Internet of Things: Who Owns the Data?
The Internet of Things is set to open a floodgate of data, but the question is, who controls that data?
Smart cars, connected health, smart grids, smart cities - the world is becoming connected in a way that was the territory of science fiction just a few short years ago. Ericsson and Cisco both predict upwards of 50 billion devices will be connected to the Internet by 2020 in a network of "things" that will extend well beyond smartphones, laptops and game consoles to scanners, sensors, etc. This promise of the Internet of Things will increase today’s data load factors by several orders of magnitude. While this creates questions about how data is collected, ingested, stored and queried, one of the most important considerations will be around ownership and governance around that data. (Get some background reading in What the $#@! is the Internet of Things?!)
Constant Data Collection
There is already friction between consumers and online services around ownership of data collected from the likes of Facebook, Google, Twitter and others. There have been flare-ups of backlash against Facebook, for example, which claims ownership of your photos and content posted to your personal news feeds. Most consumers don’t realize that when they sign Facebook's terms of agreement without reading them. Consumers, however, are starting to understand the implications of giving up personal information online as they start to see targeted advertising based on their online profiles and behaviors.
For the most part, as we have seen from this increase in behavior-based, targeted advertising, the access and use of this data is primarily driven by money: ad networks generating revenue from advertisers through more targeted programs that in turn generate revenue for advertisers by getting consumers to spend more money because of more targeted advertising - the circle of life, if you will. Maybe you like the enhanced experience Yahoo! gives you for fantasy football, but what happens when there are 50 billion connected devices, the majority of which are machines like sensors embedded in cars, clothes, cardiac monitors and more? (Learn more about the drawbacks of IoT in Internet of Things: Great Innovation or Big Fat Mistake?)
Who's In Control?
As data is increasingly collected and shared, the most important question - at least for consumers - is who owns the data in your smart meter and what does that information tell you - or tell others about you? If combining data from smart cars with data from smart traffic grids and smart energy delivery has value, how do these systems know how to speak to one another, and what governs who can access this data and how? What about medical data? When the sensor sewn into a piece of clothing, or on a wristband that is tracking vital signs and alerting your doctor when certain thresholds are breached, where and how is that data held and managed?
"You can imagine using big data to make a world that is incredibly invasive, incredibly Big Brother … George Orwell was not nearly creative enough when we wrote "1984.""
Pentland has led several sessions at the World Economic Forum, which culminated in the chairman of the Federal Trade Commission putting forward the U.S. Consumer Privacy Bill of Rights, and the EU introducing stringent (and controversial) laws forcing businesses to embed data protection.
Unfortunately, data ownership and privacy legislation is by no means a done deal. In early June, the National Telecommunications and Information Administration issued a Request for Comments on how issues raised by big data impact the Consumer Privacy Bill of Rights.
The primary focus though, is to put individuals in control of their own data and how it is used, and to ensure that their data is safeguarded. While some businesses may look at this as limiting the success of the Internet of the Things (from a revenue perspective), it is absolutely critical to he realization of a wide-scale adoption.
Data Issues To Be Addressed
While ownership of data may still be up for grabs, companies will also need to grapple with many other considerations:
- Who is the steward of the data? Facebook may well be the owner, but it will try to allow the user to, within limits, provide the stewardship.
- How is the data accessed? Will it be pushed into an all-access portal, or only through a secure API?
- How is the data defined, literally? The socialization and exposure of data can be significantly impacted by the exact definitions used and the drivers behind those definitions (multiple standards-based approaches).
- What security measures are in place and who administers them? The security administrator may allow access in unpopular ways. However, they may also have great policies in place that are ineffective based on weak execution. We all recall Heartbleed.
- Who owns the derivative information about the data? This is a more nuanced consideration around ownership of emergent patterns identified in data, and the implications of those patterns.
Ultimately, enterprises, advertisers and others will need to prove that the value they will deliver to the consumer will be worth that consumer giving them information about themselves and, that the consumer can trust their information to be safe. In the end, the consumers should make that decision. While regulators have a significant part to play in forcing the issue of data protection, there is responsibility on all fronts. A combination of industry voices, large players in the market, and dare I say it, government, will be well served to work together to strike the right balance.
Time will tell.