The Internet of Things and privacy – Part two: Solutions for consent
This article is part of a series on the Internet of Things and privacy:
- Part one: Issues with consent
- Part two: Solutions for consent
- Part three: Protections beyond consent
When to infer personal information
The Internet of Things (IoT) does not always ‘collect’ personal information in the traditional sense; in many cases personal information is ‘created’ instead. As discussed in Part one: Issues with consent, artificial intelligence has a remarkable ability to make inferences about people from other data, for example, an IoT vendor could use data from a fitness tracker to predict a person’s age, sex, height, weight and so on.
If you view these examples of inferring information as indirect collection – where personal information is not collected directly from the individual – to be compliant with the law, vendors of IoT devices should only infer information when directly collecting the information would be impracticable or unreasonable.
Inferring, rather than directly collecting, personal information can lessen individuals autonomy over their personal information. When individuals are asked to provide information, they know their information is being collected and have the freedom to choose whether to disclose it. However, when personal information is inferred, the individual has no awareness or freedom to make a choice to disclose it. For this reason, it is preferable to collect personal information directly from individuals rather than inferring that information.
Inferring personal information should be mutually beneficial and reserved only for situations where direct collection is impracticable or unreasonable. For example, a fitness tracker should, in the first instance, directly ask users for their age, sex, height and weight instead of trying to infer it from other data. If a user did not know their weight, it may be appropriate for the device to ask the user if they would like their weight to be approximated from other data.
Full functionality of IoT devices
A well-established approach that vendors could take to address many of the issues raised in Part one is privacy by design (PbD), a framework aiming to embed privacy into the entire design and engineering process.
The PbD principle full functionality – positive-sum, not zero-sum has interesting implications for IoT devices and consent. This principle aims to refute false dichotomies such as choosing between privacy or functionality, and instead promotes approaches where both privacy and functionality are possible.
Vendors could use this principle to address all-or-nothing consent mechanisms that are common in IoT devices. Instead of a zero-sum approach – where a user must choose between giving away their personal information or not being able to use their device – consent can instead be more nuanced and flexible. For example, IoT devices can ask for permission to collect, use or share information when it is necessary to do so, rather than overwhelming users by asking for permission to do everything all at once. Care should be taken, if this approach is used, to avoid design patterns that might cause a user to become annoyed at repetitive or superfluous requests such that they are nagged into consenting.
The full functionality principle also indicates that vendors should avoid ‘bundling consent’, where a device asks a user to consent to a wide range of things in one action. It is better to break consent up into smaller pieces, making it possible for users to consent to some things and reject others.
While this may complicate the way vendors manage their data, it would lead to more meaningful consent in cases where a user consents to a vendor collecting and using their personal information, but not to the vendor sharing that information with third parties.
This principle also suggests that where possible vendors should provide alternatives to users who do not consent to certain things. For example, a fitness tracker could use GPS to precisely measure the distance that wearers run, but also offer alternative forms of measurement, such as those based on time or gait to those who do not consent to disclosing their location. This could lead to positive-sum, win-win approaches, where privacy conscious individuals get to enjoy IoT devices, and vendors get to sell more devices and collect personal information through more meaningful consent.
Read Part three: Protections beyond consent here for an exploration of ways to address that privacy can be improved without relying on consent mechanisms.
This article was written by Asher Gibson, Policy Officer, OVIC. The views expressed in this post are the author’s own and do not necessarily reflect the views of OVIC.
 OVIC has considered this issue and may write further about this in a subsequent blog post.
 As is required by Information Privacy Principle 1.4 and Australian Privacy Principle 3.6.
 For more information on privacy by design, see https://www.ipc.on.ca/wp-content/uploads/2013/09/pbd-primer.pdf.