With the advent of IoT humans will be connected to their objects through wearables, fitness devices, smart homes, connected cars, etc. These connected objects will generate large amount of data. A significant size of this data will predominately constitute personal data.
A new approach needs to evolve to address the challenges of data protection through regulatory framework. An identified thought process for data protection shall comprise of at least the following:
Right to forget (Data):
The data to be deleted when one no longer wants it to be processed and believes there are no legitimate grounds to retain it.
Data Accessibility (Personal):
When switching data between different providers (Cloud services) data portability shall be made easier to transfer the personal data.
Data controllability by user:
To seek explicit permission to process personal data. No assumptions to be made in this regard. After all it is user’s data and the goal should be to make the user responsible for their data.
Data protection should be at forefront:
User data protection should be in built in the products and services offered to the user’s right from early development stage. This shall encompass privacy friendly settings as default. Also privacy by design and privacy by default should also be supported.
Considering the nature of IoT deployment and wide variety of implementations a common consensus needs to be reached through standardization processes and technology solutions for user data protection.