Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy and Public Policy Implications of IoT

Published byJasmin Bennett Modified over 6 years ago

Similar presentations

Presentation on theme: "Privacy and Public Policy Implications of IoT"— Presentation transcript:

1 Privacy and Public Policy Implications of IoT
The Internet Society 1/24/2018 Privacy and Public Policy Implications of IoT Girard Kelly California State Legislature

2 The Internet Society 1/24/2018 Agenda Introduction Challenges and Opportunities for Privacy in the IoT Privacy by Design Principles Fair Information Practice Principles (FIPPs) 2015 Privacy Legislative Summary Future Privacy Policy Roadmap

3 Introduction The “Internet of Things” (IoT) is one of the fastest emerging, transformative, and disruptive technology developments since the Internet itself. By 2025, an estimated 50 billion “smart” devices are expected to be wirelessly connected to the Internet. Gartner predicts that the aggregated value and economic benefit of the IoT will exceed $1.9 trillion in the year 2020. IoT Devices will be collecting, analyzing, and sharing personal information in real-time. The IoT will dramatically change consumer’s expectations of personal data and privacy.

4 Challenges and Opportunities for Privacy in the IoT

5 IoT Privacy Challenges
IoT notice and consent model Unexpected data collection and sharing Discrimination through data aggregation and consumer profiling Increased criminal, civil, and reputational harm New types of sensor data will require new definitions of Personally Identifiable Information (PII) Re-identification of anonymized data shared with third-parties

6 IoT Privacy Opportunities
Convenience and information sharing Real-time feedback and analysis “Trusted” or connected computing Automation and control New forms of multi-factor authentication Big data analytics and sensor fusion

7 Privacy by Design Principles

8 Privacy by Design Principles
Privacy by Design is an approach to systems engineering which takes privacy into account throughout the entire engineering process. Proactive not reactive Preventative not remedial Privacy as the default setting Privacy embedded into design Full functionality – positive- sum, not zero-sum End-to-end security – full lifecycle protection Visibility and transparency – keep it open Respect for user privacy – keep it user-centric

9 Fair Information Practice Principles

10 Fair Information Practice Principles
The Fair Information Practice Principles (FIPPs) are a widely accepted framework of defining principles to be used in the evaluation and consideration of systems, processes, or programs that affect individual privacy. Transparency Individual Control Respect for Context Focused Collection and Responsible Use Security Access and Accuracy Accountability

11 2015 Legislative Summary

12 2015 Legislative Summary AB-66 (Weber) - Peace officers: body worn cameras AB-83 (Gatto) - Personal Data AB-195 (Chau) - Unauthorized access to computer systems AB-259 (Dabahneh) - Personal information: privacy

13 2015 Legislative Summary AB-856 (Calderon) - Invasion of Privacy
AB-964 (Chau) - Civil Law: privacy AB-1116 ( Privacy Committee) - Connected televisions AB-1541 (Privacy Committee) - Privacy: personal information

14 2015 Legislative Summary SB-30 (Gaines) - Carjacking
The Internet Society 1/24/2018 2015 Legislative Summary SB-30 (Gaines) - Carjacking SB-34 (Hill) - Automated license plate recognition systems: use of data SB-178 (Leno) - Privacy: electronic communications: search warrant SB-570 (Jackson) - Personal information: privacy: breach

15 2015 Legislative Summary SB-576 (Leno) - Mobile applications: geolocation information: privacy SB-690 (Stone)- Stalking SB-741 (Hill) - Mobile communications: privacy SB-1177 (Steinberg) - Privacy: students of 2014

16 Future Privacy Policy Roadmap

17 Fundamental Privacy Principles
Transparency Individual Control Respect for Context Focused Collection and Responsible Use Security Access and Accuracy Accountability

18 1. Transparency Expand California’s Online Privacy Protection Act (CalOPPA) to include: A short-form summary at the beginning of every privacy policy Notice of what “type” of IoT sensor information is collected Notice of what “specific” personal information an organization has collected Notice of what “purpose” information is collected and shared with whom Application of CalOPPA to State agencies and their use of personal information

19 2. Individual Control Require opt-in/opt-out consent distinct from the operation of the IoT device Provide more consumer privacy choices—Not simply all or nothing Provide the ability to delete information Privacy by Design—default IoT settings for privacy

20 3. Respect for Context Restrict third-party sale of sensitive PII for marketing or unrelated advertising purposes Respect the purpose for which the data is collected Prohibit the use of data in unexpected ways Require a “reasonable expectation of privacy” standard

21 4. Focused Collection and Responsible Use
Expand the definition of “Personally Identifiable Information” (PII) Expand the definition of “Personal Information” under the Information Practices Act Provide data minimization incentives for organizations Provide data correction and “second-hand” exclusion Responsible use of data based on fairness

22 The Internet Society 1/24/2018 5. Security Provide for increased data breach notification of non-encrypted re-identified information Require robust identity theft protection Require reasonable security procedures and practices of businesses Incentivize two-factor authentication / Biometric authentication Align product warranty and customer expectations with security fixes and product life-cycle

23 6. Access and Accuracy “Right to Know” what information an organization has collected about you Right to know what third-parties an organization has shared your PII with Right to correct inaccuracies in your information Right to export or transfer your information Right to access digital assets or information from deceased heirs

24 7. Accountability Provide stronger enforcement mechanisms:
Federal Trade Commission (FTC) California Office of the Attorney General Consumer private right of action Data Breach Notification Requirements EU-U.S. Privacy Shield Safe Harbor

25 Thank You

Download ppt "Privacy and Public Policy Implications of IoT"

Similar presentations

Office of the Information and Privacy Commissioner, Ontario, Canada

Office of the Information and Privacy Commissioner, Ontario, Canada
1 NAESB Data Privacy Task Force February 16, 2011.

1 NAESB Data Privacy Task Force February 16, 2011.
Mobile Payments and the FTC Manas Mohapatra Director of Mobile Policy Mobile Technology Unit Federal Trade Commission The views expressed are not necessarily.

Mobile Payments and the FTC Manas Mohapatra Director of Mobile Policy Mobile Technology Unit Federal Trade Commission The views expressed are not necessarily.
Big Data - Ethical Data Use Kimberlin Cranford. Ethical Use in the Era of Big Data  Landscape has Changed  Attitudes about Big Data  PII, Anonymous,

Big Data - Ethical Data Use Kimberlin Cranford. Ethical Use in the Era of Big Data  Landscape has Changed  Attitudes about Big Data  PII, Anonymous,
The Problem Solvers TM www.singleton.com Privacy Rights: Minors and Parents Michael J. Hewitt Marcel Daigle Singleton Urquhart LLP.

The Problem Solvers TM Privacy Rights: Minors and Parents Michael J. Hewitt Marcel Daigle Singleton Urquhart LLP.
Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.

Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.
Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.

Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.

On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
NTIA Privacy Multistakeholder Meeting March 25, 2014 Amanda Koulousias, Attorney Division of Privacy and Identity Protection Federal Trade Commission FTC.

NTIA Privacy Multistakeholder Meeting March 25, 2014 Amanda Koulousias, Attorney Division of Privacy and Identity Protection Federal Trade Commission FTC.
“Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC Dept. of Health & Human Services Washington, DC 11 January.

“Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC Dept. of Health & Human Services Washington, DC 11 January.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Privacy, Security, and trust in cloud computing BY: SIANI PEARSON PRESENTED BY: KIA MANOOCHEHRI.

Privacy, Security, and trust in cloud computing BY: SIANI PEARSON PRESENTED BY: KIA MANOOCHEHRI.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
CLOUD AND SECURITY: A LEGISLATOR'S PERSPECTIVE 6/7/2013.

CLOUD AND SECURITY: A LEGISLATOR'S PERSPECTIVE 6/7/2013.
2015 National BDPA Technology Conference Big Data: Cool, Creepy or Privacy Violation? Arlonda Stevens August 18-22, 2015 Washington, DC.

2015 National BDPA Technology Conference Big Data: Cool, Creepy or Privacy Violation? Arlonda Stevens August 18-22, 2015 Washington, DC.
Mi-Gyeong Gwak, Christian Vargas, Jonathan Vinson

Mi-Gyeong Gwak, Christian Vargas, Jonathan Vinson
Smart Machines, Smart Privacy: Rules of the Road and Challenges Ahead The views expressed are those of the speaker and not necessarily those of the FTC.

Smart Machines, Smart Privacy: Rules of the Road and Challenges Ahead The views expressed are those of the speaker and not necessarily those of the FTC.
EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011.

EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011.

Similar presentations

Ads by Google