DAB_IOT_PRIVACY_V2
-
Upload
david-wright -
Category
Documents
-
view
5 -
download
0
Transcript of DAB_IOT_PRIVACY_V2
David Wright
Innovation Specialist
Benjamin Farrah
Privacy Director
IOT AND DATA PRIVACY
From survey’s to sensors
Survey DataMobile Behavioral Social media Data Sensor Data
Understanding Consumer Behaviour
Insight
Increased data/sensor fusion
The promise! From snapshots to the promise of persistent data
HEALTH SURVEYS Shorter survey + Wearable or in-home sensors
Consumer Product Testing
The promise! From snapshots to the promise of persistent data
One off in house filming/survey
On home cameras/sensors, power monitoring
Cell ID – in retail park – several large department stores
GPS – Upmarket Department Store within retail park
WIFI – On second “fashion” floor
Beacon – Dwelled in Handbag Section
Beacon or NFC – Made a Purchase
100m – 1k
10-50m
20-200m
30cm-3m
<20cm
Client privacy! i.e. competitors mapping the store
The promise! Accurate location right up to the moment of purchase
The IOT Devices!
A recent HP study indicated 70% of devices had at least 30 security flaws
There are 5 competing IOT standard bodies... Its early....
Thousands of devices measuring thousands of things!
Privacy – what people care about
Privacy of Personal Information:Credit Cards, Phone Numbers, Contact Lists, Address
Privacy of Personal Communications Email, Text voice, SMS
Privacy of Personal Behavior - the observation of what an individual doesi.e. cameras, clickstream
Privacy of the Person -- the integrity of an individual’s body More sensitive health info i.e. medical conditions
Privacy Principles
1. Notice 2. Choice3. Collection / Collection Limitation4. Use / Use Limitations 5. Access (to data held) 6. Onward Transfer 7. Security (passwords) 8. Monitoring & Enforcement
If you need to “Account” for data privacy in your Product or Service you should you focus on incorporating these Privacy Principles in to the product. Despite the difference in laws by country, these principles are universally applicable and most data laws have elements of these principles within. Data Protection Regulators will judge products or services based on how well you are able operationalize these Principles.
Starting with the Connected Home
Notice – you need to first verify who’s data you are collecting!Choice – you need a mechanism to allow someone to opt out without “jumping through hoops”
ROUTER
Smoke Sensor
ThermostatSmart Appliances
SmartTV
Robo Vacuum Cleaner
Connected Door LockSmart Camera
Motion Sensor Facial Recognition System
Amazon Echo – Voice Control
Smart Power Meter
Mobile behavioral panels
Digital exposure
& behaviour
Internet browsing Internet advertising Streamed video/audio Internet search and results Apps Installed + usage In-app usage
In-app advertising
Telemetrics
Phone calls/SMS Network/Wi-Fi/data use Battery/CPU Music Video playing
Context & Triggers Location
PII Removal
Algorithm
Adding IOT.. i.e. comparing daily app usage with sleep patterns
Detailed Personal Data Shared
No Personal Data Shared
Generic or no service
Danger!
Ripe for Disruption!
Personalized Servicesor utility
Global Legislation Changes Media Cultural Expectation
Security Hackers
Privacy versus utility tradeoffs
Privacy Activists
Make sure “hacker” culture i.e. hackathons have defined boundaries!
In summary
Navigating IOT requires coordination across privacy, legal, product, IT functions.
Innovation or digital leads should have a “privacy officer” on speed dial.
Ensure you or your platform partner have the WPP sanctioned IT in place.
Expect that innovative use of IOT, will often require a legal opinion.
In doubt apply a “creepOmeter”