By John Kincaide, Privacy and Security Policy Attorney at Intel
On January 27, 2015 the Federal Trade Commission (FTC) released its anticipated staff report on the previously held workshop titled, Internet of Things – Privacy and Security in a Connected World. The report focused primarily on the privacy and security implications of consumer IoT applications. The report was adopted by a 4-1 vote and included concurring and dissenting statements.
Going forward Intel would like to see the FTC reach consensus and find common ground on privacy and security principles for a safe and secure IoT environment for consumers. The FTC’s report contains many privacy and security recommendations. Here are two highlights of the recommendations with Intel’s perspective.
- The report recommends building security into devices at the outset, rather than an afterthought in the design process. Intel has long advocated proactive privacy and security by design strategies to identify and minimize risks in technology related products and services, including IoT. The risks, and strategies to mitigate those risks, may vary greatly by the specific consumer IoT application.
- The report acknowledged the challenges that IoT may raise for implementing the Fair Information Practice Principles (FIPPs), especially the principles of “notice”, “choice” and “data minimization”. Intel continues to advocate creative and innovative strategies to implement the FIPPs as outlined in its “rethink privacy” policy strategies. For example strengthening the commitment to the accountability principles when traditional notice and consent may be difficult to implement. Finally, recognizing that data will be the driver of enormous IoT benefits for GDP and society, Intel believes industry must be responsible stewards of that data, including considering data minimization strategies where appropriate as part of balanced risk assessment and mitigation process.
Intel proactively developed IoT policy strategies and believes privacy and security are foundational elements of those strategies. Intel looks forward to the continued evolution of the FTC and other regulatory agencies views on privacy and security in the rapidly evolving world of IoT.
Please let me know what you think.