The Internet of Things Is Here. And Privacy Has Some Catching Up to Do
Who bears responsibility for privacy in a world where there are fewer screens and more voice-activation?
March 21, 2019 at 11:57 AM
5 minute read
The following Q&A is an excerpt from Law.com's What's Next briefing, a weekly newsletter on the future of law. Click here to learn more.
Regulators are nibbling. Privacy advocates are wary. And meanwhile consumers are being presented with an ever-widening array of internet connected gadgets that promise to simplify daily life. (A voice-activated mirror? An egg tray that notifies youwhen you're running low? Seriously!)
For this week's Q&A, we catch up with Jennifer King, director of consumer privacy at Stanford Law School's Center for Internet and Society, and ask what has her attention when it comes to the Internet of Things. One issue she's watching is who bears responsibility for privacy in a world where there are fewer screens and more voice-activation.
➤ Do you have a smart home device or other internet connected devices in your home?
I do not, on purpose. I have been testing smart speakers for research purposes but I do not use them in my normal life. I have one IoT device which is a picture frame that I can connect to the internet, but I don't let it connect.
➤ What is the biggest concern you have with IoT as it relates to consumer privacy? The notion that consumer defaults are set for maximum information collection. People have information collected about them that they're not aware of and that they can't control at all, and that it happens without much visibility. The smart TV case where the FTC settled charges with Vizio, that's a really good example. Here's an object that most of us are completely familiar with. We have all these expectations around what a TV is supposed to do and how it's supposed to operate. And suddenly it's made into a smart TV and the FTC argued that Vizio provided pretty poor notice to consumers that literally the TV was tracking everything that people watched. That was not done in a way that I think most people understood or would have been happy about.
You should, at the very least, be able to turn that functionality off. This is not a free subscription service where the implicit or explicit trade-off is that you're paying with your data. This is an actual physical object that you purchased, so you should arguably have some control over it.
➤ Is there something that's different about engaging with a physical object versus a website that impacts the privacy calculation? One of the things that I find very fascinating about IoT is that you don't have an interface, meaning there's no screen, for the most part, to interact with, to configure, to present a privacy policy, or to help the user configure their privacy setting. Today, when we do have IoT technology, even something like an Amazon Echo or Google Home device, we are still using apps to configure those things. But we're interacting with them using our voice. That's just a whole game changer. As it is, we do a pretty poor job trying to communicate privacy through interfaces, but once we get rid of the visual interface, the challenges become even more daunting.
A lot of what we'll have to do right depends on how we design these different products, so privacy by design becomes a really important concept. The M.O. that we've had for a long time of just get the product launched and then “Oh, does it have privacy issues? We'll go back later and fix those.” You're not going to be able to do that with IoT. And it's not just a legal compliance issue, it's a huge customer trust issue. Companies ignore that at their peril.
I think we are dragging the industry kicking and screaming into a world of more forethought and privacy by design rather than privacy after the fact, but I'd say we're still in the transition phase. To the extent that your business model relies on customers not reading notices and not understanding what they're doing, I think that is shifting and will change.
➤ What will we be talking about next year in the area of IoT? The public conversation is so dominated by AI that it's going to squeeze all the oxygen out of the room for other issues. IoT is kind of the sleeper in that case. It hasn't become any less important. It's just that a lot of the current hand-wringing and focus has been on AI and to some degree robotics and automation, while at the same time no one has stopped making these devices, and they're going to become more popular and more pervasive.
One of the things I haven't seen discussed is how the GDPR has affected the IoT market. … I am wondering if we are in a waiting period where we're trying to see how the different member states enforce the GDPR and its opt-in provisions, for example. There have been lots of consumer complaints in general. When we finally see decisions coming out of the EU, it will be interesting to see if that will be a game changer.
READ MORE:
What's Next for Digital Privacy? New Clashes Over the Fourth Amendment
➤ We hope you enjoyed this excerpt from What's Next. View the briefing archive.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllRead the Document: 'Google Must Divest Chrome,' DOJ Says, Proposing Remedies in Search Monopoly Case
3 minute readOpenAI, NYTimes Counsel Quarrel Over Erased OpenAI Training Data
Meta Seeks Declaratory Judgment in VR Eyewear Tech Patent Infringement Case
Porsche's Venture Capital Arm Adds General Counsel From Clifford Chance
Trending Stories
- 1Gibson Dunn Sued By Crypto Client After Lateral Hire Causes Conflict of Interest
- 2Trump's Solicitor General Expected to 'Flip' Prelogar's Positions at Supreme Court
- 3Pharmacy Lawyers See Promise in NY Regulator's Curbs on PBM Industry
- 4Outgoing USPTO Director Kathi Vidal: ‘We All Want the Country to Be in a Better Place’
- 5Supreme Court Will Review Constitutionality Of FCC's Universal Service Fund
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250