internet of things software sig
DESCRIPTION
TRANSCRIPT
© GSMA 2013
Pat Walshe, Cambridge Wireless Software SIG,
14 November 2013
The Challenge of ‘Things’ and Consumer
Privacy: Building Trust in an Age of complexity
Restricted - Confidential Information
© GSM Association 2013
All GSMA meetings are conducted in full compliance with the
GSMA’s anti-trust compliance policy
© GSMA 2013
GSMA By The Numbers
© GSMA 2013
Rethinking privacy in a hyper-connected mobile world
© GSMA 2013
GSMA Research: privacy and trust matters
www.gsma.com/mobileprivacy
© GSMA 2013
First IoT enforcement? Importance of designing for privacy, security and trust
© GSMA 2013
European Commission: Trust is key
Neelie Kroes Vice-President of the European Commission responsible for the Digital Agenda
We cannot have a policy or create the impression that the Internetof Things would create a an Orwellian world …. Our goal, and ourcommitment, should be to create a vision that focuses on providingreal value for people ……
…. we cannot innovate in a bubble if citizens are not comingalong for the journey. So we need an ethical and legal frameworkthat enjoys broad support …
Technology and service developers should actively embrace this as a corner stone of the Internet of Things. This is your future market and your future customers need to be able to trust it.
http://ec.europa.eu/information_society/newsroom/cf/itemlongdetail.cfm?item_id=7008
“
”
© GSMA 2013
Privacy (and security): enablers of trust
© GSMA 2013
Change: it’s happening fast
© GSMA 2013
Consumer IoT experience: contextualising privacy
iBeacons: Bluetooth low energy indoor location tracking, targeting, check-in
http://estimote.com
© GSMA 2013
IoT increased scale & complexity challenges privacy & security
Some key characteristics:
� globally distributed, hyper-connected and ubiquitous networks and devices
� architectured for collection and sharing of data by default
� devices and users are broadcasters of data by default
� sensor enabled environments (and sensor driven decision making)
� automated multiparty data sharing across borders in real time
� new data categories
� behaviourally rich and contextualised data
� increase use of predictive analytics
� fragmented standards and approaches to privacy
� poor privacy and security user experiences
� from little to BIG data
© GSMA 2013
Time for change: Towards Usable Privacy & Security
© GSMA 2013
Challenges of law in IoT: designing for usable privacy & security
� definitions of what is and what is not ‘personal data’
� transparency
� notice
� consent
� data minimisation
� purposes limitation
� security
� right to know
� right to delete
� right to obtain a copy
� restrictions on cross border flows of data
© GSMA 2013
Towards Usable Privacy and Security – designing for trustworthiness
Signalling trustworthiness by
� communicating the intent behind the IoT device/service (data uses, m2m use, value)
� simplifying and making intuitive the user experience
– contextualised notice and choice mechanisms
– dashboards - transparency and permissioning over data and security
– adopting industry Codes and/or Privacy/Security Seals
� ensuring security of devices, connections, services and data
– identity and authentication
– integrity and availability of service/data
– interoperable standards
� Responsible data use
� Use of privacy enhancing approaches to data analytics – anonymity an unlinkability
� Adopting accountability framework
© GSMA 2013
Draft EU Data Protection Regulation: Coding for law -assisting usability and trust?
� Article 13(a) Standardised information
policies to provide notice:
� (a) whether personal data are collected beyond
the minimum necessary for each specific
purpose of the processing;
� (b) whether personal data are retained beyond
the minimum necessary for each specific
purpose of the processing;
� (c) whether personal data are processed for
purposes other than the purposes for which
they were collected;
� (d) whether personal data are disseminated to
commercial third parties; e) whether personal
data are sold or rented out;
� (f) whether personal data are retained in
encrypted form.
http://www.janalbrecht.eu/fileadmin/material/Dokumente/DPR-Regulation-inofficial-consolidated-LIBE.pdf
© GSMA 2013
GSMA: Mobile Privacy Principles
1. Openness, Transparency and Notice
2. Purpose & Use
3. User Choice and Control
4. Data Minimisation and Retention
5. Respect User Rights
6. Security
6. Education
7. Children & Adolescents
8. Accountability and Enforcement
© GSMA 2013
Privacy Design Guidelines for app development
• Express principles in functional terms
• Provide Best Practice for Apps
• Illustrative examples and use cases
• Foster a ‘privacy by design’ approach
• Include modules on:
• Location
• Mobile advertising
• Children
• Social networking
16
© GSMA 2013
Accountability in practice – leading the way
17
© GSMA 2013
Thank you
Pat Walshe
pwalshe [at] gsma [dot] com
www.gsma.com/mobileprivacy