The IT Law Wiki

Internet of Things: Privacy & Security in a Connected World

32,076pages on
this wiki
Add New Page
Add New Page Talk0

Citation Edit

Federal Trade Commission, Internet of Things: Privacy & Security in a Connected World (Jan. 2015) (full-text).

Overview Edit


In this report, the FTC staff recommends a series of concrete steps that businesses can take to enhance and protect consumers' privacy and security, as Americans start to reap the benefits from a growing world of Internet-connected devices.

The Internet of Things is already impacting the daily lives of millions of Americans through the adoption of health and fitness monitors, home security devices, connected cars and household appliances, among other applications. Such devices offer the potential for improved health-monitoring, safer highways, and more efficient home energy use, among other potential benefits. However, the FTC report also notes that connected devices raise numerous privacy and security concerns that could undermine consumer confidence.

The Internet of Things universe is expanding quickly, and there are now over 25 billion connected devices in use worldwide, with that number set to rise significantly as consumer goods companies, auto manufacturers, healthcare providers, and other businesses continue to invest in connected devices.

The report is partly based on input from leading technologists and academics, industry representatives, consumer advocates and others who participated in the FTC's Internet of Things workshop held in Washington D.C. on Nov. 19, 2013, as well as those who submitted public comments to the Commission. Staff defined the Internet of Things as devices or sensors — other than computers, smartphones, or tablets — that connect, store or transmit information with or between each other via the Internet. The scope of the report is limited to IoT devices that are sold to or used by consumers.

The report includes the following recommendations for companies developing Internet of Things devices:

Commission staff also recommend that companies consider data minimization — that is, limiting the collection of consumer data, and retaining that information only for a set period of time, and not indefinitely. The report notes that data minimization addresses two key privacy risks: first, the risk that a company with a large store of consumer data will become a more enticing target for data thieves or hackers, and second, that consumer data will be used in ways contrary to consumers' expectations.

The report takes a flexible approach to data minimization. Under the recommendations, companies can choose to collect no data, data limited to the categories required to provide the service offered by the device, less sensitive data; or choose to de-identify the data collected.

FTC staff also recommends that companies notify consumers and give them choices about how their information will be used, particularly when the data collection is beyond consumers' reasonable expectations. It acknowledges that there is no one-size-fits-all approach to how that notice must be given to consumers, particularly since some Internet of Things devices may have no consumer interface. FTC staff identifies several innovative ways that companies could provide notice and choice to consumers.

See also Edit

Also on Fandom

Random Wiki