Examining Privacy Concerns with IoT
All the devices in our daily lives know more about us than we realize- where we are, what we eat, even our shopping habits.
In fact, everyone is connected to the internet in so many ways that now only five percent of connected devices are personal computers.
Known as the ‘internet of things,’ these devices, whether it’s Alexa, Cortana, smart televisions or smart watches, have gone from 2 billion in usage in 2006 to a projected 200 billion in 2020.
But with this rise in smart devices in our homes and in our possession throughout the day comes growing concerns about data privacy. The information collected by these devices is even becoming a hotly contested issue in courtrooms around the country.
For instance, a New Hampshire judge last year ordered Amazon to release recordings from a murder victim’s Echo device and any cellphones paired to it over a certain period of time.
In Connecticut, the prosecution is using evidence in a high-profile murder case taken from a Fitbit device that contradicts the story of the defendant, who is accused of murdering his wife but claims it was a masked intruder. It is the first time anywhere Fitbit device information has been used as evidence in a murder case.
There have also been complaints from parents that hackers have turned their Wi-Fi baby monitors into spy cams or that hackers can take control of your car, which led to a recall of some Fiat Chrysler automobiles.
These issues were all part of the discussion at the Intellectual Property Law Section’s Privacy and the Internet of Things panel as part of their daylong Annual Meeting event at the New York Hilton Midtown Jan. 15.
Leonie Huang, of Holland & Knight, moderated the discussion, which also featured panelists Jessica Lee, of Loeb & Loeb; Mark Melodia, of Holland & Knight; Anthony Ford, senior data privacy counsel at Medidata Solutions; and Manas Mohapatra, chief privacy officer at Viacom.
Lee started the discussion with a presentation that included the statistics and court cases noted above, and the group spent a large portion of the event providing background on the internet of things.
Further, the group explained that personal data is more than a name, an email address or phone numbers. Privacy concerns can include your IP address, cookies, mobile identifiers, and employee data, which can reveal your gender, age/date of birth, social media logins and handles, as well as location data.
Mohapatra, who also worked in high ranking positions dealing with privacy at the Federal Trade Commission and Twitter, said unlike the General Data Protection Regulation recently implemented by the European Union, the U.S. has no comprehensive privacy federal legislation. Depending on what type of data it is, who is using it and for what purposes, Mohapatra said the same data about the same group of people may get protections in one context under U.S. laws but not in another.
The panelists expressed concern that various states across the country could begin enacting their own privacy regulations, perhaps stemming from lawsuits. This, they said, could result in divergent enforcement across the 50 states, like “state level mini-GDPRs.” From there, Lee said, could come “the real push for federal regulation.”