{"id":2884,"date":"2011-04-13T20:28:17","date_gmt":"2011-04-13T20:28:17","guid":{"rendered":"http:\/\/www.thesocialcmo.com\/blog\/?p=2884"},"modified":"2011-04-13T20:37:11","modified_gmt":"2011-04-13T20:37:11","slug":"what-you-should-know-about-the-eus-new-internet-of-things-privacy-framework","status":"publish","type":"post","link":"https:\/\/www.thesocialcmo.com\/blog\/2011\/04\/what-you-should-know-about-the-eus-new-internet-of-things-privacy-framework\/","title":{"rendered":"What You Should Know About the EU’s New “Internet of Things” Privacy Framework"},"content":{"rendered":"

To many, “The Internet of Things,”<\/strong><\/a> a predicted, transformative moment in time when nearly all \u201cthings\u201d in the physical world will be interconnected, wirelessly, with communication capabilities linking the physical and virtual worlds for a variety of cooperative applications, is a distant point in the future.\u00a0 To others, the internet of things is now.<\/p>\n

<\/object><\/p>\n

<\/em><\/strong><\/p>\n

RFID “Smart Tags” Connecting <\/strong><\/span><\/h2>\n

Physical Things to Virtual Things<\/strong><\/span><\/h2>\n


\n<\/strong><\/span><\/p>\n

Radio-frequency identification technology (RFID)<\/strong><\/a>, a technology that uses “smart tags”, tags with\u00a0microchips,\u00a0to provide information to a virtual network, is considered to be a primary technology in advancing “the internet of things.”\u00a0 In 2011, RFID revenue is expected to exceed <\/strong>$6 billion, <\/strong><\/a> with\u00a0more than 750 million so-called “item-level” RFID tags<\/strong> <\/a> used in global apparel markets alone.\u00a0 In Europe, about one billion “smart tags”<\/strong><\/a> are expected to be used in 2011, linking many “things” to the virtual world.<\/p>\n

<\/embed><\/object><\/p>\n

The European Union (EU)<\/strong><\/a>, representing twenty-seven member states, has expressed grave concerns about the privacy implications of an unregulated internet and unchecked technology.<\/p>\n

<\/object><\/p>\n

Responding to the privacy concerns it perceived as being presented by the “the Internet of Things”, the EU, in 2009,\u00a0adopted a fourteen-point strategic plan of action:<\/p>\n

EU’s 2009 Internet of Things: <\/strong><\/span><\/h2>\n

14-point Strategic Action Plan<\/strong><\/span><\/h2>\n

1.\u00a0 Governance.<\/strong> The Commission will work on the definition of a set of principles underlying the governance of the Internet of Things and the design of an architecture endowed with a sufficient level of decentralised management.<\/p>\n

2.\u00a0 Privacy and data protection.<\/strong> The Commission will observe carefully the application of data protection legislation to the Internet of Things.<\/p>\n

3.\u00a0 The right to the “silence of the chips”.<\/strong> The Commission will launch a debate about whether individuals should be able to disconnect from their networked environment at any moment. Citizens should be able to read basic RFID (Radio Frequency Identification Devices) tags \u2013 and destroy them too \u2013 to preserve their privacy. Such rights are likely to become more important as RFID and other wireless technologies become small enough to be invisible.<\/p>\n

4.\u00a0 Emerging risks.<\/strong> The Commission will take effective action to enable the Internet of Things to meet challenges related to trust, acceptance and security.
\n <\/strong><\/p>\n

5.\u00a0 Vital resource.<\/strong> In connection with its activities on the protection of critical information infrastructures, the Commission will closely follow the development of the Internet of Things into a vital resource for Europe.
\n <\/strong><\/p>\n

6.\u00a0 Standardisation. <\/strong>The Commission will, if necessary, launch additional standardisation mandates related to the Internet of Things.
\n <\/strong><\/p>\n

7.\u00a0 Research.<\/strong> The Commission will continue to finance collaborative research projects in the area of the Internet of Things through the 7 th Framework Programme.
\n <\/strong><\/p>\n

8.\u00a0 Public Private Partnership.<\/strong> The Commission will integrate, as adequate, the Internet of Things in the four research and development public-private partnerships that are being prepared.
\n <\/strong><\/p>\n

9.\u00a0 Innovation.<\/strong> The Commission will launch pilot projects to promote the readiness of EU organisations to effectively deploy marketable, interoperable, secure and privacy-aware Internet of Things applications.
\n <\/strong><\/p>\n

10.\u00a0 Institutional awareness.<\/strong> The Commission will regularly inform the European Parliament and the Council about Internet of Things developments.
\n <\/strong><\/p>\n

11.\u00a0 International dialogue.<\/strong> The Commission will intensify the dialogue on the Internet of Things with its international partners to share information and good practices and agree on relevant joint actions.
\n <\/strong><\/p>\n

12.\u00a0 Environment.<\/strong> The Commission will assess the difficulties of recycling RFID tags as well as the benefits that the presence of these tags can have on the recycling of objects.
\n <\/strong><\/p>\n

13.\u00a0 Statistics.<\/strong> Eurostat will start publishing statistics on the use of RFID technologies in December 2009
\n <\/strong><\/p>\n

14.\u00a0 Evolution.<\/strong> The Commission will gather a representative set of European stakeholders to monitor the evolution of the Internet of Things.
\n <\/strong><\/p>\n

The “Internet of Things” Privacy Framework\ufeff<\/strong><\/span><\/h2>\n

Completing the promise of their earlier action plan, the EU and private stakeholders, with a simple, two-page\u00a0press release<\/strong><\/a> and signing ceremony in Brussels, on April 6, 2011, announced that they had\u00a0established of a voluntary Privacy and Data Protection Impact Assessment Framework for RFID Applications<\/strong><\/a>“, dubbed the <\/strong> “Internet of Things Privacy Framework”<\/strong><\/a> by the New York Times.\u00a0 Specifically, the framework establishes \u201cguidelines for all companies in Europe to address the data protection implications of smart tags (Radio Frequency Identification Devices \u2013 RFID) prior to placing them on the market.\u201d
\n <\/strong><\/p>\n

At the signing ceremony,<\/strong> one industry representative observed, \u201cData protection authorities sometimes seem to be one-track minded and force compliance with data protection rules\u2026.Today, we have overcome this very unfruitful deadlock\u2026.\u201d Despite the fanfare of many signatures, the framework is voluntary, with no express auditing mechanisms, though record-keeping procedures are outlined, and no defined penalties for non-compliance.
\n <\/strong><\/p>\n

Coincidentally, the announcement of the EU\u2019s voluntary framework<\/strong> came within one week of the release of a\u00a0report<\/strong><\/a> by Carnegie Mellon University showing \u201clagging compliance\u201d with U.S. industry self-regulation in online behavioral advertising.
\n <\/strong><\/p>\n

Four-step Privacy Impact Assessment (PIA) <\/strong><\/span> <\/strong><\/h2>\n

Under the Commission\u2019s framework, RFID operators would be required to complete a four-step Privacy Impact Assessment (PIA) process prior to introducing a new RFID application into the market:
\n1. Describe the RFID Application;<\/p>\n

2. Identify and list how the RFID Application under review could threaten privacy and estimate the magnitude and likelihood of those risks;
\n3. Document current and proposed technical and organisational controls to mitigate\u00a0identified risks; and
\n4. Document the resolution (results of the analysis) regarding the Application.<\/p>\n

Let the Internet of Things Begin!<\/strong><\/span><\/h2>\n

\"\"So what is the most significant impact of the framework? Privacy? Perhaps not.<\/strong> Instead, the real significance of the framework may have been captured in an observation made in the official press release from the signing, namely, that the framework will give the business sector the \u201clegal certainty that the use of their tags is compatible with European privacy legislation.\u201d In other words, the framework gives private stakeholders the green light to continue full-steam ahead with their already massive investment in RFID technologies and the \u201cinternet of things\u201d it heralds.<\/p>\n

Why might industry leaders have been concerned about limitations on RFID technologies?<\/strong> The EU has also just reaffirmed its commitment to <\/strong>“Privacy by Default”<\/strong><\/a> as the core of its data protection laws.\u00a0 So Europeans are now given “the right to be forgotten” online and the right to be remembered in real life…
\n <\/strong><\/p>\n

The Internet of Things?<\/strong><\/span><\/h2>\n

The EU Commission website provides an example to illuminate the \u201cinternet of things\u201d:
\n <\/em><\/p>\n

\"\"Take one example: a suitcase itself can indicate which plane it should be sent to. This is possible thanks to Radio Frequency Identification (RFID). With RFID, more and more objects communicate with each other, slowly creating a network of information, a so-called \u2018internet of things\u201d.<\/em>
\n <\/em><\/p>\n

This network could potentially make our lives much easier\u2026No need to worry about your suitcase being sent to the wrong plane anymore! But we must also be careful how we use it, and avoid certain pitfalls. <\/em><\/p>\n

Thanks! Your pants just told us where you are.<\/strong><\/span><\/h2>\n

\"\"Worried that your smart phone is broadcasting your whereabouts?
\nYour pants may be doing the same.
\nWhat sort of privacy concerns are raised by RFID tags?<\/p>\n

According to the commission, one concern the new Framework seeks to address is \u201cthe possibility of a third party accessing your personal data (e.g., concerning your location) without your permission.\u201d How could that happen? Well, the pants you just bought might come with a small, RFID tag that has an \u201celectronic memory that is readable and perhaps writable, and antennae.\u201d
\n <\/strong><\/p>\n

The U.S. Approach<\/strong><\/span><\/h2>\n

\"\"Ever lagging behind the EU\u2019s privacy initiatives, the U.S., in a <\/strong>staff report<\/strong> <\/a>from the Federal Trade Commission (FTC) <\/strong><\/a>concluded:
\n <\/strong><\/em><\/p>\n

The FTC staff also agrees with the EC that there is a need to raise consumer awareness about RFID technology<\/strong>, in order to enhance consumer trust and to give consumers the tools to protect themselves from the risk of misuse of their information. Given the current stage of deployment of consumer-facing RFID applications, however, the FTC believes that mandating or encouraging specific technological tools for protecting consumer privacy is premature.<\/strong><\/em>
\nHow Will the Internet of Things Be Social?<\/strong><\/p>\n

The New York Marathon provides a great example of how the “internet of things” will interact with the virtual world and integrate with social\ufeff:<\/p>\n

<\/embed><\/object><\/p>\n

What are your thoughts?<\/strong> Please let me know!<\/p>\n

Glen Gilmore<\/p>\n

Please join me on Twitter:\u00a0 @GlenGilmore<\/strong><\/a> and @SocialMediaLaw1<\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

To many, “The Internet of Things,” a predicted, transformative moment in time when nearly all \u201cthings\u201d in the physical world will be interconnected, wirelessly, with communication capabilities linking the physical and virtual worlds for a variety of cooperative applications, is a distant point in the future.\u00a0 To others, the internet of things is now. RFID … Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[137,85],"tags":[293,1197,1200,1199,1196,1198],"class_list":["post-2884","post","type-post","status-publish","format-standard","hentry","category-all-posts","category-glengilmore","tag-connectivity","tag-internet-of-things","tag-kill-chips","tag-privacy","tag-rfid","tag-sensors"],"_links":{"self":[{"href":"https:\/\/www.thesocialcmo.com\/blog\/wp-json\/wp\/v2\/posts\/2884","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesocialcmo.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesocialcmo.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesocialcmo.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesocialcmo.com\/blog\/wp-json\/wp\/v2\/comments?post=2884"}],"version-history":[{"count":11,"href":"https:\/\/www.thesocialcmo.com\/blog\/wp-json\/wp\/v2\/posts\/2884\/revisions"}],"predecessor-version":[{"id":2895,"href":"https:\/\/www.thesocialcmo.com\/blog\/wp-json\/wp\/v2\/posts\/2884\/revisions\/2895"}],"wp:attachment":[{"href":"https:\/\/www.thesocialcmo.com\/blog\/wp-json\/wp\/v2\/media?parent=2884"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesocialcmo.com\/blog\/wp-json\/wp\/v2\/categories?post=2884"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesocialcmo.com\/blog\/wp-json\/wp\/v2\/tags?post=2884"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}