ThingsCon offers a new standard for IoT privacy and security

I’ve been writing a lot about privacy and security for IoT devices in the last few months (and frankly, in the last few years), and today’s startup profile also hits that sweet spot. But instead of a company, I’m profiling a startup certification mark for connected consumer devices.

ThingsCon is a European non-profit that worked with Mozilla to create the Trustable Technology Mark for IoT devices. Much like the Good Housekeeping Seal of Approval or a CE mark, the Trustable Technology Mark has been designed to show consumers that a connected device is designed with security and privacy in mind.

Peter Bihr, who is the co-founder of ThingsCon and chairs its board, says the goal of the Trusted Tech Mark isn’t necessarily to get the certification on every new connected product out there, but to spark a conversation and effort around better design. “If it manages to establish new best practices, and start a race to the top rather than the bottom, we’ll be happy,” says Bihr.

So far, two companies have managed to fill out the application form and achieve the mark. The first is a French company that makes a local voice assistant; the second is a German maker of a connected toy doll. To achieve the mark, companies have to disclose their privacy and data practices, as well as those around transparency, security, stability, and openness.

The company applying for the mark must answer questions such as whether or not it followed the practices associated with Privacy by Design, how it handles users trying to gather data from its device, whether or not it has a disclosure policy around support, whether or not it uses open-source software, and whether or not it will provide all of the services required for the device to function.

Some questions matter more for certification than others. Moreover, companies apply for the mark (using a web form), and the application process is completely voluntary. Bihr says he has reached out to big names in the connected device industry as well as smaller companies  to try to get them to apply for the certification. For the most part, he expects smaller, more privacy-focused companies to earn the mark first.

He’s also reached out to politicians and smart cities experts who are looking at the certification as a source of ideas for legislation or future digital infrastructure plans. The certification reminds me a lot of the Digital Standard created by Consumer Reports and other organizations; I recently interviewed someone about that standard for my weekly “Stacey on IoT” podcast.

Many of the questions or areas of focus in the two efforts are the same, although the Digital Standard isn’t a certification so much as it is a set of best practices and ways to test whether or not a company achieves those best practices. The two could easily co-exist. Or combine.

Bihr says he is aware of the Digital Standard and hopes it succeeds because his ultimate goal is better connected products.