Gizmodo has a marvelous article on the smart home and its continuous information stream entitled “The House that Spied on Me, ” written by a woman who connected all the smart devices (including her bed) in her home to the internet and then had a colleague “spy” on her by reading the data.
There were a number of pretty astonishing revelations, including the fact that the house gave up data even when no one was home. And that the data, which was almost completely what we refer to comfortably as “metadata,” (meaning it isn’t really describable in total detail), could piece together a pretty accurate portrait of the home’s occupants. The writer, who after all writes for a gadget magazine and can’t be that much of a privacy freak still lands here :
Overall, my takeaway is that the smart home is going to create a new stream of information about our daily lives that will be used to further profile and target us. The number of devices alone that are detected chattering away will be used to determine our socioeconomic status. Our homes could become like internet browsers, with unique digital fingerprints, that will be mined for profit just like our daily Web surfing is. If you have a smart home, it’s open house on your data.
I wouldn’t call that a positive result for her experiment.
Because I own more than one connected device myself (in my home the robots talk to each other), I’m more interested in how this new datastream will be affected by the new General Data Protection Regulation soon to go into effect in Europe (and by extension in the US) in May. It seems there are two especially relevant portions of the regulation:
Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.
And this paragraph, called The Right to be Forgotten
Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects’ rights to “the public interest in the availability of the data” when considering such requests.
So this could potentially stop the data in your smart home from being used by publishers or advertisers for targeting and profiling. It also may mean that the value of many connected devices goes away. Although most of them don’t keep data more than two days, they sometimes have built into their business models the right to process and sell the data. If that goes away, along with it may go many smart devices.
We’re in the advertising/publisher support business, so we don’t handle or keep data. We don’t have a dog in this hunt. And we have long been active in data privacy and anti-fraud initiatives. But many people around us in the industry depend on data for either their success or their business models, and we see some changes ahead.