[MyData & Open Data] Internet of Things / privacy / data release

stef s at ctrlc.hu
Fri Oct 4 09:42:03 UTC 2013


On Thu, Oct 03, 2013 at 08:28:24PM +0100, Laura James wrote:
> Some thoughts about privacy and the Internet of Things, and data markets in
> general, in a great practically-focussed piece from Alex Deschamps-Sonsino
> at GoodNightLamp:
> 
>  http://gigaom.com/2013/10/03/designing-security-into-the-internet-of-things

this is some kind of very US centric naive industry approach. i copied out
the most important points and commented them below:

> Consumers should have the right to know what data is being collected about them and why.

no. consumers should be in control over their data.

> Reasonable efforts should be made to protect confidentiality and privacy of the consumer.

"reasonable", seriously? there must be criminal and financial liability!

> Explicit permission should be granted from the consumer if a third party or service provider receives requests to de-anonymize the data set

no. use tech were deanon is not possible. use the principle of least-authority.

> Consumers must be granted license to any machine-generated data that is created, collected or otherwise generated that relates to them.

this implies that generated data is protected by some Imaginary Property, but which? copyright, makes no sense. patents, trademarks? even less.
users are licensees not licensors? this is very sad.

> Service providers should inform data subjects that deleting all copies of data may be technically unfeasible once published.

this is so american: pouring hot coffee in your lap could burn you. dataminimization is the key here, not handwaving responsibility away with a sticker.

> Where data is collected from public space, consumers and service providers should have a role in decision-making and governance.

indeed. these points here actually do not care about the "consumers" but only about the profitability of the industry, hence weasel words like "reasonable efforts", "unfeasible", etc.

> Consumers should have the right to remain anonymous, and/or have the ability to license data on an anonymous basis and/or at a different granularity/resolution (e.g. temporal or spatial).

consumers who choose to remain private should not be negatively discriminated by the industry.

> Service providers should clearly publish the relationship between the data, sensors as well as link to any APIs they and others develop.

unnecessary. if consumers are in control, not the industry.

> Service providers and sensor manufacturers will publish in a machine and human readable form a link to their security and risk assessments.

makes no sense. industry security is a tragedy, even bank pci compliance is a joke.

-- 
pgp: https://www.ctrlc.hu/~stef/stef.gpg
pgp fp: FD52 DABD 5224 7F9C 63C6  3C12 FC97 D29F CA05 57EF
otr fp: https://www.ctrlc.hu/~stef/otr.txt




More information about the mydata-open-data mailing list