Technology

Ethical Considerations in IoT Data Collection


Last year, a court determined Richard Dabate — who police had found with one arm and one leg zip-tied to a folding chair in his home — was guilty of his wife’s murder. His elaborate story of a home invasion might have held water had it not been for Connie Dabate’s Fitbit, which showed her moving around for an hour after the alleged intruder took her life.

Few would argue this was a case of unethical data collection, but ethics and privacy have a complicated, at times sordid history. Rising from the ashes of such experiments as Henrietta Lacks’ cancer cell line, in which a biologist cultured a patient’s cells without her knowledge or consent, a new era of privacy ethics is taking shape — and it has people questioning right from wrong.

What Is IoT?

The Internet of Things (IoT) is shorthand for the vast, interconnected network of smart devices that collect and store information online. Projected to be worth over $1 trillion by 2030, it includes appliances people use at home — like TVs, voice assistants, and security cameras — as well as infrastructure like smart streetlights and electric meters. Many businesses use IoT to analyze customer data and improve their operations.

Unethical Data Collection and Use

There’s no question that IoT data is helpful. People use it for everything from remotely turning off the AC to drafting blueprints for city streets, and it has enabled significant improvements in many industries. However, it can also lead to unethical data collection and applications.

For example, using a person’s demographic information without their consent or for purposes beyond marketing and product development can feel like a breach of trust. Data misuse includes the following violations.

1. Mishandling Data

Collecting and storing vast amounts of data brings ethics and privacy into question. Some 28% of companies have experienced a cyberattack due to their use of IoT infrastructure, and these breaches often expose people’s sensitive or confidential information.

The average data breach cost in 2022 was $4.35 million — and a loss of consumer trust. For example, hospital network hacks can reveal patients’ medical history, credit card numbers, and home addresses, leaving already-struggling people even more vulnerable to financial woes. The loss of privacy can make people wary about using a service again.

Mishandling data isn’t unique to IoT devices, of course — 40% of salespeople still use informal methods like email and spreadsheets to store customer info, and these areas are also targets for hackers. But IoT devices often collect data beyond what you’d find on a spreadsheet.

2. Collecting Highly Personal Info

Home IoT devices are privy to uniquely private data. Although 55% of consumers feel unseen by the brands they interact with, many people would be shocked at how much businesses actually know about them.

Some smartwatches use body temperature sensors to determine when a user is ovulating, guessing their fertility levels, or predicting their next period. Smart toothbrushes reduce dental insurance rates for people who brush regularly and for the recommended two-minute interval.

In many cases, smart devices collect as much information as a doctor would, but without being bound by pesky HIPAA privacy laws. As long as users consent, companies are free to use the data for research and marketing purposes.

It’s an easy way to find out what customers really want. Like hidden trail cameras capturing snapshots of elusive animals, smart devices let businesses into the heart of the home without resorting to customer surveys or guesswork.

3. Not Following Consent and Privacy Ethics

It’s one thing to allow your Alexa speaker to record you when you say its name; most users know this feature. However, few realize Amazon itself holds onto the recordings and uses them to train the algorithm. There have also been cases where an Amazon Echo secretly recorded a conversation and sent it to random people on the users’ contact list, provoking questions about unethical data collection and privacy ethics.

Getting explicit consent is crucial when collecting, analyzing, and profiting off of user data. Many companies bury their data use policies deep in a terms-and-conditions list they know users won’t read. Some use fine print many people struggle to make out.

Then, there’s the question of willing consent. If users have to sign up for a specific email service or social media account for work, do they really have a choice of whether to participate in data collection? Some of the most infamous cases of violating privacy ethics dealt with forced participation.

For example, U.S. prisoners volunteered to participate in studies that would help the war effort during World War II. Still, they could not fully consent because they were physically trapped in jail. They tested everything from malaria drugs to topical skin treatments. Some volunteered in exchange for cigarette money or to potentially shorten their sentences.

Even if users give explicit consent, most people now consider collecting data — medical or otherwise — unethical by coercing people into doing so. Collecting data from people unaware they’re giving away sensitive information is also an ethics and privacy violation.

Characteristics of Ethical Data Use

How can data scientists, marketers, and IoT manufacturers keep users’ best interests in mind when collecting their data?

1. Ask for Permission

It’s crucial to always ask before using someone’s data — and ensure they heard you. IoT devices should come with detailed information about how the device will collect data, how often it will do so, how it will use the information, and why it needs it in the first place. These details should be printed in a clear, legible, large font and not be buried deep in a manual heavy enough to use as a paperweight.

2. Gather Just Enough

Before collecting information, decide if you really need it. How will it help advance your company’s objectives? What will you and your customers gain from it? Only gather data relevant to the problem at hand, and avoid collecting potentially sensitive information unless absolutely necessary.

For example, smart beds can track users’ heart rates, snoring, and movement patterns, but they can also collect data about a person’s race or gender. How many of these metrics are necessary for marketing and product development purposes?

3. Protect Privacy

After gathering data, keep it hidden. Strong cybersecurity measures like encryption and multi-factor authentication can hide sensitive data from prying eyes.

Another way to protect consumer privacy is to de-identify a data set. Removing all personally identifiable information from a data set and leaving just the numbers behind ensures that even if someone leaks the data, no one can connect it to real people.

4. Examine Outcomes

How might your data be used — intentionally or not — for other purposes? It’s important to consider who your data could benefit or harm if it leaves the confines of your business.

For example, if the data becomes part of an AI training set, what overall messages does it send? Does it contain any inherent biases against certain groups of people or reinforce negative stereotypes? Long after you gather data, you must continually track where it goes and its effects on the world at large.

Prioritizing Ethics and Privacy

Unethical data collection has a long history, and IoT plays a huge role in the continued debate about privacy ethics. IoT devices that occupy the most intimate of spaces — the smart coffee maker that knows you’re not a morning person, the quietly humming, ever-vigilant baby monitor — give the most pause when it comes to data collection, making people wonder if it’s all worth it.

Manufacturers of smart devices are responsible for protecting their customers’ privacy, but they also have strong incentives to collect as much useful data as possible, so IoT users should proceed with caution. It’s still a wild west for digital ethics and privacy laws. At the end of the day, only you can decide whether to unwind with a smart TV that might be watching you back — after all, to marketing companies, you are the most interesting content.

Featured Image Credit:

Zac Amos

Zac is the Features Editor at ReHack, where he covers tech trends ranging from cybersecurity to IoT and anything in between.