Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
Nov. 19 --Principles such as privacy by design should be adapted to the emerging world of Internet-connected appliances and other devices, given the potential for a new explosion of consumer data collection in coming years, Federal Trade Commission Chairwoman Edith Ramirez said Nov. 19.
While offering vast benefits for consumers, the Internet of things presents “undeniable” privacy risks, Ramirez said at a commission workshop on the issue.
“With really big data comes really big responsibility,” Ramirez said. “It's up to the companies who take part in this ecosystem to embrace their role as stewards of the consumer data they collect and use.”
The Internet of things refers to the ability of everyday devices, such as home appliances, to be connected to the Internet. Such “smart” devices have the potential to help consumers with everything from reducing monthly utility bills to keeping track of when it is time to replace refrigerator items, Ramirez said. However, she added, such devices also may be capable of collecting, transmitting and compiling sensitive information about consumers, raising privacy concerns.
Ramirez said that companies in this area should adhere to three core principles espoused by the FTC: building privacy features into new products at the outset--a concept known as privacy by design (see related report); being transparent with consumers about what information devices are collecting and how it is being used or shared; and giving consumers control over their data.
Adapting such principles to the Internet of things could prove challenging in some cases, Ramirez said. She wondered, for example, how realistic it would be to provide consumers with “just-in-time” notice and choice if there is no user interface.
Dan Caprio, a senior consultant for McKenna Long & Aldridge LLP, told Bloomberg BNA Nov. 19 that the Internet of things presents privacy protection questions that are brand new to the FTC.
“We're talking about sensor-based networks, where there's no clear and obvious consumer interface,” he said. “The existing privacy principles still apply, but we have to rethink their application.”
One principle that is sure to be applied to connected devices is data security, according to Caprio.
“Security is a big issue, because the attack vector increases dramatically with the Internet of things,” he said.
Ramirez cited a recent case as a warning to companies that fail to pay attention to data security in the context of the Internet of things.
“Any device connected to the Internet is potentially vulnerable to hijack, and companies need to build security into their products--no exceptions,” she said.
In September, the FTC announced what it characterized as the commission's first Internet of things enforcement action. TRENDnet Inc., which markets video cameras designed to allow consumers to monitor their homes remotely, settled commission charges that the company's lax security practices exposed the private lives of hundreds of individuals to public viewing on the Internet (12 PVLR 1532, 9/9/13).
The commission relied on its authority under Section 5 of the FTC Act, which prohibits “unfair and deceptive” trade practices.
Companies whose data security practices were challenged by the FTC under the unfairness prong of Section 5 have been pushing back, bringing the commission's data security enforcement powers under scrutiny.
Hotelier Wyndham Worldwide Corp. is seeking dismissal of the FTC's lawsuit alleging that its security practices failed to prevent a series of customer data breaches (12 PVLR 1465, 9/2/13). After oral arguments on the motion, the court refused the company's request to stay discovery (12 PVLR 1946, 11/18/13).
Cancer-detection services company LabMD Inc. recently filed a complaint asking a federal court to enjoin the FTC from using the unfairness prong in a data security administrative action against the company.
To contact the reporter on this story: Alexei Alexis in Washington at firstname.lastname@example.org
To contact the editor responsible for this story: Heather Rothman at email@example.com
Further information on the FTC workshop, including links to written submissions and an archived webcast of the hearing, is available at http://www.ftc.gov/bcp/workshops/internet-of-things/.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)