Internet of Things is a broad term used to describe situations in which Internet connectivity and computing capabilities extend to devices, sensors, and everyday items not ordinarily considered to be computers (e.g., consumer goods, cars and trucks, industrial components, wearable health monitors, and collections of devices working together to create concepts such as “smart cities” and “smart homes”). These objects collect data from their surroundings that are then transmitted and remotely analyzed to create new insights, deliver services, and control other items.
Projections for the impact of IoT on both the Internet and the economy are impressive: as many as 100 billion connected IoT devices  and a global economic impact of more than $11 trillion by 2025 . IoT promises to provide advances in industrial automation, healthcare, energy conservation, agriculture, transportation, urban management, as well as many other sectors and applications. The potential for tremendous growth innovation, applications, and services is a testament to the open nature of the Internet’s architecture and design, which does not place limits on the kinds of devices or services that can connect to it.
At the same time, however, there remain significant challenges associated with IoT that could stand in the way of realizing its potential benefits. Some of the most pressing challenges and questions include issues of security, privacy, interoperability, and standards, as well as regulatory and rights issues, and the readiness of emerging economies to adopt it.
This brief offers an overview of key IoT issues. These same issues are discussed in greater detail in the Internet Society’s report, The Internet of Things: An Overview–Understanding the Issues and Challenges of a More Connected World.
Although interest in connected devices has surged in recent years, the concept of connecting objects and items to communications networks and the Internet is not a new one. Machine-to-machine (M2M) communications systems, which used proprietary networks rather than the Internet, became widespread in industrial settings more than 25 years ago. The first everyday items to be controlled over the Internet emerged in the early 1990s and set the stage for today’s Internet of Things.
Today, IoT represents a growing aspect of how people and institutions interact with the Internet in their personal, social, and economic lives. It may also represent a shift in how users engage with and are impacted by the Internet. For example, today’s Internet experience is largely characterized by users actively downloading and generating content through their computers and smartphones. Many IoT devices, however, are designed to operate in the background, sending and receiving data on a user’s behalf with little human intervention or even awareness; still others are designed to control objects and physical assets in the world, such as vehicles and buildings, or to monitor human behavior.
If the projections and trends about IoT become reality, we would be wise to consider the implications of a world in which the most common interaction with the Internet comes from passive engagement with connected objects, rather than active engagement with content. Governments, for example, will want to ensure that their policies keep pace with the rapidly changing environment.
Policies that promote Internet infrastructure, efficient use of wireless spectrum, data-center development, and user empowerment and choice are critical to the evolution IoT. And as the amount and nature of data collected about users and their environments shifts from IoT, privacy and data security policies should be considered that reflect the evolving technology and its potential impacts on users.
Beyond the direct infrastructure and telecommunication aspects of IoT, other policy areas may benefit from a review. IoT devices will likely touch most aspects of our lives, including devices in our homes, workplaces, schools, hospitals, and other public spaces. As such, privacy, data security, healthcare, transportation, and technology and innovation policies will likely be impacted. This kind of broad reach suggests that policy makers will need to consider the broad policy implications across a wide field of policy goals and initiatives.
While IoT is not a particularly new idea from a technical perspective, its growth and maturity will present both new benefits and new challenges that will require shifts in policy approaches and strategies.
A number of challenges need to be addressed in order to fully realize IoT’s potential benefits to individuals, societies, and economies.
> Security. While security considerations are not new in the context of information technology, the attributes of many IoT implementations present new and unique security challenges.
Manufacturers are frequently presented with economic and technical challenges when building and maintaining robust security features in IoT devices. But devices and services with weak security are vulnerable to cyber attacks and can expose user data to theft. Because an increasing number of IoT devices online increases the number of potential security vulnerabilities, this a key IoT challenge.
Ensuring lifetime security in IoT products and services must be a fundamental priority to maintain overall user trust in this technology. Users need to trust that IoT devices and related data services are secure, especially as they become more pervasive and integrated into our daily lives.
> As a matter of principle, developers and users of IoT devices and systems have a collective obligation to ensure that they do not expose users and the Internet itself to potential harm. The actions of industry, government, users, and others will contribute to the secure development, maintenance, and use of IoT devices.
The Internet Society believes that a collaborative approach to IoT security will be needed to develop effective and appropriate solutions that are well-suited to the scale and complexity of the issues.
> Privacy. The ability to collect, analyze, and transform data drives much of the value of IoT devices and services, but this data also can be used to paint detailed and invasive profiles of users. Indeed, IoT is redefining the debate about privacy issues, as many implementations can dramatically change the way data is collected, analyzed, and used.
Specifically, IoT amplifies concerns about a potential increase of surveillance and tracking, and the amount of sensitive data that can be collected by devices operating in our homes, businesses, and public environments. Sometimes these devices collect data about individuals without their knowledge or informed consent. Furthermore, while data from the devices benefit the device’s owner, the same data frequently benefit the device’s manufacturer or supplier, as well. This becomes a serious privacy consideration when the individuals who are observed by IoT devices have different privacy expectations regarding the scope and use of that data than do the data collectors.
IoT devices that collect data about people in one jurisdiction may transmit that data to another jurisdiction for data storage or processing. Challenges can arise if the data collected is deemed to be personal or sensitive and is subject to data protection laws in multiple jurisdictions.
Enabling cross-border data flows that protect privacy and promote legal certainty for users and IoT service providers will be key for promoting the global growth of IoT.
While the privacy challenges are considerable, they are not insurmountable. Strategies need to be developed that promote transparency, fairness, and user choice in data collection and handling, enhance user privacy rights and expectations across a range of preferences, and foster innovation in new technology and services.
> Interoperability and standards. Interoperability among IoT devices and data streams can encourage innovation and provide efficiencies for device manufactures and users, thereby increasing overall benefits and economic value. McKinsey Global Institute estimates that device interoperability will drive up to 40% of the potential value generated by IoT. 3
While full interoperability across products and services is not always feasible or necessary, purchasers may be hesitant to buy IoT products and services if there is integration inflexibility, high ownership complexity, walled gardens (closed platforms or ecosystems), and concern over vendor lock-in. Interoperability and standards considerations also extend to the data collected and processed by IoT services, as incompatible and proprietary data formats can present challenges for users seeking to integrate systems, have the flexibility to move to different services, or perform additional analysis on collected data. In short, a fragmented environment of proprietary technical implementations and data formats 4 will inhibit IoT value and flexibility for both users and the industry.
Today’s marketplace offers a variety of technical approaches to IoT. Some companies see strategic advantages to developing proprietary ecosystems, while others are developing their own approaches because common technologies do not yet exist. A wide range of companies, industry groups, and researchers are working on approaches that create greater IoT interoperability and standards.
The Internet Society believes that greater interoperability and the use of generic, open, voluntary, and widely available standards as technical building blocks for IoT devices and services (such as the Internet Protocol, or IP) will support greater user benefits, innovation, and economic opportunity.
> Regulatory, legal, and rights Issues. IoT amplifies and reintroduces many regulatory and legal questions. There is a danger that the rapid rate of change in IoT technology could outpace the ability of associated policy, legal, and regulatory structures to adapt.
One such issue includes the potential conflict between law enforcement surveillance and civil rights. IoT devices offer potential benefits to law enforcement, public safety, and public administration. However, they also raise potential civil and human rights concerns regarding the pervasiveness of societal monitoring, the secondary uses of data by the government, and access to data from personal IoT devices by law enforcement or as evidence in legal actions, among other challenging issues.
Further, IoT devices pose legal liability questions. One fundamental question is: If someone is harmed as a result of an IoT device’s action or inaction, who is responsible? The answer is often complicated, and in many instances there is not enough case law to support a position. Because IoT devices operate in a more complex way than stand-alone products, more complex liability scenarios need to be contemplated.
Given the broad nature of IoT regulatory and policy challenges, a collaborative governance approach to policy development that relies on input and participation by a range of stakeholders is needed for the best outcomes.
> Emerging economy and development issues. IoT holds significant promise for delivering social and economic benefits to emerging and developing economies in such areas as sustainable agriculture, water quality and use, healthcare, industrialization, climate monitoring, and environmental management.
For example, sensor networks are helping villagers and researchers in Asia and Africa improve clean-water delivery by monitoring the quality of water at its source and the performance of delivery pumps. In addition, wireless soil, weather, and livestock monitors and IoT-automated agricultural equipment have been deployed in developing regions to help farmers increase productivity.  In these ways and many others, IoT holds great promise as a tool to achieving the United Nations Sustainable Development Goals. 
Developing regions also present unique challenges related to the deployment, growth, implementation, and use of the technology. These challenges include the deployment of adequate Internet and basic communications infrastructure in rural and remote areas, incentives for investment, and local participation in the development IoT solutions. In order for the benefits of IoT to be truly global, the unique needs and challenges of implementation in less-developed regions will need to be addressed.
Given the anticipated adoption of IoT devices, its potential economic and societal benefits, and associated challenges, increased public-sector awareness of IoT technology and the importance of the issues surrounding it is essential. Governments are urged to take the following steps to accommodate and foster IoT deployment.
> Promote Internet and data-infrastructure growth. Governments should promote the expansion of both wireless and wireline infrastructure, including in rural and remote areas, and consider IoT needs for both licensed and unlicensed spectrum use. Barriers to data-center development and user-based systems for IoT data analysis, such as burdensome equipment taxes or licensing requirements, should be removed. Governments should review their existing Internet infrastructure in light of the potential increased data communication needs of IoT devices.
> Encourage IPv6 deployment. IPv6 is an enabling technology for Internet growth, and it will become even more critical as IoT drives up the number of connected devices. Governments should make IPv6 adoption a national priority and engage stakeholders in their community to encourage IPv6 rollout. 
> Encourage open, voluntary IoT standards. Employing greater interoperability and the use of open, voluntary, and widely available standards as technical building blocks for IoT devices will support greater user benefits, innovation, and economic opportunity. Governments should refrain from mandating technical approaches to IoT, and, instead, encourage industry, researchers, and other stakeholders to work together on the development of open, consensus-based standards that support interoperability.
> Adopt a collaborative, multistakeholder approach to IoT policy discussions. IoT is a challenging area for policymakers, as it is a rapidly developing environment and its technology spans many industries and uses. A collaborative governance approach, one that draws on the expertise and engagement of a wide range of stakeholders, will be needed to develop effective and appropriate solutions.  Policies should aim to promote users’ ability to connect, speak, innovate, share, choose, and trust in a manner that both promotes innovation and enables user rights.
> Encourage a collaborative approach to IoT security. The Internet Society believes that IoT security is the collective responsibility of all who develop and use IoT devices. Participants in the IoT space should adopt a collaborative approach to security among its broad, multistakeholder community by assuming responsibility, sharing best practices and lessons learned, encouraging security dialog, and emphasizing the development of flexible, shared security solutions that can adapt and evolve as threats change over time. IoT security policy should focus on empowering players to address security issues close to where they occur, rather than centralizing IoT security among a few, while also preserving the fundamental properties of the Internet and user rights. 
> Encourage responsible design practices for IoT sevices. Security-by-design and privacy-by-design practices for IoT devices should be encouraged. Whether via privacy and data protection regulation, voluntary industry self-regulation, or other incentives or policy means, IoT device developers should be encouraged to respect the end-user’s privacy and data security interests and consider those interests a core element of the product-development process. IoT system designers also should consider the full lifecycle of the IoT system to ensure obsolete devices don’t pose security risks and are compatible with responsible environmental stewardship.
The Internet of Things is an emerging topic of technical, social, and economic significance. Consumer products, durable goods, cars and trucks, industrial and utility components, sensors, and other everyday objects are being combined with Internet connectivity and powerful data analytic capabilities that promise to transform the way we work, live, and play. Projections for the impact of IoT on the Internet and economy are impressive, with some anticipating as many as 100 billion connected IoT devices and a global economic impact of more than $11 trillion by 2025.
At the same time, however, the Internet of Things raises significant challenges that could stand in the way of realizing its potential benefits. Attention-grabbing headlines about the hacking of Internet-connected devices, surveillance concerns, and privacy fears already have captured public attention. Technical challenges remain and new policy, legal and development challenges are emerging.
This overview document is designed to help the Internet Society community navigate the dialogue surrounding the Internet of Things in light of the competing predictions about its promises and perils. The Internet of Things engages a broad set of ideas that are complex and intertwined from different perspectives. Key concepts that serve as a foundation for exploring the opportunities and challenges of IoT include:
· IoT Definitions: The term Internet of Things generally refers to scenarios where network connectivity and computing capability extends to objects, sensors and everyday items not normally considered computers, allowing these devices to generate, exchange and consume data with minimal human intervention. There is, however, no single, universal definition.
· Enabling Technologies: The concept of combining computers, sensors, and networks to monitor and control devices has existed for decades. The recent confluence of several technology market trends, however, is bringing the Internet of Things closer to widespread reality. These include Ubiquitous Connectivity, Widespread Adoption of IP-based Networking, Computing Economics, Miniaturization, Advances in Data Analytics, and the Rise of Cloud Computing.
· Connectivity Models: IoT implementations use different technical communications models, each with its own characteristics. Four common communications models described by the Internet Architecture Board include: Device-to-Device, Device-to-Cloud, Device-to-Gateway, and Back-End Data-Sharing. These models highlight the flexibility in the ways that IoT devices can connect and provide value to the user.
· Transformational Potential: If the projections and trends towards IoT become reality, it may force a shift in thinking about the implications and issues in a world where the most common interaction with the Internet comes from passive engagement with connected objects rather than active engagement with content. The potential realization of this outcome – a “hyperconnected world” — is testament to the general-purpose nature of the Internet architecture itself, which does not place inherent limitations on the applications or services that can make use of the technology.
Five key IoT issue areas are examined to explore some of the most pressing challenges and questions related to the technology. These include security; privacy; interoperability and standards; legal, regulatory, and rights; and emerging economies and development.
While security considerations are not new in the context of information technology, the attributes of many IoT implementations present new and unique security challenges. Addressing these challenges and ensuring security in IoT products and services must be a fundamental priority.Users need to trust that IoT devices and related data services are secure from vulnerabilities, especially as this technology become more pervasive and integrated into our daily lives. Poorly secured IoT devices and services can serve as potential entry points for cyber attack and expose user data to theft by leaving data streams inadequately protected.
The interconnected nature of IoT devices means that every poorly secured device that is connected online potentially affects the security and resilience of the Internet globally. This challenge is amplified by other considerations like the mass-scale deployment of homogenous IoT devices, the ability of some devices to automatically connect to other devices, and the likelihood of fielding these devices in unsecure environments.
As a matter of principle, developers and users of IoT devices and systems have a collective obligation to ensure they do not expose users and the Internet itself to potential harm. Accordingly, a collaborative approach to security will be needed to develop effective and appropriate solutions to IoT security challenges that are well suited to the scale and complexity of the issues.
The full potential of the Internet of Things depends on strategies that respect individual privacy choices across a broad spectrum of expectations. The data streams and user specificity afforded by IoT devices can unlock incredible and unique value to IoT users, but concerns about privacy and potential harms might hold back full adoption of the Internet of Things. This means that privacy rights and respect for user privacy expectations are integral to ensuring user trust and confidence in the Internet, connected devices, and related services.
Indeed, the Internet of Things is redefining the debate about privacy issues, as many implementations can dramatically change the ways personal data is collected, analyzed, used, and protected. For example, IoT amplifies concerns about the potential for increased surveillance and tracking, difficulty in being able to opt out of certain data collection, and the strength of aggregating IoT data streams to paint detailed digital portraits of users. While these are important challenges, they are not insurmountable. In order to realize the opportunities, strategies will need to be developed to respect individual privacy choices across a broad spectrum of expectations, while still fostering innovation in new technology and services.
Interoperability / Standards
A fragmented environment of proprietary IoT technical implementations will inhibit value for users and industry. While full interoperability across products and services is not always feasible or necessary, purchasers may be hesitant to buy IoT products and services if there is integration inflexibility, high ownership complexity, and concern over vendor lock-in.
In addition, poorly designed and configured IoT devices may have negative consequences for the networking resources they connect to and the broader Internet. Appropriate standards, reference models, and best practices also will help curb the proliferation of devices that may act in disrupted ways to the Internet. The use of generic, open, and widely available standards as technical building blocks for IoT devices and services (such as the Internet Protocol) will support greater user benefits, innovation, and economic opportunity.
Legal, Regulatory and Rights
The use of IoT devices raises many new regulatory and legal questions as well as amplifies existing legal issues around the Internet. The questions are wide in scope, and the rapid rate of change in IoT technology frequently outpaces the ability of the associated policy, legal, and regulatory structures to adapt.
One set of issues surrounds crossborder data flows, which occur when IoT devices collect data about people in one jurisdiction and transmit it to another jurisdiction with different data protection laws for processing. Further, data collected by IoT devices is sometimes susceptible to misuse, potentially causing discriminatory outcomes for some users. Other legal issues with IoT devices include the conflict between law enforcement surveillance and civil rights; data retention and destruction policies; and legal liability for unintended uses, security breaches or privacy lapses.
While the legal and regulatory challenges are broad and complex in scope, adopting the guiding Internet Society principles of promoting a user’s ability to connect, speak, innovate, share, choose, and trust are core considerations for evolving IoT laws and regulations that enable user rights.
Emerging Economy and Development Issues
The Internet of Things holds significant promise for delivering social and economic benefits to emerging and developing economies. This includes areas such as sustainable agriculture, water quality and use, healthcare, industrialization, and environmental management, among others. As such, IoT holds promise as a tool in achieving the United Nations Sustainable Development Goals.
The broad scope of IoT challenges will not be unique to industrialized countries. Developing regions also will need to respond to realize the potential benefits of IoT. In addition, the unique needs and challenges of implementation in less-developed regions will need to be addressed, including infrastructure readiness, market and investment incentives, technical skill requirements, and policy resources.
The Internet of Things is happening now. It promises to offer a revolutionary, fully connected “smart” world as the relationships between objects, their environment, and people become more tightly intertwined. Yet the issues and challenges associated with IoT need to be considered and addressed in order for the potential benefits for individuals, society, and the economy to be realized.
Ultimately, solutions for maximizing the benefits of the Internet of Things while minimizing the risks will not be found by engaging in a polarized debate that pits the promises of IoT against its possible perils. Rather, it will take informed engagement, dialogue, and collaboration across a range of stakeholders to plot the most effective ways forward.integral to ensuring trust in the Internet, and it
also impacts the ability of individuals to speak,
connect, and choose in meaningful ways. These
rights and expectations are sometimes framed in
terms of ethical data handling, which emphasizes
the importance of respecting an individual’s
expectations of privacy and the fair use of their
data.63 The Internet of Things can challenge these
traditional expectations of privacy.
IoT often refers to a large network of sensorenabled
devices designed to collect data about
their environment, which frequently includes data
related to people. This data presumably provides
a benefit to the device’s owner, but frequently
to the device’s manufacturer or supplier as well.
IoT data collection and use becomes a privacy
consideration when the individuals who are
observed by IoT devices have different privacy
expectations regarding the scope and use of that
data than those of the data collector.
Seemingly benign combinations of IoT data
streams also can jeopardize privacy. When
individual data streams are combined or
correlated, often a more invasive digital portrait
is painted of the individual than can be realized
from an individual IoT data stream. For example,
a user’s Internet-enabled toothbrush might
capture and transmit innocuous data about a
person’s tooth-brushing habits. But if the user’s
refrigerator reports the inventory of the foods
he eats and his fitness-tracking device reports
his activity data, the combination of these data
streams paint a much more detailed and private
description of the person’s overall health. This
data-aggregation effect can be particularly
potent with respect to IoT devices because many
produce additional metadata like time stamps
and geolocation information, which adds even
more specificity about the user.
In other situations, the user might not be aware
that an IoT device is collecting data about
the individual and potentially sharing it with
third parties. This type of data collection is
becoming more prevalent in consumer devices
like smart televisions and video game devices.
These kinds of products have voice recognition
or vision features that continuously listen to
conversations or watch for activity in a room and
selectively transmit that data to a cloud service
for processing, which sometimes includes a
third party. A person might be in the presence
of these kinds of devices without knowing their
conversation or activities are being monitored
and their data captured. These kinds of features
may provide a benefit to an informed user, but
can pose a privacy problem for those who are
unaware of the presence of the devices and have
no meaningful influence over how that collected
information is used.
Independent of whether the user is aware of and
consents to having their IoT data collected and
analyzed, these situations highlight the value of
these personalized data streams to companies
and organizations seeking to collect and
capitalize on IoT information. The demand
for this information exposes the legal and
regulatory challenges facing data protection
and privacy laws.
These kinds of privacy problems are critical to
address because they have implications on our
basic rights and our collective ability to trust
the Internet. From a broad perspective, people
recognize their privacy is intrinsically valuable,
and they have expectations of what data can be
collected about them and how other parties can
use that data. This general notion about privacy
holds true for data collected by Internet of Things
devices, but those devices can undermine the
user’s ability to express and enforce privacy
preferences. If users lose confidence in the
Internet because their privacy preferences aren’t
being respected in the Internet of Things, then the
greater value of the Internet may be diminished.
Internet of Things Privacy Background
The privacy challenges raised by IoT
are critical to address as they have
implications on basic rights and our
collective ability to trust the Internet and
the devices that connect to it.
What issues are raised by the Internet of Things? | Privacy Considerations
Unique Privacy Aspects of Internet of Things
Generally, privacy concerns are amplified by the way in which
the Internet of Things expands the feasibility and reach of
surveillance and tracking. Characteristics of IoT devices and
the ways they are used redefine the debate about privacy
issues, because they dramatically change how personal data is
collected, analyzed, used, and protected. For example:
The traditional “notice and consent” online
privacy model, in which users assert their
privacy preferences by interacting directly with
information presented on a computer or mobile
screen (e.g. by clicking “I agree”), breaks down
when systems provide no mechanism for user
interaction. IoT devices frequently have no user
interface to configure privacy preferences, and
in many IoT configurations users have no
knowledge or control over the way in which
their personal data is being collected and used.
This causes a gulf between the user’s privacy
preferences and the data-collecting behavior of
the IoT device. There might be less incentive for
IoT vendors to offer a mechanism for users to
express their privacy preferences if they regard
the data collected as being non-personal data.
However, experience shows that data not
traditionally considered personal data might
actually be personal data or become personal
data when combined with other data.
Assuming an effective mechanism can be
developed to enable a user to express informed
consent of their privacy preferences to IoT
devices, that mechanism needs to handle the
large number of IoT devices a user must
control. It is not realistic to think that a user will
directly interact with each and every IoT device
they encounter throughout the day to express
their privacy preferences. Instead, privacy
interface mechanisms need to be scalable
to the size of the IoT problem, while still
being comprehensive and practical from a
The Internet of Things can threaten a person’s
expectations of privacy in common situations.
There are social norms and expectations of
privacy that differ in public spaces versus
private spaces, and IoT devices challenge these
norms. For example, IoT monitoring
technologies like surveillance cameras or
location tracking systems that normally operate
in public spaces are migrating into traditionally
private spaces like the home or personal
vehicle in which our expectations of privacy are
very different. In doing so, they challenge what
many societies recognize as the “right to be left
alone” in one’s home or private space. Also
individuals’ expectations of privacy in spaces
they consider to be public (e.g. parks, shopping
malls, train stations) are being challenged by
the increased nature and extent of monitoring
in those spaces.
IoT devices often operate in contexts in which
proximity exposes multiple people to the same
data collection activity. For example, a
geolocation tracking sensor in an automobile
would record location data about all occupants
of the vehicle, whether or not all the occupants
want their location tracked. It may even track
individuals in nearby vehicles. In these kinds
of situations, it might be difficult or impossible
to distinguish, much less honor, individual
Big data analytics applied to aggregated
personal data already represents a substantial
risk of privacy invasion and potential
discrimination. This risk is amplified in the
Internet of Things by the scale and greater
The Internet Of Things: An Overview
IoT Privacy Questions
These privacy issues would be challenging even if the interests
and motivations of all of the participants in the IoT ecosystem
were well aligned. However, we know that there can be
unbalanced or unfair relationships and interests between those
who are exposed to personal data collection and those who
aggregate, analyze, and use the data. The data source might
see an unwelcome intrusion into private space, often without
consent, control, choice, or even awareness. The data collector,
however, might consider this a beneficial resource that can
add value to products and services as well as provide new
Because IoT challenges our notions of privacy in new ways, key
questions need to be asked when re-evaluating online privacy
models in the context of IoT. Some questions that have been
FAIRNESS IN DATA
How do we resolve the marketplace relationship between data
sources and data collectors in the context of IoT? Personal data has
personal and commercial value that sources and collectors value
differently, both individually and in aggregate; both parties have
legitimate interests that may conflict. How might those distinct
interests be expressed in a way that leads to fair and consistent
rules for both sources and collectors concerning access, control,
transparency, and protection?
intimacy of personal data collection. IoT
devices can collect information about people
with an unprecedented degree of specificity
and pervasiveness; aggregation and correlation
of these data can create detailed profiles of
individuals that create the potential for
discrimination and other harms. The
sophistication of this technology can create
situations that expose the individual to
physical, criminal, financial or reputational
The ubiquity, familiarity, and social embrace of
many IoT devices might create a false sense of
security and encourage individuals to divulge
sensitive or private information without full
awareness or appreciation of the potential
consequences of doing so.
What issues are raised by the Internet of Things? | Privacy Considerations
How can privacy policies and practices be made readily available
and understandable in the context of IoT? What are the alternatives
to the traditional “notice and consent” privacy model that will
address the unique aspects of the Internet of Things? What is an
effective model for expressing, applying, and enforcing individual
privacy preferences and multi-party preferences? Could such a
multi-party model be constructed, and if so, what would it look
like? How might it be applied to specific circumstances involving
individual privacy preferences? Is there a market for outsourcing
the management of privacy settings to commercial services
designed to put users’ preferences into effect? Is there a role for a
privacy proxy that would express and enforce a user’s preferences
across an array of devices, while eliminating the need for direct
interaction with each one?
Privacy norms and expectations are closely related to the social
and cultural context of the user, which will vary from one group or
nation to another. Many IoT scenarios involve device deployments
and data collection activities with multinational or global scope
that cross social and cultural boundaries. What will that mean for
the development of a broadly applicable privacy protection model
for the Internet of Things? How can IoT devices and systems be
adapted to recognize and honor the range of privacy expectations
of the users and different laws?
How can we encourage IoT device manufacturers to integrate
privacy-by-design principles into their core values? How do we
foster the inclusion of consumer privacy considerations in every
phase of product development and operation? How do we reconcile
functionality and privacy requirements? In principle, manufacturers
should expect that privacy-respecting products and practices
build long-term customer trust, satisfaction, and brand loyalty. Is
that a sufficiently compelling motivation, when matched against
the competing desires for design simplicity and speed to market?
Should devices be designed with default settings configured for
the most conservative data collection mode (i.e. opt out of data