robin-id-banner

Tackling Nuanced Privacy in Connected Spaces

User privacy and progress shouldn’t be at odds in the Internet of Things.

Talk about the future of digital for a few minutes and you’re bound to hear a privacy issue come up. From social to mobile, user data has always played a big role in digital interaction. Now we’ve arrived on the Internet of Things, and it’s the same story in a different sandbox. Most people don’t want to share information (or be tracked) without their knowledge. On the other hand, some of the most useful applications require access to user data. These interests shouldn’t be at odds, so what’s a balance both sides can live with?

Connected devices make smarter decisions when they know who and what is involved, but first you have to convince users why that decision deserves to be made in the first place. Convincing is a problem currently, since most connected space examples outside the home center around “Buy this thing” technology.

There’s a lot you can do with even basic data like (anonymous) presence. A building’s thermostat might automatically adjust based on number of people in a room and a restaurant could update their site when busy. The tricky part is making sure the right “things” get the right information. We think good privacy is mainly a matter of control. You should always have the option to share (or not share) different pieces based on who is asking. Social sites like Facebook learned this lesson when planning app permissions. Ideally applications like this one would have ways of asking for the right data without overstepping boundaries.

Information you share with nearby devices

Today your phone asks to share your location, but in a few years it might ask to “share your profile with nearby devices.” What information would you share? As the Internet of Things expands out of home, it’s going to hit some snags without a good answer. Personally, I’m willing to share rough age range and gender. These are bits of information anyone looking at me in public would see anyway. If a nearby device is able to react to those details, the result is unlikely to be invasive. Then again, I’ve always been a sucker for “feels like the future” experience.

Going even further, I might share my email for 20% off, but probably not my address. Asking for too much information is like pressing a big red eject button for the privacy conscious. If you’ve ever been to a site where signing into Facebook is required to read an article, you’ve experienced similar hesitation.

Information you share depending on the location

Now that you have a privacy baseline, how would your answer change based on who (or what) is asking? Context matters, after all.

What would you share inside your home? Your office? The bakery down the street? If you’re like most people, the home probably has the widest access, but the other two examples may not be so obvious. What information is fine to share with the office but not the bakery? Let’s take food allergies for example. Your office probably doesn’t need (and you may not want your employer to know) personal health information. The bakery’s entire relationship with you depends on that piece of allergy info, even if the only other thing they know is your first name. Interactions are nuanced based on context, and shooting for the lowest common denominator misses some worthwhile opportunities.

What if you had adaptive identities that customized privacy depending on situation? You might not want your boss to know what you bought over the weekend, but a work calendar? That makes a little more sense. If  “office” and “shopping” personas were kept separate, applications could ask for the information they need and you wouldn’t worry about overreach. You could still get in-store product recommendations based on past purchases, but limit it short of the invasive digital billboards found in Minority Report.

Here’s how a respectful connected identity might approach these locations:

  • Bakery: name, dietary restrictions, and menu preferences

  • Office: name, employee details, and business schedule

  • Home: name, climate, music preference, and personal schedule

Even the same space will have multiple contexts depending on the person. Take your workplace as an example. An “Office” persona for everyone wouldn’t make sense because there’s a big difference between your office and a customer’s. Your “Office” might be someone else’s “Meeting” privacy persona.

With more connected devices on the market, they’ll have to learn how to ask for information they need. The more devices ask for, the more you’ll need to keep control over what’s shared. Privacy might not be the number one issue for early adopters, but if social is any indicator, we’ll need to have this sorted out before the Internet of Things reaches the masses. Might as well build good foundations today.