The Global Privacy Enforcement Network (GPEN) is putting the Internet of Things (IoT) world in its crosshairs during its 2016 global privacy “Sweep.” The group – a worldwide union of national privacy and law enforcement agencies seeking to tackle transnational privacy and data security issues – said they plan to vet all sorts of manufacturers on data privacy and security practices to see what issues, if any, are prevalent in this new connected industry.
It comes at the perfect time, as more homes and businesses start to adopt IoT devices and platforms. Knowing the potential privacy issues that companies could be neglecting will make the industry as a whole safer and secure, if IoT developers and manufacturers fix any issues identified in the GPEN report.
“Connected devices, such as fitness trackers, smart scales, sleep monitors and other health related products, are capable of capturing some of our most intimate data,” said commissioner Daniel Therrien, for Canada’s Office of the Privacy Commissioner (OPC), a member agency of GPEN.
“Given the sensitivity of the information, it is imperative that the companies behind such devices are transparent about what they collect, how the information will be used and with whom the data will be shared. I’m pleased the Sweep will focus on this important area under the Internet of Things banner,” he said.
GPEN’s methodology is a trident of analysis
Authorities will be able to focus on specific areas in the IoT world, including wearables, appliances, smart meters, cars, or TVs. They might also look into a certain area, like accountability or data collection, to see what issues arise.
GPEN uses three-pronged methodology to figure out privacy and security of a product: the purchase and review of the product, an overview of the manufacturer’s website, or a questionnaire for the manufacturer to complete. Speaking for Canada’s efforts, Therrien said the OPC will use all three methods, and his agency will focus on health devices.
The result of the various investigations will be made public in the fall, allowing developers, privacy advocates, and others in the industry to look at some of the shortfall of the IoT industry.