The world of digital connectivity is changing rapidly as a result of the emergence of the Internet of Things (IoT). Representing one of the most disruptive technologies of our time, the IoT is an emerging global internet-based architecture that seamlessly integrates multiple data collection devices that collect, interchange and process data. Examples of IoT devices include wearables that monitor and track our wellbeing based on daily physical activities such as running or walking, medical devices that monitor and track intake of and responses to medication, and surveillance devices that track and monitor movement related to patient rehabilitation following accidents or age-related degeneration.
While the IoT holds great promise in terms of facilitating the collection and processing of data to improve and customise service delivery, there is a need to rethink what ‘privacy’ means to individuals and IoT designers/developers in the realm of increasing digital connectivity, and more generally how personal information should be collected, stored, transmitted and used. Moreover, what are legal perspectives on data privacy in an increasingly connected world enabled by the IoT?
Considering these challenges, we share our findings aiming to answer the following questions:
• How do IoT users (or consumers) perceive ‘data privacy’ in a connected world of greater connectivity enabled by the IoT
• What are specific individuals’ IoT-related data privacy concerns
• What can be done from a regulatory perspective to address individuals’ data privacy concerns?
In response to the above questions, an exploratory qualitative research design was followed. We collected data from 24 IoT users and designers/developers in the 22 - 65 age group to hear more about their feelings and perceptions of data privacy and legal regulation with respect to IoT data collection, processing and use.
Our study highlights four recommendations:
1. Data privacy is important in a more connected world enabled by the IoT
2. Forms of consent for IoT data collection needs to be adapted to cater for today’s modern IT user requirements
3. Incorporation of ‘privacy-by-design’ in the IoT development process may improve data privacyrelated concerns
4. A responsive regulation approach that includes ‘privacy-by-design’, consumer and data protection standards, and privacy type doctrines may enhance IoT privacy/data protection.