireland if you liveoutsidetheU.S. or Canada. Anyonemay also
contact us through thishelp page:https://www.facebook.com/help/contact_us.php?id=173545232710000
Responding to legal requests and preventing harm
Wemay access, preserve and share your information in responseto a legal request (likea search warrant,
court order or subpoena) if wehave a good faith belief that thelaw requires us to do so. This may include
responding to legal requests from jurisdictions outsideof theUnited Stateswherewehavea good faith
belief that theresponseis required by law in that jurisdiction, affects users in that jurisdiction, and is
consistent withinternationally recognized standards. Wemay also access, preserve and share information
when wehavea good faith belief it is necessary to: detect, prevent and address fraud and other illegal
activity; to protect ourselves, youand others, including as part of investigations; or to preventdeath or
imminent bodily harm.
Usernames and User IDs
Usernames and User IDs are thesame thing – a way to identify you on Facebook. A User IDis a string of
numbers and a usernamegenerally is somevariation of your name. With your username, you get a custom
link (a Facebook URL, such as www.facebook.com/username) to your timelinethat you can giveout to
peopleor post on external websites.
If someonehas your Usernameor User ID, they can useit to access information about you through the
facebook.com website. For example, if someonehas your Username, they can type
facebook.com/Usernameinto their browser and seeyour public information as well as anything elseyou've
let them see. Similarly, someonewith your Usernameor User ID can access information about you through
our APIs, such as our Graph API. Specifically, they can access your public information, along with your age
range, language and country.
If you do not want your information tobeaccessibleto Platform applications, youcan turn off all Platform
applications from your Privacy Settings. If you turn off Platform youwill no longer beable to useany games
or other applications until youturn Platform back on. For moreinformation abouttheinformation that apps
receive when you visit them, seeOther websites and applications.
If you want to seeinformation availableabout you throughour Graph API, just type
https://graph.facebook.com/[User IDor Username]?metadata=1 into your browser.
Your Facebook email address includes your public usernamelikeso: username@facebook.com. People
can useyour Facebook email address to send you messages and anyonein a messageconversation can
reply to it.
How weusetheinformation wereceive
Weusetheinformation wereceive about you in connectionwith theservic
How we use the information we receive
• for internal operations, including troubleshooting, data
analysis, testing, research and service improvement.
The word “research” appeared twice in the 9000+ word policy, which Facebook
said was sufficient to mean users had provided consent to the experiment.
© CONSTELLAT ON RESEARCH NC 2010 – 2015 ALL R GHTS RESERVED

9. Being genuine about privacy
So we argue consent online has been set up to fail.
If a digital company really wishes to get end users’ consent for
secondary data usage, it’s not hard to ask. A Privacy Policy should
set out what PII is collected, why it is collected, how and when.
© CONSTELLATION RESEARCH, INC. 2010 – 2015 ALL RIGHTS RESERVED 9
And it’s not as if consent is
the only way to manage
privacy. Apple has made
consent rather moot, by
promising to resist the
temptation to monetise the
personal data it has. That is,
to handle data in the end
users’ interests.

10. Data flows in an Internet connected car
© CONSTELLATION RESEARCH, INC. 2010 – 2015 ALL RIGHTS RESERVED 10
Car SW
EULA!
Driver’s medical
devices?
Passenger devices
Smart Traffic Control
Smart
Billboards
Service Equipment
Other
Vehicles
CONNECTED CAR
Driver
Data flowing into the car from smart
devices will reveal details of the driver
and others. Data flowing from the car
may carry those details and other signals.
Electronic
Car Key
Biometric?
Smart
Watch?
Smart Driver
License
Digital Driver
License App

11. Why?
Innumerable parties have reasonable interests in the data from
the Internet of Cars, much of which will be overtly personal, or
otherwise identifiable, and hence will be PII.
Remember that Privacy Principles do not forbid collection of PII;
rather they require collection be reasonably necessary,
proportionate, and open.
© CONSTELLATION RESEARCH, INC. 2010 – 2015 ALL RIGHTS RESERVED 11
• Car companies
• Parts’ makers
• Mapping apps
• Geo-location services
• Service outlets
• Safety systems
• Electricity system
• DMV
• Police
• Regulators
• Parking garages
• Insurance companies
• Advertisers

12. To manage privacy in
this potentially chaotic
environment, we need to
impose some structure.

13. Stack thinking
© CONSTELLATION RESEARCH, INC. 2010 – 2015 ALL RIGHTS RESERVED 13
It is timely that the FIDO
Alliance has sought to
clarify how authentication
and physical identity may
be separated from
identity and federation.

14. Decoupling Identity
© CONSTELLATION RESEARCH, INC. 2010 – 2015 ALL RIGHTS RESERVED 14
Relationships
Identities
Attributes, Signals
Presentation
Transport
‘The Cloud Identity Summit
heard from many speakers
about the need for an identity
layer. Constellation Research
has been working on a
layered model that separates
identity from the constituent
attributes, signals, assertions
or and/claims.’
See “Identity Management
Moves from Who to What”,
Constellation Research, 2015.

15. Decoupling Identity
© CONSTELLATION RESEARCH, INC. 2010 – 2015 ALL RIGHTS RESERVED 15
Relationships
Presentation
Transport
IdentitiesIdentitiesIdentitiesIdentities
Attributes, SignalsAttributes, SignalsAttributes, SignalsAttributes, SignalsAttributes, SignalsAttributes, Signals
‘Opening #CISID15, Ping Identity
CEO Andre Durand talked about
binding the carbon to the silicon.
Solid binding is tricky, yet loose
association is all too easy, which
will lead to PII veritably gushing
from the IOT, if we are not
careful. We need to decouple
identity and devices, ideally
using the embedded crypto of
smart devices, to impart
pedigree on automatically
generated data, without giving
away our identities.’

16. © CONSTELLATION RESEARCH, INC. 2010 – 2015 ALL RIGHTS RESERVED 16
https://www.constellationr.com/
research/fido-alliance-update-track-
standard
FIDO research
Relevant to this presentation,
Constellation’s latest
instalment in a long running
research series on the FIDO
Alliance is currently available
without charge.

17. © CONSTELLATION RESEARCH, INC. 2010 – 2015 ALL RIGHTS RESERVED 17
Thank you
Steve Wilson
steve@constellationr.com
@steve_lockstep
M: +61 414 488 851