https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

Security


Getty Images

GDPR

Devising a Plan for IoT Data Protection in a GDPR Era

Many organizations have neglected to think carefully about IoT data protection. GDPR should serve as a reminder to do so.
  • Written by Brian Buntz
  • 2nd July 2018

In the 88-page General Data Protection Regulation (GDPR) document, there is no mention of Internet of Things devices. But make no mistake. GDPR will surely affect many Internet of Things deployments.

First, there’s the matter of consent. One of the central principles of the legislation, which went into effect in May, is that users must agree before a third-party collects their data. That may be intuitive if you’ve signed up for an email newsletter or when you are entering a website for the first time. It is, however, less clear to what extent that principle applies to IoT devices such as IP-based surveillance cameras in public spaces or technologies such as image and voice recognition that could be integrated into vehicles, office buildings and retail locations in the future.

In the home, IoT devices with screens will likely serve up the type of privacy-consent notifications you might see when visiting a website. European smart fridge owners have already seen such GDPR notifications. But the pop-up disclosure model doesn’t work with surveillance cameras. “You can ask a website owner to provide full transparency of all the actions you’ve taken on that site and delete your history,” said Yotam Gutman, vice president marketing at SecuriThings. It’s not so obvious what you would do when it comes to a security camera or in the case of facial recognition technology, although the European Union has specific rules governing how such footage is retained and who has access to it. In 2012, data protection officials in Germany concluded that Facebook was illegally storing a database of members’ headshots.

Smart speakers, one of the most popular IoT technologies, could also pose GDPR-based privacy questions as they grow more ubiquitous. If an unauthorized person obtains data from a smart speaker, that incident would fall under GDRP’s breach notification laws.

In the case of a breach — whether it involves a smart speaker, an IP camera, a website or something else — companies have 72 hours from the time they were made aware of the incident to notify all affected parties. “Think about if someone was able to hack into your residential CCTV monitoring systems,” Gutman said. “The service provider would have to inform you that this has happened, and offer remediation. In cases like this, I think we’ll see a large impact in terms of how GDPR applies to consumers and corporations.”

Gutman points to the case of an international vendor of a cloud-based video surveillance service, which invaded the privacy of its customers. The vendor has a support center located in another continent from where the majority of its users were. The focus of the support center is to connect to the companies’ devices, run diagnostics and ensure its products are working correctly. “When we ran their data through our algorithms, we found there was a specific group of cameras being accessed all the time by a specific group of technicians,” Gutman said. “They were checking on specific cameras and specific times of days.” European users of this services could file a GDPR complaint against the firm.

The stakes are high for offenders. Infringements can lead to fines of €20 million euros or 4 percent of the global turnover, whichever is higher.

Yet privacy invasions are bound to continue to rise as the number of IoT devices with the ability to surveil people grows. Users who feel compelled to seek privacy-based legal action are likely to base their claim on whichever legislation with the most stringent protections. Gutman said: “And now, that regulation is GDPR.”

Tags: Article Security Technologies

Related


  • IoT Security Firm to Acquire Medical Security Startup
    Claroty is set to acquire Medigate to grow its foothold in securing the Internet of Medical Things
  • Ransomware Attack Could Impact Paychecks
    The Kronos ransomware attack affected the company’s private cloud service over the weekend, knocking it offline just before the holidays
  • Image shows an abstract digital big data concept.
    BotenaGo Malware Targets Millions of IoT Devices
    AT&T Alien Labs identified the malware that has left millions of IoT devices exposed.
  • IoT Startup Raises $10M
    Platform aims to bolster network security with automated device configurations and visibility.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • IoT Device Security at the Edge Poses Unique Challenges
  • Zero-Trust Security for IoT: Establishing Rigorous Device Defenses
  • AI Ups the Ante for IoT Cybersecurity
  • Protecting Your Network Against Ripple20 Vulnerabilities

Roundups

View all

IoT Product Roundup: PTC, Nokia, Arm and More

19th May 2022

IoT Deals, Partnerships Roundup: Intel, Nauto, Helium and more

14th May 2022

IoT Product Roundup: Amazon, Synaptics, Urban Control and More

27th April 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Latest Videos

View all
Dylan Kennedy of EMQ

Embedded IoT World 2022: Dylan Kennedy of EMQ

Dylan Kennedy, EMQ’s VP of global operations, sat down with Chuck Martin at Embedded IoT World 2022.

Embedded IoT World 2022: Omdia’s Sang Oh Talks Vehicle Chip Shortage

Omdia’s automotive semiconductor analyst sits down with Chuck Martin at this year’s event

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Rethinking the Database in the IoT Era

18th May 2022

Jumpstarting Industrial IoT solutions with an edge data management platform

12th May 2022

AI led Digital Transformation of Manufacturing: Time is NOW

9th December 2021

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

The U.S. Army is getting a 5G boost for #AR #VR capabilities from #5G network provider @OceusNetworks.… twitter.com/i/web/status/1…

24th May 2022
IoTWorldToday, IoTWorldSeries

@IoTWorldSeries and The #AISummit will be hosted this year in Silicon Hills, the tech hub of Austin, Texas. Acces… twitter.com/i/web/status/1…

24th May 2022
IoTWorldToday, IoTWorldSeries

Hannover Messe 2022: @BoschGlobal,@BostonDynamics robotics showcased. @hannover_messe dlvr.it/SQzhr1 https://t.co/vHWRmsIGcm

24th May 2022
IoTWorldToday, IoTWorldSeries

📣JUNE DIGITAL SYMPOSIUM Drive your strategy forward and stay on the #Healthcare and #IndustrialIoT pulse with key… twitter.com/i/web/status/1…

24th May 2022
IoTWorldToday, IoTWorldSeries

Hyundai Investing $5B on Autonomous Driving and Robotics dlvr.it/SQzfZh https://t.co/1Jyr4Xlord

24th May 2022
IoTWorldToday, IoTWorldSeries

Partner with @IoTWorldToday to reach your prospects and accomplish your goals in 2022. Download our 2022 IoT Mark… twitter.com/i/web/status/1…

24th May 2022
IoTWorldToday, IoTWorldSeries

Explore Emerging Tech For Enterprises at @TechXLR8 2022 this June ➡️ Join us from 1-3 June in harnessing the pow… twitter.com/i/web/status/1…

24th May 2022
IoTWorldToday, IoTWorldSeries

Clearview AI has been fined $9.4 million for collecting images of people from social media platforms to add to its… twitter.com/i/web/status/1…

24th May 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X