Internet of Things Software SIG


Published on

Published in: Technology, News & Politics
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Internet of Things Software SIG

  1. 1. The Challenge of ‘Things’ and Consumer Privacy: Building Trust in an Age of complexity Pat Walshe, Cambridge Wireless Software SIG, 14 November 2013 © GSMA 2013 Restricted - Confidential Information © GSM Association 2013 All GSMA meetings are conducted in full compliance with the GSMA’s anti-trust compliance policy
  2. 2. GSMA By The Numbers © GSMA 2013
  3. 3. Rethinking privacy in a hyper-connected mobile world © GSMA 2013
  4. 4. GSMA Research: privacy and trust matters © GSMA 2013
  5. 5. First IoT enforcement? Importance of designing for privacy, security and trust © GSMA 2013
  6. 6. European Commission: Trust is key “ We cannot have a policy or create the impression that the Internet of Things would create a an Orwellian world …. Our goal, and our commitment, should be to create a vision that focuses on providing real value for people …… …. we cannot innovate in a bubble if citizens are not coming along for the journey. So we need an ethical and legal framework that enjoys broad support … Technology and service developers should actively embrace this as a corner stone of the Internet of Things. This is your future market and your future customers need to be able to trust it. ” Neelie Kroes Vice-President of the European Commission responsible for the Digital Agenda © GSMA 2013
  7. 7. Privacy (and security): enablers of trust © GSMA 2013
  8. 8. Change: it’s happening fast © GSMA 2013
  9. 9. Consumer IoT experience: contextualising privacy iBeacons: Bluetooth low energy indoor location tracking, targeting, check-in © GSMA 2013
  10. 10. IoT increased scale & complexity challenges privacy & security Some key characteristics: globally distributed, hyper-connected and ubiquitous networks and devices architectured for collection and sharing of data by default devices and users are broadcasters of data by default sensor enabled environments (and sensor driven decision making) automated multiparty data sharing across borders in real time new data categories behaviourally rich and contextualised data increase use of predictive analytics fragmented standards and approaches to privacy poor privacy and security user experiences from little to BIG data © GSMA 2013
  11. 11. Time for change: Towards Usable Privacy & Security © GSMA 2013
  12. 12. Challenges of law in IoT: designing for usable privacy & security definitions of what is and what is not ‘personal data’ transparency notice consent data minimisation purposes limitation security right to know right to delete right to obtain a copy restrictions on cross border flows of data © GSMA 2013
  13. 13. Towards Usable Privacy and Security – designing for trustworthiness Signalling trustworthiness by communicating the intent behind the IoT device/service (data uses, m2m use, value) simplifying and making intuitive the user experience – contextualised notice and choice mechanisms – dashboards - transparency and permissioning over data and security – adopting industry Codes and/or Privacy/Security Seals ensuring security of devices, connections, services and data – identity and authentication – integrity and availability of service/data – interoperable standards Responsible data use Use of privacy enhancing approaches to data analytics – anonymity an unlinkability Adopting accountability framework © GSMA 2013
  14. 14. Draft EU Data Protection Regulation: Coding for law assisting usability and trust? Article 13(a) Standardised information policies to provide notice: (a) whether personal data are collected beyond the minimum necessary for each specific purpose of the processing; (b) whether personal data are retained beyond the minimum necessary for each specific purpose of the processing; (c) whether personal data are processed for purposes other than the purposes for which they were collected; (d) whether personal data are disseminated to commercial third parties; e) whether personal data are sold or rented out; (f) whether personal data are retained in encrypted form. © GSMA 2013
  15. 15. GSMA: Mobile Privacy Principles 1. Openness, Transparency and Notice 2. Purpose & Use 3. User Choice and Control 4. Data Minimisation and Retention 5. Respect User Rights 6. Security 6. Education 7. Children & Adolescents 8. Accountability and Enforcement © GSMA 2013
  16. 16. Privacy Design Guidelines for app development • Express principles in functional terms • Provide Best Practice for Apps • Illustrative examples and use cases • Foster a ‘privacy by design’ approach • Include modules on: • • Mobile advertising • Children • © GSMA 2013 Location Social networking 16
  17. 17. Accountability in practice – leading the way © GSMA 2013 17
  18. 18. Thank you Pat Walshe pwalshe [at] gsma [dot] com © GSMA 2013