Homo Deus naked? The broad implications of IoT
The Internet of Things (IoT) is an absolute buzzword nowadays. From popular culture to the insular world of academia (with scholars such as the Homo Deus author Yuval Noah Harari), the notion that smart technologies have become an integral part of our lives is more prevalent than ever. Smart wearables, smart homes, even smart cities, have become sensational keywords, embodying the bold idea of an interconnected techno-utopia.
As with every bold idea, however, things are not that simple. While it might please the hearts sci-fi enthusiasts around the world, there are many implications that might severely sabotage such a venture.Â
A prominent issue is data privacy, and especially, the danger of establishing powerful surveillance states through a digital panopticon. We simply cannot ignore the question on why IoT data could not end up in government reservoirs, with the goal of scrutinizing individualsâ everyday lives.Â
Furthermore, since IoT services involve significantly more parties than traditional services, it is difficult to adequately explain how usersâ data are being processed. Consumers are surrendering their privacy, often without even realizing it, as privacy policies are rarely examined properly. This lack of transparency greatly undermines our individual autonomy.Â
Cybersecurity risks - often intensified by the rush of deploying new digital technologies - is another issue of vital importance. A 2020 study which analyzed over 5 million IoMT (Internet of Medical Things), revealed a disturbing number of vulnerabilities - up to 15% of devices were unknown or unauthorized, while 5 to 19% were using unsupported legacy operating systems. This lack of security makes these devices quite prone to cyberattacks, especially through ransomware.Â
It becomes evident that IoT, while offering important benefits to society, it must also be constrained to particular limits. Thus, it needs specific attention in the scope of legislative texts such as the GDPR or the ePrivacy Regulation - the latter proposed by the European Commission in 2017. Legal principles will be crucial, especially accountability - i.e. being able to demonstrate compliance with the GDPR while processing personal data, through the implementation of appropriate technical and organizational measures.
What would these appropriate measures then be?
In an IoT context, organizations should be aware of what they collect and process, and mitigate data security risks through features such as client-side encryption and blockchain technology.Â
Moreover, privacy by design, one of the key concepts of GDPR, means that organizations need to consider usersâ privacy at the initial design stages of new products. Privacy by default, another key concept, means that a systemâs default settings should be the most privacy friendly ones.Â
Lastly, measures such as Data Protection Impact assessments (DPIAs) or Privacy Impact Assessments (PIAs) while planning IoT projects, would enhance businessesâ credibility and professionalism.
While demonstrating compliance to every single case is extremely difficult, establishing trust is integral to the future of IoT. If we really want an interconnected world, firstly we will have to ensure that it will be a user-centered one.