Privacy is one of the main unknowns and sensitive aspects raised by the IoT. The Internet of Things (IoT) is expanding more and more, and this means that consumers need better security, which translates into privacy. All this, in the face of the vulnerability, that corporate surveillance and data breaches represent.
Consumers gradually inadvertently expose their privacy, as they do not know what data is collected and how it is used, for example, by mobile apps.
The percentage of people who do not read security policies and accept them without knowing it is very high. In fact, there are those who make the attempt to read them, but their legal language is in most cases unintelligible to the average consumer, even allowing it to omit clauses that include the right to be heard in court.
Privacy control in IoT
As you may well know, companies are increasingly cluttered with smart items and industrial sensors but, unfortunately, security will always be difficult.
Most of the devices connected to the internet are efficiently managed by the Dynamic Host Configuration Protocol (DHCP) that automates IPs. However, the support that gives additional functions is not regular. Programming codes are a good answer for privacy in the IoT era, which can become scalable and modular as they are entangled by the following parameters:
- They take full advantage of managed IoT by merging and protecting applications for mobile devices.
- Compile advanced analytical IoT solutions.
- Digitally connect and manage the assets of any company, regardless of size.
Rules for the control of privacy in IoT
In the specific case of the Internet of Things, layered privacy is a policy that companies should adopt. They consist of the legal code, the human-readable patterns, and what the machine actually reads.
The first refers to the real policy that lawyers write and that judges will interpret; the second is a simple summary for the client to read and understand the same, while the third is the code read by search engines, software or understood by technology, which would only access the information that the consumer allows.
The implementation of the different layers would be a significant advance in security regulations.
Today, to speak of a control system for IoT security is to refer directly to the response that a company must offer when the client demands security.
Currently, a control system corresponds to the self-regulation and practices implemented by the industry on data minimization and security. It is their obligation to protect the data, and in the case of not agreeing to do so, then they should refrain from collecting it.
Privacy by design is another method of a control system, in which self-driving car manufacturers analyze risks and considerations in the product design phase.
In addition to this, it is logical that they take into account that privacy goes beyond the useful life of the equipment and the acquisition of a first customer because if the IoT devices were resold, the data of the original buyer should not remain forever in the device.
Ethical and legal frameworks of rights and obligations in the IoT industry
There is no specific international authority in this case. A security structure would help by providing tools and identification or checklists for businesses to create and use IoT devices.
It does take more corporate transparency for success in IoT privacy which would be achieved through the rules that a government requires from companies and industrial self-regulation.
These are some of the international entities that are dedicated to outlining what would be projected with rights and obligations, as well as security, of the Internet of Things:
- Federal Trade Commission (USA): Works possible agreements prior to disputes with companies that sell IoT items. Also, this entity is asked to execute actions against deceptive practices if a company disrespects its privacy policies.
- Federal Bureau of Investigation (USA): In 2015, it warned of vulnerabilities and since then has recommended defense and protection steps for clients.
- US Congress (USA): It introduced the law to improve Internet of Things cybersecurity, so any device sold to the United States of America does not have pre-set passwords, patch forms, or similar vulnerabilities.
- General Data Protection Regulation (EU): Formulated by the European Union, it is considered by the manufacturers of IoT devices and networks.