Transparency and Consent in Data-Driven Smart Environments

Abstract

The Internet of Things (IoT) has come to be an umbrella term for internet-connected devices with sensory capabilities. These IoT appliances – often referred to as smart devices – take an increasingly prominent role in consumers’ daily lives. Connected security systems, remotely controllable lighting, smart wearables, thermostats, refrigerators and even voice-controlled assistants… Together, they form an invisible network of information aggregators, capable of capturing data from the physical world and communicating about this information via the internet. On the one hand, smart devices undeniably offer practical advantages and useful insights to their users. On the other hand, however, they also provide the means to compose a detailed account of consumers’ behavioral patterns. Combined with big data analytics, it all of a sudden becomes possible to not only anticipate consumers’ purchasing preferences, but also to deduce information about their private lifestyles and even map out certain personality traits. The pervasiveness of smart devices poses challenges that are particularly worrisome from a privacy and data protection perspective. Faced with consumers’ concerns regarding the protection and sharing of their personal data, this paper sheds light on the preservation of privacy in smart environments. Transparency and consent form the core concepts of this research. In this respect, notable emphasis goes to (i) awareness surrounding data collection practices and (ii) the implementation of consent mechanisms. The contribution features a two-step approach in view of balancing entrepreneurs’ thirst for data against consumers’ desire for privacy. Firstly, it is necessary to arrive at a solid understanding of the functioning of smart devices, in order to get a good grasp on how the selected transparency concerns manifest themselves in an IoT context. Along this route, attention is given to the occurrence of “low-quality consent” among consumers. Secondly, the paper argues that, notwithstanding consent, the integration of privacy enhancing technologies such as obfuscation and data minimization is necessary in view of ex ante containing the potential ramifications of data leakages. In that respect, the question is raised to what extent a technical rather than a legal responsibility exists to attain adequate levels of privacy and data protection. In conclusion, this paper submits that smart environments are indeed putting strain on the existing regulatory framework. Yet, in all likelihood, the much sought-after solutions to transparency and consent will largely be technological in nature and sprout from industry-driven efforts.