, ,

Insight: Privacy Issues Threaten IoT Utopia

WM Circle Logo

By: RickFerguson |

Posted on August 4, 2017

The coming era of the smart home, powered by voice-activated personal assistants, smart appliances, and cloud-connected sensors, promises to bring a new era of personalized, frictionless interactions between device makers, marketers, and consumers. As we allow these connected devices into our homes, however, very few of us consider what data these devices are collecting, how often they’re collecting it, where it’s stored, and who has access to it. A recent uproar over smart device manufacturer iRobot potentially selling homeowner data to third parties has led marketers to a round of soul-searching: how can we leverage the marketing power of the Internet of Things without compromising our customers’ privacy?

By Rick Ferguson

The good news: the public outcry over robot sweeper Roomba allowing its manufacturer iRobot to collect and transmit room-mapping data – and the sell that data to the highest bidder – has resulted in a staunch denial from the company and a pledge never to sell Roomba owner data to a third party. iRobot CEO Colin Angle claimed that the story was based on misinformation, and told ZDNet, “iRobot has not had any conversations with other companies about data transactions, and iRobot will not sell customer data.”

Okay, so you don’t have to worry about your Roomba selling you out to parties unknown. The episode does beg the larger question: As smart and connected devices make their way inexorably into our homes and automobiles, how worried should we be about our privacy? And how much responsibility do manufacturers and marketers bear in making sure that any consumer data collected through these devices is done so through opt-in transparency? It’s more than an academic question. If consumers decide that their devices are spying on them, then the estimated $267 billion market for connected devices (by 2020, as estimated by the Boston Consulting Group) might be at risk – and the chance for marketers to use these devices to build strong relationships will be gone.

The evidence that connected devices might pose a privacy risk – or at least become Trojan horses for annoying marketing gimmicks - is mounting. Consider these anecdotes:

  • On the “annoying marketing gimmick” front, fast-food restaurant chain Burger King was recently busted for debuting an ad that hijacked viewers’ Google Home voice-activated assistant to answer the question, “What is a Whopper?”
  • Television manufacturer Vizio recently paid $2.2 million to settle a lawsuit alleging that it sold data on viewers’ viewing habits without users' permission. The complaint alleged that “VIZIO facilitated appending specific demographic information to the viewing data, such as sex, age, income, marital status, household size, education level, home ownership, and household value, the agencies allege. VIZIO sold this information to third parties, who used it for various purposes, including targeting advertising to consumers across devices.”
  • A murder case in Bentonville, Ark., found police asking Amazon to turn over Echo voice recordings from the murder scene on the chance that the Echo recorded conversations that might impact the investigation. While Amazon has refused on the grounds that police haven’t obtained a proper warrant, the law is far from clear as to whether the government can subpoena such data from manufacturers.
  • Back on the television front, Samsung was forced to issue an apology when language in its terms and conditions made it seem as if their smart televisions might record private conversations and transmit that data to a third party.

These anecdotes – and there will be more of them – raise enough ethical and legal questions to set your head to spinning. TechCrunch has a great roundup of the current state of consumer privacy in the world of connected devices, and here’s one of many great money quotes:

“There also seems to be some lingering legal questions regarding disclosure. It’s not entirely clear whether companies are legally bound to notify users about the manner of information they gather or how they ultimately act upon it. Some will touch upon the idea in publicly available privacy policies (which, like TOS and EULA, are rarely given a second thought by most users), but while welcome, don’t seem to be a legal obligation. ‘It’s pretty much the Wild West,’ explains [American Civil Liberties Union senior analyst Jay] Stanley. ‘I can’t think of any legal requirements that would [force them to disclose what they’re recording]. It’s caveat emptor, let the buyer beware.’”

Thus it has always been: technological progress inevitably outpaces the wisdom required to use new technology responsibly. There is no privacy danger inherent in smart devices other than the willingness of manufacturers and marketers to trade consumer privacy for short-term profits. The problem with this short-term mercenary-ism is that the truth will always out – and when consumers find out that they’re being bought and sold without their permission, that will be the end of smart devices in their homes.

How then can manufacturers and marketers assure consumers that they have their best interests at heart? It does no good to wait for legislatures to mandate change; the wheels of regulation turn slowly. Europe may be ahead of the game with the impending General Data Protection Regulation (GDPR) set to become law, but the U.S., as the ACLU notes, is still the Wild West. The best way to reassure consumers is to proactively reassure them via a simple and amply communicated data privacy policy.

Here’s an example: During my time as an executive at loyalty provider Aimia, I had the pleasure of building IP around a pioneering data privacy policy spearheaded by chief privacy officer Jeremy Henderson-Ross. Aimia’s data privacy policy was not only the company’s stated position on data privacy, but also a call to action for any company who held consumer data in trust.

The policy was communicated through the acronym TACT, which stood for:

Transparency: Aimia pledged to always communicate to consumers in its loyalty programs exactly what data they collected, who had access to that data, and to what purposes the data would be put.

Added value: The company pledged that any data use would explicitly benefit consumers through reward, recognition, and personalization.

Control: The company pledged that consumers in its loyalty programs would always retain the right to opt out of data collection, and to review any data collected on them.

Trust: Aimia pledged to be responsible stewards of consumer data by maintaining data security and limiting access to any third parties.

Aimia’s TACT policy was bold and ahead of its time, articulated well before anyone began talking about the potential of the Internet of Things. TACT is even more relevant today. If you’re a marketer in your organization and planning to harness the power of connected devises, sound the clarion call in your company to publicly proclaim and then stand behind your own version of TACT. Consumers will respond with loyalty – and when you communicate to them through their connected devices, they’ll listen to you.

Rick Ferguson is Editor in Chief of the Wise Marketer Group.