Data Privacy Playbook For Wearables And IoT - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile // Mobile Devices
11:06 AM
Scott Amyx
Scott Amyx

Data Privacy Playbook For Wearables And IoT

Wearables and the Internet of Things raise significant consumer privacy issues that you need to prepare for now. We outline the key concerns with a primer on how to get your organization ready.

Apple CEO Tim Cook's recent defense of privacy and encryption highlights an issue of paramount important to today's IT leaders: Data privacy. IT leaders may debate the scope of their involvement with security and privacy issues, as they did at the recent MIT Sloan CIO Symposium. But data privacy, a perennial problem, has become critical for every organization as we fit every one of our things for network connectivity.

Though wearables and the Internet of Things (IoT) share similar privacy concerns to that of mobile devices, the nature of continuous, on-the-body, or ubiquitous environmental sensing amplifies the privacy issues. Ambient computing, or an ecosystem of wearables and IoT on or near a user, has the ability to acquire intelligence about a user and his or her surroundings by sensing, processing, and communicating data to infer the user's context, external stimuli, behavior, and intent.

This article highlights the specific privacy concerns related to wearables and IoT, and gives you best practices for consumer privacy protection.

[This is not a test. See IoT Market Will Grow 19 Percent in 2015, IDC Predicts.]

According to Motti and Caine's study, "Users' Privacy Concerns About Wearables: Impact of Form Factor, Sensors, and Type of Data Collected," the privacy concerns about wearables are similar, but in some cases more specific, than privacy concerns about mobile devices. It also shows that users are aware of the potential privacy implications, particularly during data collection and sharing. Users' privacy concerns are related to the ability of the wearable device to sense, collect, and store data that are often private, personal, or sensitive, and then share these data with unknown or unethical parties.

The study specifically highlights the following privacy concerns:

Social implications and the lack of awareness of the impact on the privacy of others: Devices may not only record a user's activity, but also record the activities of those around the user.

"Right to forget": Users fear that when certain data are combined, they could have serious personal implications; users therefore want the data collected -- with or without user consent or awareness -- to be deleted.

Implications of location disclosure: Users are concerned that their GPS location may be made available to malicious parties and criminals.

Discrete display of confidential information: Confidential information displayed on smart watches may be viewable to other parties nearby.

Lack of access control: Users fear that organizations and the government may use their personal data without their awareness or consent.

Surveillance and sousveillance: Users fear continuous surveillance and sousveillance, not only as a matter of personal privacy, but also in light of the potential for criminal abuse.

Privacy concerns for head-mounted devices: Users are concerned that head-mounted display (HMD) computers with cameras and microphones may impact their privacy and the privacy of others.

Speech disclosure: Users express concerns about their speech being overheard or recorded by others.

Surreptitious audio and video recording: Users are concerned that wearables with camera and audio input may record them discreetly without their knowledge.

Facial recognition: Users are concerned that systems may recognize and identify them individually.

Automatic synchronization with social media: Some users do not like the idea of their devices immediately synchronizing with social media applications and sharing their data without being able to control this sharing.

Visual occlusion: Head-mounted displays that cover the user's field of view disrupt the user's ability to interact privately because vision is blocked.

(Image: Mike via Flickr)

(Image: Mike via Flickr)

According to PwC's report "Consumer Intelligence Series: The Wearable Technology Future," 82% of respondents in the survey indicated that they are worried that wearable technology would invade their privacy. Eighty-six percent expressed concern that wearables would make them more prone to security breaches.

Pew Research Center study "Americans' Privacy Perceptions and Behaviors" found that consumers lack confidence in their control over their personal information. Moreover, they are concerned about surveillance by companies and the government. Nintey-one percent agree or strongly agree that consumers have lost control over how personal information is collected and used by companies. Eighty-eight percent believe that it would be difficult to remove inaccurate information about them online. Eighty percent of those who use social networking sites say they are concerned about third parties accessing their data.

Though consumers indicate that they are concerned with privacy, many do little about it. They are passive about proprietary service providers (such as Google) amassing personal data for advertising purposes. There are a number of underlying issues causing this disconnect. Often, the company's privacy policy is not well understood. There is also the misperception of risk: Users psychologically discount the potential dangers associated with the control of their data. Some consumers are willing to choose usability, ease of use, and cost (in many cases, free) over privacy and security. Companies need to help consumers make informed decisions that weigh the benefits against the potential risks.

On the legislative front, Congress and some federal agencies are investigating the practices of third-party consumer data collectors. The FTC has recommended that Congress pass a law giving consumers the right to have access to their personal data compiled by data brokers. Regulators may require data resellers to periodically provide consumers with free data reports.

The panel discussion Data Privacy Trends 2015, facilitated by the Churchill Club, takes a serious look at user concerns about privacy.

Scott Amyx is the founder and CEO of Amyx+McKinsey, a wearables strategy agency specializing in smart wearables strategy and development. He writes for InformationWeek,, IEEE Consumer Electronics Magazine, andIEEE Technology and Society Magazine, and he ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 6
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
6/10/2015 | 1:51:43 PM
Re: Decisions
At the end of the day, all of this depends on a manufacturer actually doing what they say they'll do in regards to the data that's available. Like it or not, the data is available from these devices. There is nothing technical available to stop data from being used. We have to put some level of trust in the manufacturers, vendors, and whoever else has access to the data. There are legal recourse options, but that takes time to work through the courts and with regulatory agencies.

As always, privacy is a "buyer beware" proposition. Consumers have to know what is being shared so they can make an informed decision about whether to participate and about whether the vendor can be trusted.
User Rank: Ninja
6/8/2015 | 3:20:45 PM
Re: Decisions
I think it is also is because a lot of users inherently trust the manufacturers, and assume that the only data being collected will be used for specific app-related tasks.  When it comes to privacy, many users are simply overwhelmed trying to understand all the implications, so often it's just easier to click "accept" than to really question the implications or try to understand if there are any opt-out opportunities for certain data types. 

It's only going to get worse, and sadly I don't think education is really going to help since many folks simply don't want to know, or don't care enough until there is a breach that affects them directly or unless told by a friend/trusted advisor that "yeah, you should really reconsider using this because of the privacy implications".
User Rank: Ninja
6/8/2015 | 1:44:18 PM
I'm not even sure informed decisions are enough to help consumers protect their privacy. Most people don't have the element of control to be able to make those decisions. That's because many privacy options are not easy for people to configure. I think if they were, there would be a good number of the privacy-concerned making those settings changes. 
What Becomes of CFOs During Digital Transformation?
Joao-Pierre S. Ruth, Senior Writer,  2/4/2020
Fighting the Coronavirus with Analytics and GIS
Jessica Davis, Senior Editor, Enterprise Apps,  2/3/2020
IT Careers: 10 Job Skills in High Demand This Year
Cynthia Harvey, Freelance Journalist, InformationWeek,  2/3/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll