Finding a New Paradigm – Consent and Choice for the IOT

At the IoT Privacy Summit on June 17th a panel of four data privacy experts discussed, “Finding a New Paradigm – Consent and Choice for IoT.” The panel consisted of Marc Loewenthal, Director, Promontory Financial Group LLC; Emilio Cividanes, Partner, Venable LLP; Debra Farber, Senior Privacy Consultant & Product Manager, TRUSTe; and Erin Kenneally, Founder & CEO Elchemy, Inc., University of California at San Diego.


Old world technologies such as corporate telephone systems give clear notice that your conversation may be recorded. Callers can act on that information by hanging up or proceeding with the call thereby giving an implied consent to the possible recording of the conversation. The main consideration when providing consumer notice is that it is conspicuous and prior in time to the collection/use of data. A good example in mobile is Geo-location notice. Consumers see a pop-up notice that they can act upon that requests access to their location information and they can deny such access.

In the IOT it is fundamental to understand the nature of the information and the links between all of the entities that have legitimate interest in that data. One panelist felt that a consumer may not have to know every piece of data that is being collected and shared, but does have a right to have their data used in a way consistent with their expectations. Some saw notice in the IOT context evolving into a set of obvious symbols inferring what is happening with the data, which is in line with the proposed EU General Data Privacy Regulation (GDPR).


Can Self-Regulation Meet Privacy Challenges of IoT?

By Matthew E.S. Coleman, JD, CIPP/US, Enterprise Privacy Solutions Manager at TRUSTe

Regulators are struggling. They are struggling to find a paradigm to protect consumer privacy in the face of rapid technological change. This sentiment kicked off a panel titled, “Can Self-Regulation Meet Privacy Challenges of IoT?” at TRUSTe’s Internet of Things (IoT) Privacy Summit in Menlo Park, CA on Wednesday. The panel, moderated by Nancy Libin, former Chief Privacy Officer of the Department of Justice, contained a diverse array of privacy professionals from private, public, and, non-profit backgrounds. Panelists included Alex Reynolds, Director and Regulatory Counsel, Consumer Electronics Association; Justin Brookman, Director of Consumer Privacy, Center for Democracy & Technology; Hilary Cain, Director of Technology & Innovation Policy, Toyota Motor North America, Inc.; and Nithan Sannappa, Senior Attorney, Federal Trade Commission.

The panelists largely focused on the recommendations presented in the Federal Trade Commission’s January 2015 report titled, “Internet of Things: Privacy and Security in a Connected World.” There are three main principles from the report touted as a workable privacy standard for IoT device manufacturers: 1) Security; 2) Data Minimization; and 3) Notice and Choice.

The FTC has historically enforced reasonable security as a part of its unfair practices purview. In the context of IoT devices, what is deemed reasonable is largely based on context. What types of information is the device collecting? Is it sensitive personal information (e.g., geolocation, protected health information, etc.)? What quantity of data is collected? The higher the risk profile associated with the data collected then the stronger the protections required on a device.


2015 IoT Privacy Summit Recap [PICS]


Here’s an interesting thought: If you buy a home 10, 20 or 30 years from now and the home contains a smart fridge and other smart appliances — who will own that data? The buyer or the seller?

This is just one of the many thought-provoking scenarios shared at this year’s IoT Privacy Summit.


The day began at 9 a.m. with one opening session in a large room at the beautiful Rosewood Hotel on Sand Hill Road in Menlo Park. Then, for most of the day, the room was separated into two rooms where numerous sessions and panels on a wide variety of hot IoT topics took place. Panelist covered topics including smart cars and privacy considerations for the future; smart homes and how to prevent ‘bandits’ from accessing that information; how privacy leaders can prepare for the next wave of IoT innovations through best practices, as well as the issues the latest IoT inventions might create.


IoT Summit Session: ‘Protecting Your Home from IoT Bandits’

Leading up to the second annual IoT Privacy Summit on June 17th we’ll be featuring a series of blog posts about the panels and speakers at the upcoming event.

smart house automation

It’s finally here! The 2nd Annual IoT Privacy Summit 2015 is this Wednesday in Silicon Valley. We look forward to all the interesting and timely IoT topics that’ll be discussed in the numerous panels, as well as meeting a wide variety of people working in privacy in some capacity.

During the past couple weeks we’ve been sharing some details about the panels attendees at the Summit will have the opportunity to hear. We’ve been very fortunate to get numerous experts in various IoT topics to speak at the Summit. One panel titled, “Protecting Your Home from IoT Bandits” will cover the benefits and many challenges of keeping personal data protected as homes become ‘smarter.’

The panel will take place from 1-1:45 p.m. Speakers include Michael Kaiser, Chief Executive, NCSA; Jeff Hagins, CTO & Co-Founder, SmartThings; Jim Hunter, Chief Scientist and Technology Evangelist, Greenwave Systems; Alex Danoyan, VP of Platform, Control4; and Kraig L. Marini Baker, Partner, Davis Wright Tremaine.

Leading up to the Summit we’ve been sharing details about individual sessions on our blog. You can read more about them here:

Tickets for this event are sold out, however you can tune-in via live stream. Click here to register.


Connected Cars and Privacy: The Automobile Industry’s Push for Self-Regulation

Leading up to the second annual IoT Privacy Summit on June 17th we’ll be featuring a series of blog posts about the panels and speakers at the upcoming event.

Pushing on a touch screen interface navigation system in interior of modern car

At the upcoming IoT Privacy Summit 2015 on June 17th, one of the many panels will focus on privacy self-regulation in the automotive industry – a topic that’s received a lot of press ever since the connected car concept was introduced.

The panel titled, “How the Automobile Industry Took the Lead in Industry Self–Regulation” at 10:45 a.m. will cover the rapid evolution of privacy best practices in the automotive industry, and how those best practices will protect consumers and companies. Speakers include: Tim Tobin, Partner, Hogan Lovells; Jill Phillips, Chief Privacy Officer, General Motors; Joe Jerome, Policy Counsel, Future of Privacy Forum.

Lawmakers and industry experts have taken an interest in how automotive companies will protect the privacy of drivers as connected cars are introduced to the market. Clearly, the automotive industry is paying attention and last year launched the first self-regulatory principles for the Internet of Things. Join this session to hear from the key people involved in developing these principles and find out what they see as the next steps for the industry.

Read Also: Health Privacy in a Connected World – Beneficial or a Privacy Violation?

With more than 40 speakers and 12 sessions, the 2nd Annual IoT Privacy Summit 2015 is expected to be the premier event for anyone working in IoT and privacy-related fields. To register for the IoT Privacy Summit 2015, click here.