Privacy and Data Security for IoT – what are the risks in monitoring our environment?

Reading Time: 2 minutes


Dr Rachel Finn
- Director, Data Protection & Cyber-risk Services / Head of Irish Operations

Date: 5 April 2018

The introduction of the Internet of Things (IoT) technologies has significantly improved our ability to monitor our environment.

In fact, the use of sensors to measure the physical characteristics of a space (e.g., temperature, air quality, etc.) and to detect someone’s presence in it, has become very popular. The primary purpose of these devices is to have a positive impact on climate change, environmental sustainability and resource efficiency; however, their use may raise privacy and data security issues.

For example, developers might be surprised that an air quality sensor installed in a home which provides information to a smartphone can raise privacy and data security issues. However, this becomes clearer if you consider that, in order to communicate with smartphones, air quality sensors use IP addresses and information about telephone numbers while collecting information about humidity, particle concentration, etc. Both the data collected and the communication links with smartphones legally constitute “personal information” and would make the new General Data Protection Regulation relevant for the system.

In addition, these sensors may indirectly provide information about what is happening in a house. For example, a sudden rise in humidity levels could indicate cooking, washing or other activities. The frequency of data collection and transmission can also indicate what time these activities occurred. Finally, transmitting the information to a smartphone may also give someone outside the house information about what is happening in the house.

This could disrupt a person’s privacy of behaviour and action; for example, one could imagine a parent calling to ask their teenager why they are taking a shower in the middle of the day.

IoT devices like particle sensors may also raise issues around data protection and cyber-security. This is particularly relevant as sensors do not have the processing power to run cyber defence, anti-virus or other solutions. There is little information about how the data is stored on the device and where it is transmitted. Finally, the sensor connection to the smartphone in our example means that the device may put the smartphone and the (personal and other) data contained within it at risk.

As new IoT tools are being used for environmental monitoring new comprehensive research and creative scenario testing is needed to identify potential privacy and data issues. This should include technical research and development, including new, light cyber-security tools and improved end-to-end security measures. This is particularly urgent as the introduction of 5G connectivity will increase the number of devices connected and the information that can be gleaned from collections of different devices.

If a particle sensor can be used to identify someone showering in a home, what could be learned from a set of interconnected devices all working together?

For more information please contact our team.

Related posts