In the brunch-time session at GDPR summit, the Internet of Things (IoT) came under the intense scrutiny of Sue Geuens, President of the International Data Management Association, and Louise Bennett from the Chartered Institute for IT.

Leading the debate was David Clarke, Chief Technology Officer at The Trust Bridge, who introduced by questioning the security of information as it gets hoovered up by our rapidly expanding network of digitally-connected devices.

Such information is far less secure than we’d like to imagine, came the unequivocal response of Louise Bennett.

“People who manufacture IoT devices pay little or no attention to data privacy or security; IoT enabled toys means kids’ data is being stored, and this is easily hacked into.”

If transparency represents a powerful and resonant chord among organisations that champion GDPR’s oncoming, then firms that sell IoT-ready devices are distinctly sotto voce when it comes to stating what data they collect and with whom it is shared.

Consent is at the heart of the issue, and it seems legislation standards cannot keep pace with the development of new devices and their capabilities. A multi stake-holder discussion is essential, a discussion in which the consumer must take a central role.

Suddenly the hands are thrown aloft: where are the moral and ethical concerns of the IoT industry? The call is made for trading standards and consumer protection to become a part of IoT data regulation, so that the manufacturers’ moral compass might be realigned.

For a start, all devices need basic security features that are guaranteed to be upgraded and patched as new security threats emerge. On the consumer side, let’s do away with the tiny Ts&Cs, says Sue Geuens.

Consumers need to understand exactly what they’re putting on the line when they sign up, with data sharing beginning with an active choice to opt in, rather than a well-hidden opting out feature.

Followed to its logical conclusion, the turning of consent’s tide invites us to take a good look in the mirror. Do you want an arrangement that involves a company saying that it won’t pass on your information? Shouldn’t private mean private to you and you alone?

Sue Geuens calls for a culture of heightened personal diligence about what we let on: you and I must change our personal behaviours regarding IoT and data protection.

It progresses to a question of educating all users, before driving organisations to consider if the data they collect is proportionate to need. If you have our data, tell us why you're holding onto it.

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.

comments powered by Disqus