I stumbled upon an article today from a lawyer about the amount of data that Smart TVs are collecting and the consequences it may have on privacy rights. The article (link at the bottom of the post) is from Michael Price who works on a program “which seeks to ensure that our government respects human rights and fundamental freedoms in conducting the fight against terrorism” according to their own word. It points out the staggering amount of data the TV tracks. This includes your conversations, even though you may not be watching TV, face recognition, browsing behaviors, etc, etc.. He raises good points. What is the right balance between needed data to provide better service and privacy? How should we behave in the new world “monitored” world of IoT? How ethical do we want to be?
Let’s start off by saying that I am a big supporter of relevant and targeted advertising. People complain sometimes that google tracks everything to serve you ads and all. But honestly, I don’t mind. The more relevant the better. If the ads presented drive me to better choices, better buys, or an overall better experience I’m all for it. That also means that too many ads is not good. Relevance is temporal and visual as well. I’m a believer that companies using your behavioral informations, searches, history, and any other information well, will win versus those that go rogue.
That said, I also believe that as we collectively build IoT solutions, we need to act responsibly and with high ethical standards. Responsibly because we have to realize that by adding sensors everywhere and tracking everything we are opening the door to potential hacks, security intrusions and breach in our users privacy. The law cannot do it all for us, it is our own standards and ethic that will transform the world.
When we build products in the IoT space we should always keep in mind certain guidelines:
Transparency to the users: Having a 40 pages ToS all written in legal terms is not being transparent. It’s needed to have it, but do provide a quick summary or an overview of what you are tracking and why. Example: “We do analyze what movies you are watching in order to make better recommendation of other movies you may like,. This analysis is done by complex algorithms and models, not humans. We don’t spy on what you watch!”. Of course, not everything needs to be in those summaries, but the big ticket items.
Ability to turn off individual tracking: In the article, Michael describe how you can turn the tracking features but you loose all smart features of the TV. This is not being respectful of your users. You need to allow users to turn off tracking features as granularly as possible without falling into excess. The best way to do this is to let the user know the consequences of turning each one off. Example: “You can turn off the analysis of the movies you watch, but then the recommended movies list will be based on other people’s taste and will not be relevant to you.”
Give the ability to delete past identifiable tracking data: When you go in your favorite browser, you have the ability to erase cookies and cache data from the browser. That doesn’t remove all the data google has on you on their server but the principle is the same. Users should have the ability (should I say the right?) to ask you to remove their data. The counter argument I have heard about that is that sometime logs are aggregated, anonymized, etc. and it may not be practical to allow this. I would says that what matters is the ability to delete the link between an individual user (or household) and the data that is important. Deleting the data could be deleting any data that allows this links to happen. This way, the user’s privacy is respected but the value to the company in terms of big data analytics and ability to improve their overall business is also preserved.
Double down on security: Yes, you can be the most ethical business on earth and be very proud of how you handle the privacy of your users, etc.. but you can be hacked, and your users’ data may be exposed. Take security seriously. Very seriously. Do it for your users, not only for yourself.
Make it part of your company culture: Ethics in IoT should be part of the company culture. Nurture it, make it a value for your employee, talk about it. It will pay in the long run. Trust should be your #1 value.
I would like to propose a pledge that companies could make that will say that they follow those guidelines. I hope I am not the only one to make it, IoT should be for a better world, not Robocop..
As promised here is the article I stumbled upon: http://www.brennancenter.org/analysis/im-terrified-my-new-tv-why-im-scared-turn-thing