In my previous post I raised the need for closer ties between legal authorities and the tech companies who are creating new tracking devices. Let me give an example of what I mean:
The Internet of Things describes a future where almost every physical product we use is connected to the internet, and is passing information and insights to other products or people. Your fridge could tell your supermarket to deliver milk to your home when you're running low. Your shoes could tell your personal trainer that you're gaining weight and need more exercise. Your car could post a message on your bathroom mirror reminding you to wear sunscreen, as the UV index is high outside (based on its windshield readings). And so on.
We're already seeing many of these technologies play out, particularly through new cars.
The modern car already has more computer components than engine parts. There are sensors that can tell who is sitting down behind the wheel, and automatically adjust the seat and mirrors to fit their shape. The navigation system gives advice on popular routes that the driver uses (and warns if there is a traffic disruption along those paths). Future cars will be able to monitor drivers to see if they're falling asleep or are otherwise distracted, and prompt them to pay more attention to the road. Cars could even monitor a driver's vital signs and notify an emergency responder if they're in an accident or are having a medical emergency on the road.
So, the question is, who owns all this personal data that is being tracked, transmitted and analyzed? Is it the car manufacturer? The car dealer? The producer of the computer hardware? Or the producer of the computer software? The company that does the analysis of the driver's data? The wifi provider that is being used to transmit the data? The company that runs the satellite the wifi provider is using? The company that owns the servers it is being stored to?
There could be dozens - if not hundreds - of companies involved in the manufacture and operation of a single car. Currently, no one company is responsible for the fair use (and storage and security) of the user data being collected from this car. The privacy buck can therefore continuously be passed.
And this will be the case for almost all Internet of Things device. If we cannot make one company responsible for the security and management of user's private data, could this be the end of privacy laws?
(Alberta's not-for-profit technology accelerator, Cybera, holds an annual conference in Banff each year exploring new digital technologies and issues such as this. The event is being held at the end of October. For more information, visit the event's website.)