Mauritius Declaration on the Internet of Things (Oct. 14, 2014) (full-text).
This Declaration was adopted at the International Conference of Data Protection and Privacy Commissioners in Mauritius.
It sets out principles and recommendations designed to reduce the risks associated with the collection and use of data for players in the connected devices and big data ecosystems. The Declaration smake the following key observations and recommendations:
- Self-determination is an inalienable right for all human beings.
- Data obtained from connected devices is "high in quantity, quality and sensitivity" and, as such, "should be regarded and treated as personal data."
- Those offering connected devices "should be clear about what data they collect, for what purposes and how long this data is retained."
- Privacy by design should become a key selling point of innovative technologies.
- Data should be processed locally, on the connected device itself. Where it is not possible to process data locally, companies should ensure end-to-end encryption.
- Data protection and privacy authorities should seek appropriate enforcement action when the law has been breached.
- All actors in the internet of things ecosystem "should engage in a strong, active and constructive debate" on the implications of the internet of things and the choices to be made.