Strategy and Governance /

Does BigData combined with the Internet of Things threaten Privacy?


Given the vast number of IoT devices, a staggering volume of data is continuously being generated – and this is increasing exponentially. Until the advent of BigData, it was extremely complex, expensive and time consuming to analyse data from different sources with different data formats – some structured but many unstructured. Today, the BigData technologies are continuing to mature and can analyse huge amounts of data within reasonable timeframes.

Consequently, if an organisation is able to get its hands on the right data sets – it will be able to analyse all of the data and potentially discover trends and behaviours of specific objects or individuals.

Data collected from an individual device may only have a minor erosion of your privacy, however, if it is possible to combine data from multiple devices – then this may be much more significant.

How could BigData and the Internet of Things affect your privacy?

If the data collected can be linked to specific devices and then to the user of that device, there is more value to this data. In addition, by identifying multiple devices as being used by a specific individual, it is possible to combine the data in more meaningful ways to determine patterns in that individual’s behaviour and lifestyle.

Imagine that all the devices you have and use collect data about you and what you are doing:

  • Car – where you go and when
  • Television – the programmes you watch and when
  • Smart phone – where you go and who you communicate with (phone, email, text, social media, etc.)
  • EPOS card readers – all the purchases you make and from which vendors
  • Smart watch – the exercise you are doing, your heart rate and your location
  • Smart fridge – the food you eat and when

If someone is able to combine all of this data and attribute it to you then they would have a good picture of your lifestyle and behaviours. Such information is likely to prove invaluable to advertisers, with the view to better target specific adverts to individuals. It may also provide greater opportunity for criminal activity.

There is also a political perspective to this issue, with privacy matters causing concern to many citizens who believe that governments or states will use the data to infringe on their civil liberties. It seems obvious that the situation in draconian and undemocratic states is likely to further erode an individual’s privacy. However, there is a growing concern in democratic states – where the state’s intelligence services are finding themselves in an uneasy position of trying to balance the need to protect the citizen, against the citizen’s right to privacy.

The issue is not just limited to the more draconian states or to the intelligence services collecting data on its citizens, but these are the cases which tend to grab the news headlines. Even local government services can affect the citizen’s daily life. For example, the authorities in some cities insist on strict recycling regimes, penalising those that do not recycle certain items but just throw them away. If these authorities had access to all data relating to household purchases, then this would surely be a step too far and an unacceptable reduction in privacy.

Who do you trust with your data?

The concerns raised are heightened by the fact that many organisations are prepared to sell their data sets as part of their business model. When this occurs, the individual whose device generated the data may not even be aware of who has their data. In fact, the individual may have unwittingly agreed to relinquish their ownership via a click through agreement.

Organisations must respect their legal obligations to appropriately protect the data that they are collecting – and to only use it for the purposes that they have stated. In doing this, they will need to formulate clear and unambiguous policy on the nature of the data to be collected – and its potential usage.

An example of where this has been done well is the UK television company Channel 4, with their video-on-demand programme – 4oD. In their data privacy policy, it is very clear that:

  • the viewer actually owns the data that Channel 4 collect as a result of the viewer interacting with them
  • Channel 4 will only use the data for a small number of specific purposes.

Additionally, Channel 4’s data privacy policy is written in language that most of us can actually understand.

When Channel 4 analyse the data that they have collected using Big Data, it is anonymised as a matter of good practice. Anonymising the data does not affect Channel 4’s ability to establish viewing patterns and trends, yet safeguards the individual’s privacy. At the heart of their approach is the desire to build trust with their viewer by being open and transparent.

Failure to act in this way will inevitably lead to a loss of trust in the organisation – and individuals will not want to allow them to collect data that their devices may generate.

Should we guard our privacy more?

The impact that IoT and the analysis of the data collected using Big Data technologies will very much depend on who has access to this data and how they actually use it. Whether the access to this data is authorised or not may well have little on the impact on the outcome – and the end game could be the realisation of the “Big Brother” approach that George Orwell depicted in his famous book, “1984”, either by various states and/or corporations.

This is not a new problem, as people have always been reliant on others to maintain their own privacy. What’s new, however, is that now the consequences in an online world are significantly greater and much more difficult to correct.

Protecting your online privacy is often a balance between the convenience of achieving a goal and safeguarding data about yourself, which you may not normally wish to expose.

If you understand the extent to which the data will be made available – and the trust in the organisation or individual to which you are disclosing the data – then it is possible to make an informed decision on whether or not to disclose that particular data.

The question of whether individuals should safeguard their own privacy better online is a complicated one – and heavily depends on each person’s political, social and cultural opinions. However, individuals and organisations need to take greater care to ensure that they are not adversely affecting the privacy of others who do not hold the same opinions.

Ultimately, we may not be able to control how data is collected by devices in the IoT and analysed using Big Data. This will mean that we are faced with a stark choice of either accepting this loss of control over the data collected or to not use certain devices, which may not be practical or could lead to significant lifestyle decisions.

Neil Cordell


Corix Partners

Find out more about how your business can truly protect its future from cyber threats by contacting Corix Partners. Corix Partners is a Boutique Management Consultancy Firm, focused on assisting CIOs and COOs in resolving Security Strategy, Organisation & Governance challenges.