FTC To IoT: Don’t Forget About Consumer Privacy

IoTAs the Internet of Things ramps up, the Federal Trade Commission isn’t far behind.

In a report issued Tuesday, the FTC set out a series of privacy recommendations leveled at the IoT device-making community, including best practices on data collection, usage and storage. [Download the report.]

Regulators and agencies are most concerned about the ubiquitous and unceasing data collection around the IoT.

As Tony Bailey, SVP of technology at DigitasLBi, noted in a previous interview with AdExchanger at CES 2015, “That’s a big question mark: How is this stuff being stored? What happens to all the data?”

According to a recent study from Gartner, nearly 5 billion connected devices will be in use this year – a 30% increase over 2014. That’s a lot of data.

The report’s top concern was security. The FTC advised connected-device companies to “build security into devices at the outset, rather than as an afterthought in the design process,” train employees about the importance of security, develop in-depth defense strategies in case of potential breaches and “monitor connected devices throughout their expected life cycle.”

The report also advised device makers to place limitations on the consumer data they collect and retain so they’re less of a hacking target and to ensure that consumer data is never used in ways that its owners wouldn’t be happy with.

Although that might seem like a dig at the advertising community – data is part of what makes the IoT tick – Jessica Rich, the FTC’s director for the Bureau of Consumer Protection, would beg the contrary.

“The FTC recognizes that targeted advertising benefits consumers,” Rich said at AdExchanger’s 2015 Industry Preview event. “The business model clearly benefits consumers and we have no interest in jeopardizing it.”

FTC Chairwoman Edith Ramirez concurred, noting in a release that the IoT will only “reach its full potential for innovation” if the industry does its best not to toss consumer trust out of the Internet-connected window.

The FTC more than acknowledges the enormous convenience and associated health and safety benefits that come along with the IoT, said Maneesha Mithal, associate director of the division of privacy and identity protection at the FTC and one of the report’s authors.

“We absolutely want to see this environment flourish, but if data is being leaked or shared or consumers are surprised in any way as to how their information is being used, it’s going to undermine trust in this new marketplace,” she said.

Although for now the FTC isn’t making any IoT-specific recommendations for legislation, calling it “premature at this point in time given the rapidly evolving nature of the technology,” the agency suggested that Congress enact all-embracing privacy legislation to govern data collection and use practices in general.

“One of the challenging things about this is that the technology is changing rapidly and in order to keep up with that, it’s much more helpful for the law to be tech-neutral than have it apply specifically to social networks or cloud computing or the Internet of Things,” Mithal said. “The heart of the recommendation is for any legislation to be broad-based.”

It’s interesting to note that the FTC’s report seems to only address the companies that make the devices themselves, rather than the companies that offer the data plans or provide the plugins that power the devices, although Mithal told AdExchanger that third parties are “absolutely on our radar.”

Smart fridges and connected cars might garner the spotlight, but it’s the API that enables the interconnectivity.

Speaking of interconnectivity, part of the promise – or, from the FTC’s perspective, the potential danger – of the IoT is enabling people to control their entire lives via a single interface. A connected appliance is one thing. A fully connected home is another.

It’s part of what home improvement brand Lowe’s is trying to do with the development of its Irish Home Management System, which debuted in 2012. Lowe’s has been working with vendors to create open source apps for connected devices, including for thermostats, garage doors, locks and water heaters.

“We have a fundamental belief that everything we power will have an IP address and become connected to the Internet,” said Kevin Meagher, VP and GM of Lowe’s Smart Home business unit, speaking at the ANA’s Mobile First, Mobile Everywhere conference in December. “We’re at the very early stages of this market and we already have billions of data points coming in. I’ll be frank with you – we don’t have a clue what to do with it right now, but we’ll put it aside and figure out what to do with it later.”

Enjoying this content?

Sign up to be an AdExchanger Member today and get unlimited access to articles like this, plus proprietary data and research, conference discounts, on-demand access to event content, and more!

Join Today!