By K.C. Halm Following its highly publicized workshop exploring consumer privacy and security issues arising from the emerging market of the Internet of Things, the Federal Trade Commission (FTC) is now calling for filed comments on issues raised during the workshop. At issue is the application of privacy and data security principles and norms in the emerging market sector of connected devices.  As explained in our recent post, workshop participants raised a broad range of questions about the application of many existing privacy principles to entities and systems in the world of connected devices. Recognizing the many legitimate and difficult questions raised by this sector, the agency seeks comment on a range of issues, including but not limited to:
  • What are the unique privacy and security concerns and solutions associated with the Internet of Things?
  • What existing security technologies and practices could businesses and consumers use to enhance privacy and security in the Internet of Things?
  • What is the role of the Fair Information Practice Principles in the Internet of Things?
  • What steps can companies take (before putting a product or service on the market) to prevent connected devices from becoming targets of, or vectors for, malware or adware?
  • How can companies provide effective notice and choice?  If there are circumstances where effective notice and choice aren’t possible, what solutions are available to protect consumers?
  • What new challenges does constant, passive data-collection pose?
  • What effect does the Internet of Things have on data de-identification or anonymization?
  • How can privacy and security risks be weighed against potential societal benefits (such as improved health-care decision-making or energy efficiency) for consumers and businesses?
  • How can companies update device software for security purposes or patch security vulnerabilities in connected devices, particularly if they do not have an ongoing relationship with the consumer?  Do companies have adequate incentives to provide updates or patches over products’ lifecycles?
  • How should the FTC encourage innovation in this area while protecting consumers’ privacy and the security of their data?
  • Are new use-restrictions necessary to protect consumers’ privacy?
The deadline for filing comments is Jan. 10, 2014.  Comments filed prior to the workshop will be taken into consideration.  The agency’s staff will also accept research and surveys in addition to other comments.  Comments will be used to develop the FTC Staff recommendation, which is likely to be issued during the first quarter of 2014. Please contact us for assistance with preparing or filing these comments with the FTC.