The FTC is set to investigate rules for the Internet of things

The Federal Trade Commission will soon meet to discuss how it plans to regulate the Internet of things, and how connected devices share consumer data. There are two issues at play here, one being the privacy of consumer data and the other being the security of the networks delivering that data.

The privacy issue, however, also contains a security dimension since the devices can share things that affect a person’s safety -- such as where they live and whether or not they are home. The rise of such connected devices essentially takes the established privacy framework the FTC adopted for web data and throws the problem into three dimensions. The FTC had established several categories of “sensitive data” in its 2012 Privacy Report, including Social Security numbers, precise geolocation data, financial records, health information and information about children. This data required higher levels of user consent and protections. Yet in a recent decision, the FTC seems to be expanding that concept of sensitive information for the Internet of things. The issue is a tough one for the agency. It’s in the unenviable position of trying to understand an emerging industry built on connectivity and data collection that in many areas doesn’t even have a business model associated with it. Companies know they want as much data as they can glean with the widest possible permissions to go with them, while consumers have no idea what they are giving up. A common sense that services built on the back of data and collected by a variety of connected devices is, for now, the only thing that ties today’s Internet of things evangelists together.