Hot on the heels of announcing a Health and Wellness working group, the Connectivity Standards Alliance has created a working group focused on data privacy. The new working group will explore “the creation of a harmonized global specification and certification program.”
The CSA has proven that it can bring hundreds of companies together to release the Matter smart home interoperability specification, but this new program is even more important in my opinion. The lack of privacy creates a lack of trust in IoT devices and slows adoption, much like the lack of interoperability did back in 2019 when the CSA (then called the Zigbee Alliance) announced the working group that eventually became Matter.
The Alliance hasn’t named any members who will be part of the new Data Privacy working group yet, but I agree with the Alliance that the problem is urgent. In fact, I named it as one of my trends for this year. I also hoped to see data privacy enshrined as part of of the upcoming cybersecurity label that the White House plans to release this spring. I doubt that will happen, but having the CSA push for privacy will only help.
This is a much needed development for the internet of things, and one I’m excited to see happen. For years, we’ve cautioned that the addition of new sensors, cameras, microphones and more in all corners of our public and private lives endangers our privacy, and has the potential to become an arm of a surveillance state. Not only that, but even if the government doesn’t want to tap into sensors, the companies providing this equipment may have interests that vary significantly from users. Without trust between the providers of IoT gear and the consumers of that gear, adoption will slow.
I have some pretty strong beliefs in what privacy should look like when it comes to the internet of things. I’ve written about the need for consent when deploying sensors in your home, and I think it’s a good place to start. From the post outlining nine rules for building an ethical smart device:
- Provide transparency about your data collection practices
- Provide transparency around the sensors inside the device
- Protect the user’s data through encryption at rest and in motion
- Promote safe data practices with partners
- Develop a clear practice around the use of data after a merger/acquisition
- Develop and explain your data deletion policy and give consumers a chance to delete their data
- Promise users the device will work for X number of years
- Patch devices in the wake of new vulnerabilities
- Push users to ask for consent from others in their environment
The CSA’s Michelle Mindala-Freeman, head of marketing and member services for the CSA, said that the CSA wants to focus on three categories when it comes to privacy starting with transparency, accuracy and choice. In our discussion a few weeks back she said that transparency would include a focus on what device is being collected and who was using it. She described accuracy as making sure that a company was doing what it says it is doing with regard to data collection, and that choice would involve consent from the user on how their data gets used.
That conversation was in the context of the newly announced Health and Wellness working group, which would involve setting standards to enabled smart home devices to share data in the context of elder care or other undetermined use cases. As one can imagine, privacy is going to be essential for those use cases. But it’s simply essential for anyone to feel comfortable adopting these devices, especially in the wake of so many privacy snafus such as the one that ensnared iRobot a few months back, when third party contractors shared image data from Roomba cameras.
The CSA’s new standard won’t stop all of the potential privacy issues, but it’s going to be a a start, and I hope it helps drive a larger conversation around the tentents named above. My fingers are crossed.