More Related Content Similar to Internet of Things Software SIG (20) Internet of Things Software SIG1. The Challenge of ‘Things’ and Consumer
Privacy: Building Trust in an Age of complexity
Pat Walshe, Cambridge Wireless Software SIG,
14 November 2013
© GSMA 2013
Restricted - Confidential Information
© GSM Association 2013
All GSMA meetings are conducted in full compliance with the
GSMA’s anti-trust compliance policy
6. European Commission: Trust is key
“
We cannot have a policy or create the impression that the Internet
of Things would create a an Orwellian world …. Our goal, and our
commitment, should be to create a vision that focuses on providing
real value for people ……
…. we cannot innovate in a bubble if citizens are not coming
along for the journey. So we need an ethical and legal framework
that enjoys broad support …
Technology and service developers should actively embrace this as a
corner stone of the Internet of Things. This is your future market and
your future customers need to be able to trust it.
”
Neelie Kroes Vice-President of the European Commission responsible for the Digital Agenda
http://ec.europa.eu/information_society/newsroom/cf/itemlongdetail.cfm?item_id=7008
© GSMA 2013
9. Consumer IoT experience: contextualising privacy
http://estimote.com
iBeacons: Bluetooth low energy indoor location tracking, targeting,
check-in
© GSMA 2013
10. IoT increased scale & complexity challenges privacy &
security
Some key characteristics:
globally distributed, hyper-connected and ubiquitous networks and
devices
architectured for collection and sharing of data by default
devices and users are broadcasters of data by default
sensor enabled environments (and sensor driven decision making)
automated multiparty data sharing across borders in real time
new data categories
behaviourally rich and contextualised data
increase use of predictive analytics
fragmented standards and approaches to privacy
poor privacy and security user experiences
from little to BIG data
© GSMA 2013
12. Challenges of law in IoT: designing for usable privacy &
security
definitions of what is and what is not ‘personal data’
transparency
notice
consent
data minimisation
purposes limitation
security
right to know
right to delete
right to obtain a copy
restrictions on cross border flows of data
© GSMA 2013
13. Towards Usable Privacy and Security – designing for
trustworthiness
Signalling trustworthiness by
communicating the intent behind the IoT device/service (data uses,
m2m use, value)
simplifying and making intuitive the user experience
–
contextualised notice and choice mechanisms
–
dashboards - transparency and permissioning over data and
security
–
adopting industry Codes and/or Privacy/Security Seals
ensuring security of devices, connections, services and data
–
identity and authentication
–
integrity and availability of service/data
–
interoperable standards
Responsible data use
Use of privacy enhancing approaches to data analytics – anonymity
an unlinkability
Adopting accountability framework
© GSMA 2013
14. Draft EU Data Protection Regulation: Coding for law assisting usability and trust?
Article 13(a) Standardised information
policies to provide notice:
(a) whether personal data are collected beyond
the minimum necessary for each specific
purpose of the processing;
(b) whether personal data are retained beyond
the minimum necessary for each specific
purpose of the processing;
(c) whether personal data are processed for
purposes other than the purposes for which
they were collected;
(d) whether personal data are disseminated to
commercial third parties; e) whether personal
data are sold or rented out;
(f) whether personal data are retained in
encrypted form.
http://www.janalbrecht.eu/fileadmin/material/Dokumente/DPR-Regulation-inofficial-consolidated-LIBE.pdf
© GSMA 2013
15. GSMA: Mobile Privacy Principles
1. Openness, Transparency and Notice
2. Purpose & Use
3. User Choice and Control
4. Data Minimisation and Retention
5. Respect User Rights
6. Security
6. Education
7. Children & Adolescents
8. Accountability and Enforcement
© GSMA 2013
16. Privacy Design Guidelines for app development
•
Express principles in functional terms
•
Provide Best Practice for Apps
•
Illustrative examples and use cases
•
Foster a ‘privacy by design’ approach
•
Include modules on:
•
•
Mobile advertising
•
Children
•
© GSMA 2013
Location
Social networking
16