What the Internet of Things means for consumer privacy

March 23, 2018
Global
This report explores the privacy concerns and priorities of global consumers stemming from the Internet of Things (IoT) and related technologies.

As the digital era has unfolded, consumers have become steadily more aware of the uses that businesses make of the personal information that is handed over when accessing services. Many consumers have become adept at exercising control over how their data are used, for example through consent forms and opt-outs. However, the IoT—the rapidly expanding network of devices, physical objects, services and applications that communicate over the internet—poses a new set of privacy challenges, as it changes the relationship between individuals and their personal data. Gartner, a research firm, projected the number of “connected things” in the global consumer segment to reach 7bn in 2018, rising to 12.9bn in 2020.

The biggest challenges are ubiquity and invisibility: connected devices number in the billions today, and they transmit data without device owners knowing when or how that happens. “American consumers are very knowledgeable about privacy protection issues,” says Kathleen McGee, head of the Bureau of Internet and Technology at the New York State Attorney-General’s office, “but they do not appreciate just how far-reaching IoT devices are in their world.” 

The data custody chains, or documentation recording the transfer of data to different parties, are also complex. “The IoT combines the technologies of multiple providers, which makes the tracking of collected personal data extremely difficult, if not impossible, in most cases,” says Giulio Coraggio, partner and head of global IoT and gaming at DLA Piper, a law firm.

The same issues make the privacy challenges of the IoT difficult for government and industry to address. According to Amanda Long, director-general of Consumers International, a consumer advocacy organisation headquartered in London, it is the cross-sector and crossborder interlinkages that make the IoT such a tricky area for stakeholders to grasp and address.

A handful of organisations are seeking to build consumer and industry knowledge about the unique challenges the IoT poses to data privacy. These include non-governmental organisations (NGOs) such as Consumers International and the Online Trust Alliance (OTA). Government bodies such as the UK’s Information Commissioner’s Office and the US Federal Trade Commission (FTC), and intergovernmental organisations such as the Global Privacy Enforcement Network (GPEN), are also prominent in such efforts.

The purpose of this report is to augment the discussion by identifying consumers’ main privacy concerns in relation to internet-connected devices.

To explore this topic, The EIU has conducted a survey of over 1,600 consumers in eight countries. The report draws on the analysis of the results and discusses how industry and government can help to build consumer trust in the age of IoT.

Receive forward-looking perspectives from our editors - Sign up for our Weekly Digest