The Internet of Things: A Powerful Tool to be Handled with Care
How can we not love our Smart TVs? They recommend shows that match our interests, record our favourite series, and let us access tons of apps – TV, music, games, and more!
But if you are the happy owner of a Vizio Smart TV, I have some bad news for you. Without your knowledge or consent, your TV’s been spying on you!
Accused in the United States by the Federal Trade Commission (FTC) of using private data to find out the details of users’ consumer habits without their consent and selling them to interested parties, Vizio was forced to pay a $2.2 million fine to the FTC to settle the case.
Or how about the story of a brand of smart dolls? The English children’s toy manufacturer, Vivid, put a connected doll on the market which, it was later discovered, had a security flaw that allowed clever hackers to spy on children and parents. Already in the hands of thousands of European children, Germany banned the sale of the doll in its territory, describing the incident as one of the most important privacy violations the country had ever seen.
These are the realities businesses and consumers face these days, and often without realizing it, in a world of increasingly connected objects.
The Internet of Things Demystified
Not too long ago, the internet was essentially made up of a vast network of computers. Only recently has it become something more – a massive network of gadgets and devices of all kinds. In contrast to a couple of years back, these days, the majority of “objects” we purchase are “intelligent” – running bands, light bulbs, speakers, TVs, cars, refrigerators, and even toys and dolls. Pretty much everything is now connected to the internet, and this is what’s been dubbed the “Internet of Things”.
Day by day, increasingly more items are being created with the ability to receive, transmit, and store more and more data in order to connect people around the world, offer them better better services, and help them live better lives.
Based on the most recent forecasts, the Internet of Things is expected to connect between 20 and 50 billion objects by 2020. For companies that want to innovate, compete, and conquer new markets, the possibilities are endless. In the beginning, it was just smartphones. Now, create a smart object that offers better value to your consumer in a tech-loving world and you can not only charge a premium, but also attract masses of customers world-wide.
But going all-out without considering the legal and security risks could land you in hot water.
When so many objects are internet-capable, connected to networks that link everything from your smartphone and your children’s toys, and amassing large quantities of personal data, is that data secure? And what about when your car and your security system are connected? Are they secure or open to attack?
That’s precisely the problem. With everything connected, very little is secure. And when the objects you produce collect, store, and use personal data, are you on the right side of the law?
Your Rights and the Law
According to Canada’s federal privacy laws, all businesses that “collect, use or disclose personal information… must obtain the consent of the individual”. Collecting, transmitting, storing, and using consumer data without consent can lead to some very serious consequences.
Many cases of piracy in Canada and the United States have resulted in lawsuits and class actions that have damaged the reputation of brands and have cost millions of dollars. The legal fees, and costs for settlements and increased staffing to handle the crisis add up. In some cases, personal lawsuits have been brought against executives who failed to take the necessary steps to protect the data. In addition to federal and provincial laws, a company that has been the victim of piracy may find itself in breach of its contractual obligations to its payment processor, as was the case with the Aldo Group and MasterCard/Moneris (we further explore piracy and how to safeguard your legal bases in this article).
In the event of a cybersecurity breach, the Digital Privacy Act requires you to “notify the Office of the Privacy Commissioner… to notify the parties concerned…” and “to keep a record of all breaches”, failing which you’ll be subject to fines of up to $100,000.
But that’s not all! In a world where massive amounts of data about our personal lives flow in all directions, we still have a fundamental right to privacy guaranteed by the Canadian Charter of Rights and Freedoms, which, under section 7, guarantees the right to life, liberty and security of the person and the right to protection from unreasonable search and seizure under section 8.
So, in a unified world where each device can communicate with every other, each of us should have the right and the ability to hit the pause button at any time.
We are being plunged into the matrix, surrounded with devices, screens, applications, and dashboards. The major result? Levels of comfort and convenience, and possibilities never before seen in human history. However, although we’re dazzled by these possibilities and the abilities they bring, each of us must be able to take the red pill at any time and escape the matrix at will.