A Google of IoT is coming? Research, production and promotion of a Policy Advice for the impact on privacy of connected smart objects

Posted in News at 14.11.2017

The exploding world of IoT is already known as source of big problem for the privacy.

Less know is that the way IoT R&D designer are working today shapes the way these objects will move their data, and may change who has the final control on them.

It is already well known that smart objects are used as tools for gathering personal data from their quite often unaware owners. Recently developed tools for the creation of smart objects introduce today a new level of concern about the privacy of future smart objects owners.

In the last two year new companies started to offer a full packet of services to smart object producers that greatly simplifies the work needed to design the prototype of a new smart object, and then to sell the first batch of them.

Like Google services, those initial services are provided to developers almost free of charge, while subsequent ones are paid but very cheap if compared to the costs needed to build a new smart object without them, thus attracting all IoT developers except the very biggest ones (Amazon, Google and few others).

In this position the IoT framework providers, because of the services architecture they sell, act as a concentrator of all software that is essential part of a smart object, and moreover acts as a concentrator of all data exchanges that happens amongst all objects developed.

It’s worth mentioning that the failure of one of those providers will kill all objects that depend from it.

To make things simplest, it is probable that in the near future there will be one or few big player, new “Googles” of this new IoT market, that will control big chunks of the IoT, and that will move and see a vast amount of personal data.

The main goal of this proposal is to prepare an analysis of the existing IoT development frameworks, and to assess privacy risks associated with their use.

The secondary goal is to prepare a first evaluation of their privacy policies and service level agreement.

At the end, a short policy advice for the national privacy office board, possibly with technical & legal appendixes, will be prepared.