Information Pollution and the Internet of Things

By Phil Lee, CIPP/E, CIPM

Kevin Ashton, the man credited with coining the term "The Internet of Things" once said, "The Internet of Things has the potential to change the world, just as the Internet did. Maybe even more so."

This couldn't be more true. The range of potential applications for the Internet of Things, from consumer electronics to energy efficiency and from supply chain management to traffic safety, is breathtaking. Today, there are six billion or so connected devices on the planet. By 2020, some estimate that figure will be in the range of 30 to 50 billion. Applying some very basic math, that's between four and seven Internet-connected "things" per person.

All this, of course, means vast levels of automated data generation, processing and sharing. Forget Big Data: We're talking mind-blowingly Huge Data. That presents numerous challenges to traditional notions of privacy and issues of applicability of law, transparency, choice and security have been, and will continue to be, debated at length.

One area that deserves particular attention is how we deal with data access in an everything-connected world. There's a general notion in privacy that individuals should have a right to access their information—indeed, this right is hard-coded into EU law. But when so much information is collected—and across so many devices—how can we provide individuals with meaningful access to information in a way that is not totally overwhelming?

Consider a world where your car, your thermostat, your DVR, your phone, your security system, your portable health device and your fridge are all trying to communicate information to you on a 24-7, 365 basis: "This road's busy, take that one instead." "Why not lower your temperature by two degrees?" "That program you recorded is ready to watch." "You forgot to take your medication today." And so on.

The problem will be one of information pollution: There will be just too much information available. How do you stop individuals feeling completely overwhelmed by this? The truth is that no matter how much we, as a privacy community, try to preserve rights for individuals to access as much data as possible, most will never explore their data beyond a very cursory, superficial level. We simply don't have the energy or time.

So how do we deal with this challenge?

The answer is to abstract away from the detail of the data and make readily available to individuals only the information they want to see, when they want to see it. Very few people want a level of detail typically of interest only to IT forensics experts in complex fraud cases—such as what IP addresses they used to access a service or the version number of the software on their device. They want, instead, to have access to information that holds meaning for them, presented in a real, tangible and easy-to-digest way. For want of a better descriptor, the information needs to be presented in a way that is "accessible."

This means information innovation will be the next big thing: Maybe we'll see innovators create consumer-facing dashboards that collect, sift and simplify vast amounts of information across their many connected devices, perhaps using behavioural, geolocation and spatial profiling techniques to tell consumers the information that matters to them at that particular point in time.

And if this all sounds a little too far-fetched, then check out services like Google Now and TripIt, to name just a couple. Services are already emerging to address information pollution, and we only have a mere six billion devices so far. Imagine what will happen with the next 30 billion or so!

photo credit: Kris Krug via photopin cc

More from Phil Lee

About the Author

Phil Lee is a partner in the Privacy and Information Law Group at Field Fisher Waterhouse LLP, and runs the Palo Alto office of Field Fisher Waterhouse (California) LLP. Lee has particular specialisms in behavioral profiling and cookie regulation, e-marketing and international data transfer strategies (including binding corporate rules). He has worked on numerous multi-jurisdictional data privacy projects across more than 80 countries. 

Lee holds an M.A. in computer science from Cambridge University and a postgraduate diploma in intellectual property from Bristol University. He is a frequent contributor to FFW's Privacy and Information Law blog and is also a contributing author to the IAPP's European Privacy: Law and Practice for Data Protection Professionals and Wolter Kluwers' Global Privacy & Security Laws. Lee is a former committee member of the Society for Computer and Law's Privacy & Data Protection Group.

He can be contacted at phil.lee@ffw.com.

See all posts by Phil Lee


Get your free study guide now!
Get your free study guide now!