Industry can head off IoT privacy rules, former US official says

Connected devices raise new concerns about personal data

Nicole Wong, former U.S. deputy CTO, spoke on Tuesday at the GigaOm Structure Connect conference in San Francisco.

Nicole Wong, former U.S. deputy CTO, spoke on Tuesday at the GigaOm Structure Connect conference in San Francisco.

The Internet of Things is raising a host of concerns over the control of data that could lead to government regulation, but tech companies can rein in those worries on their own if they act fast, according to a former White House technology official.

The kinds of information that connected devices can collect, such as health and fitness data, are more intimate than what consumers are used to sharing on the Web, said Nicole Wong, former U.S. Deputy CTO. In addition, it's harder to make users comfortable with the use of that data, she said.

Any company that gathers data from consumers has to be transparent about what it collects and how it's used, in order to build trust, Wong said during a panel at the GigaOm Structure Connect conference in San Francisco. Web and mobile products have ways of communicating that message and giving users choices, but many IoT devices don't, she said. As examples, she cited the lights in a consumer's home and future monitoring devices that are injected in the bloodstream.

"Where is the consent happening?" Wong said. "At what point does the user say, 'I object to that collection'?"

With connected devices arrayed around consumers' homes and bodies and potentially collecting data that government and other third parties can access, a danger is that people may start to self-consciously regulate their own lives, said Jay Stanley, a senior policy analyst at the American Civil Liberties Union.

"I begin to feel, even in my own home, that I'm being watched in some way," Stanley said. "I begin to monitor my own behavior because I'm worried about what people who access that data are going to think of me."

Partly because of these worries, government regulation of IoT security is on the horizon, panelists said. The Article 29 Working Party, a European Union privacy body, recently issued an opinion on IoT with guidelines for wearables and home automation, Stanley said. That document said consumers should remain in control of their personal data throughout the life of the product.

In some parts of Europe, such as the U.K, industry is working closely with government, a good model for forming guidelines, said Richard Cornish, head of IoT at U.K. technology services company xChanging. "I think there is an opportunity for governments to regulate, but regulate with the industry, rather than remotely from industry," he said.

The U.S. approach could be more industry-centric.

"The innovation around the ethical and appropriate use of technology is going to have to come from the technology sector," Wong said. "If you move fast enough, if you have best practices that the consumer world feels good about, then the government is not going to have an opportunity to create a regulation that is not in your favor."

Wong, who stepped down from her White House post in August, has some insight into the private sector's views. Before joining the Obama Administration in 2013, she had worked at Twitter and Google.

"The government does not know more about technology than you do," Wong said. "The notion that the technology sector suddenly has government happen to it is wrong."

Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen's e-mail address is stephen_lawson@idg.com

Join the Computerworld newsletter!

Error: Please check your email address.

Tags white houseAmerican Civil Liberties Unionsecurityinternetprivacy

More about GoogleIDGLawsonNews

Show Comments