The European Commission has launched a public consultation on the ‘Internet of Things’ (IoT) and is inviting comments until July 12, 2012. Members of the public are invited to respond to an online questionnaire.
The public is invited to submit comments on the privacy implications of the IoT, as smart objects collect data which may also reveal information about an individual, his habits, location, or interests, and this whether his identity is known, or unknown, and might be indirectly revealed by combining data from different sources. One of the questions is:
“Traditional data protection principles include fair and lawful data processing; data collection for specified, explicit, and legitimate purposes; accurate and kept up-to-date data; data retention for no longer than necessary. Do you believe that additional principles and requirements are necessary for IoT applications?”
Safety and Security
The questions are also about the safety and security issues which may be raised by IoT. Indeed, IoT objects are able to act on behalf of people and therefore need protection against false requests for information and against unauthenticated commands by using user authentication to ensure the authenticity of both the device and the data.
The public is invited to state whether they agree that “[d]ata life cycle management in the IoT infrastructure includes data creation, processing, sharing, storing, archiving, and deletion of data… [and that] [g]uidelines should be developed to ensure secure and trusted data life cycle management.”
Security of Critical IoT Supported Infrastructures
Comments may also address the security of critical IoT supported infrastructures, as there is a risk of abuse and attacks of such systems. The public may answer whether they agree that “[p]olicy makers should provide guidance on security-by-design and applicable security technologies.”
The questionnaire also addresses ethical questions. One of the questions is whether “IoT applications could change our sense and definition of personal identity.”Another question asks whether “IoT applications could interfere with individuals’ autonomy when decisions are taken by autonomous systems.”
Open Object Identifiers and Interoperability
The IoT is able to identify each connected object by its identifier, and the questionnaire states that, if there are right now some 5 billion mobile phone subscribers, there may be 50 billion connected non-phone devices in 10 years, a rather stunning figure.
Should openly accessible identifier solutions allowing for the interoperability of smart devices be authorized? The public is invited to state whether IoT identifier policy should promote business models for open interoperable platforms.
Other topics of the questionnaire include governance issues and standards for meeting policy objectives.