How Can We Handle Internet of Things (IoT) Generated Data Ethically?
Personal data generated by the Internet of Things has uncountable potential uses, but who decides who owns the data and how it can be used?
While the Internet of Things (IoT) gathers data at a frenetic pace and the influx of data grows in magnitude, a question is repeatedly being asked from many quarters: are we handling this data ethically? While the big corporations, governments and even cyber criminals view the data deluge as a veritable goldmine, many wonder if these groups will exploit the goldmine to erode privacy, confidentiality and even security.
In this context, it is quite relevant to recall a couple of events in the recent past that have generated a lot of controversy: one, Whatsapp's acquisition by Facebook, and two, the NSA controversy. You do not need to be a genius to identify the reason Facebook spent so much money on the acquisition — Whatsapp brings with it a treasure trove of customer data, much of which is personal and confidential. Facebook wants a deeper insight into its users’ minds so that it is able to better customize and sell its products.
On the other hand, the NSA has been snooping around and gathering data about American citizens while they unsuspectingly share vital data over the Internet. Ostensibly, this is all being done in the name of national security. The NSA wants to preempt and prevent terrorist activities. But certain questions arise in this context: who owns the data that is being collected? Are the corporations and institutions even entitled to collect the data? Are the corporations misusing the enormous amount of data at their disposal? And, how equipped or willing are we to deal with the misuse of data that can redefine our lives?
The Magnitude of the Internet of Things-Generated Data
The data generated by the Internet of Things is already massive and it is only going to compound by leaps and bounds. According to Cisco, as of February, 2015, there were around 14.8 million connected devices. By 2020, this figure is going to reach 50 billion. As if that was not enough, that is just 2.77 percent of all the devices available for connection. Now, all these connected devices are going to generate 403 zettabytes of data by 2018. This is 267 times the data estimated to be flowing between data centers and users, and 47 times the data the data centers will receive. By the way, 1 zettabyte translates to one trillion (that's 1,000,000,000,000) gigabytes. This is a lip-smacking prospect for corporations, governments and cyber criminals. However, out of that humongous data volume, only a small portion is viewed as serious and actionable data. Serious and actionable data are those which are easily accessible, available in real-time and capable of contributing to a meaningful change. That has not, however, allayed fears and apprehensions of wrongdoing with the data.
The Ethics Aspect
There is no doubt that the data is a goldmine for corporations, governments and cyber criminals. And the goldmine is only going to get bigger. But, are these interested groups even entitled to access the data that people are sharing unsuspectingly over the Internet? For example, hospitals receive massive amounts of data on different types of illnesses from different connected devices. Though the hospitals may use these data for treating patients, can the doctors use these data for medical publications, even without attributing the data? This raises the question of data ownership, and it is a complicated issue.
Even if your data is accessed and used, is there a legal guarantee that your privacy and security will not be compromised? There is probably no legal framework that gives the terms and conditions of using data scoured from the Internet. And it is extremely difficult for a legal framework to match activities that are evolving at such a scorching pace. There are varying interpretations of what constitutes acceptable use of data, and that only creates confusion.
According to a reputed daily in the UK, through 2016, 25 percent of the organizations will experience loss of reputation because of poor handling of information trust matters and 20 percent of the chief information officers will lose their jobs for failing to handle information governance well.
However, it may not always be a straightforward task to establish that you own your personal data. For example, when a hospital treats a patient with a complicated illness, a lot of data is generated which can help in future treatment of similar conditions. Now, the patient cannot claim the sole right to the information because the hospital also has invested its resources in generating the information. However, that does not mean that organizations do not collect personal data without authorization. Some years ago, the iPhone and 3G iPad recorded the locations of the devices in a hidden file. The owners of these devices did not know that their locations were being recorded.
The medical sector could be extremely vulnerable to the scourge of data misuse. Patients in the US have been subjected to growing disregard of their confidentiality. The UK's National Health System, it is alleged, has been extremely callous about patients’ right to confidentiality. For example, a 68-year-old man was declined accommodation in a care home because his medical records, which stated that he was a gay, were leaked to social services.
Given the lucrative proposition that is the data generated by IoT devices, complete prevention of data misuse is probably not possible. Also, the data is not always intentionally misused. Multinational corporations, hospitals and governments are still trying to strike a balance between using personal data and not compromising privacy and security. And to put things back into perspective, data from the devices can bring a lot of benefits. But how do the stakeholders strike a balance? To start with, the following steps may help:
- The governments of all nations need to provide a common regulatory framework for big data. The framework should clearly spell out the do's and don’ts of handling big data. It should specify what constitutes an acceptable form of customer data use. It should specify the areas where the customer data could be used. The framework should be applicable and binding on all stakeholders and there should be legal actions specified in the event of violation. This will help remove confusion and ambiguity.
- Corporations need to take more responsibility for preserving consumer data. In this regard, steps taken by Retention Science, a Santa Monica-based analytics company may be worth emulating. Retention Science insists that all of its data scientists sign confidentiality agreements to not use consumer data anywhere outside Retention Science. Additionally, it works only with those business firms that obtain prior consent from clients before using their data.
- Companies may categorically state the types of data they are collecting from their consumers. Bluekai, a California-based company that offers a data management platform for publishers and marketers, has launched an online portal that allows consumers to find out the type of information Bluekai and its partners have been collecting from consumers in the form of cookies. Bluekai wants to be absolutely transparent regarding its data collection policies. Acxiom, a marketing technology company, also launched an initiative similar to Bluekai.
- Data collection policies need to be written in a language that is easily understood by consumers. Vaguely worded policies of technology giants like Google and Facebook have received severe flak in the past. In fact, some policies have been subjected to probes by the Federal Trade Commission.