The U.K. telecommunications regulator Ofcom has called for international industry standards on privacy in the internet of things.
On Tuesday the regulator published an outline of its approach to the developing internet of things, largely based on responses to a call for input that it made last year. It noted that “stakeholders” had identified data privacy and consumer literacy as their primary areas of concern.
“We have concluded that a common framework that allows consumers easily and transparently to authorize the conditions under which data collected by their devices is used and shared by others will be critical to future development of the IoT sector,” Ofcom wrote. “If users do not trust that their data is being handled appropriately there is a risk that they might withhold its use.”
Respondents had said that existing U.K. data protection legislation would be appropriate for regulating the internet of things, though not necessarily a cure-all. They also favored industry-led approaches to keeping consumers in control.
However, Ofcom wrote:
We consider that these approaches should ideally be agreed internationally where possible, so as not to inhibit sale and use of IoT devices and services across international boundaries…
Data captured in one country may be processed or stored in another and different countries may have different data privacy regimes. Addressing such differences will be particularly important if manufacturers market their IoT devices in multiple countries.
The regulator also pointed out that, because many connected devices may not have a traditional screen-and-keyboard-based user interface, users might “not know that their data is being collected, shared and processed and may find it harder to make an informed choice about whether to share their data.”
Many respondents had backed the idea of a common framework based on simple categories of data sharing, for example “unshared, shared only with the service provider or shared with everyone.” However, Ofcom noted that there was “little evidence” of such a standardized system coming out of current industry efforts.
The regulator also wrote up its views on other aspects of the internet of things. On capacity, it suggested that there was probably enough spectrum available and being freed up for now, but it would monitor developments. It said addressing would come down to bespoke systems or IPv6, and it would keep an eye on the IPv6 migration process.
Regarding the network security and resilience aspects of the explosion in connected devices, Ofcom said it would expand its work in this area and cooperate “where appropriate” with regulators in other sectors. On privacy, Ofcom will also need to work closely with the U.K. Information Commissioner’s office, the government and industry.
P.S.: It goes without saying that privacy concerns will be a hot topic across many of the sessions at our upcoming Structure Data conference, which will take place March 18–19 in New York. In particular, don’t miss Jeff Roberts’s chat with FTC commissioner Julie Brill on the Wednesday — this issue is most definitely on the agenda in the U.S.