Data privacy in the Smart Society

The idea of ubiquitous computing, where connected devices and sensors are present everywhere, has been around for decades. With the ever-increasing computing power of small devices, the vision of the Smart Society now seems to be within reach.

One major challenge to this vision, though, is how to protect the vast amounts of data that will be traveling between the nodes of the connected system of devices like, for instance, in the Internet of Things applications.

The Internet of Things will become part of the infrastructure

A widespread, well-established Internet of Things has, no doubt, been defined as one of the foundations of the connected world. For a true Internet of Things to be realized as imagined, sensors and computing devices will be built into all kinds of hardware, always connected.

Sensors may be measuring power consumption, work as an aid in traffic planning or keep track of what is going on in a sewage system. The information gathered and shared in such critical systems must be secure and made to last. Devices in such systems need to be considered part of the infrastructure, requiring the same kind of longevity as the water and power supply installations they are installed to monitor.

IoT implementations must be designed for long-term use, as devices installed today must still be working many years from now. Besides still being able to capture data in a reliable way, they must also still protect the integrity and privacy of that data, and not risk being obsolete in terms of data privacy.

Designing IoT for privacy

Most connected devices today are part of a very limited “intranet of things”, where communication is possible only between a set of devices in one specific system setup, with data and personal information being shuttled to central cloud storage. IoT solutions for the Smart Society of the future need to be able to communicate between devices from different systems and manufacturers.

This entails, among other things, that the data transported between devices needs to be protected at every node in a consistent and resilient way. It also means that cloud storage becomes obsolete, as current levels of network traffic in “intranets of things” are not sustainable. Sensitive information needs to be kept safe, and it needs to travel less, that is, to stay, and be processed, at the edge.

Designing IoT for the EU

Designing secure IoT solutions within the EU has its own implications; designs require compliance with the General Data Protection Regulation, GDPR, which states that data must be, at all times, protected “by design” and “by default”. Such protection, the Regulation states, needs to be provided using “State of the art” security.

What this means is that all data-based solutions intended for the EU market must be designed with data protection taken into account from the outset, by design. That is, the design itself must help protect the privacy of users’ data. Data protection by default means that data protection measures cannot be attached as an add-on, at some “later stage” in the lifetime of a solution, but data protection must be a standard feature of any device.

State-of-the-art data protection, here, should be interpreted as privacy-protecting solutions that are future-proof, which can change over time, to always be reliable and compliant, even after decades of use in a connected environment. So, designing IoT solutions with GDPR in mind resonates well with requirements on the longevity of IoT building blocks, whether intended for public or private use.

Designing IoT for the future

Devices using data protection that risk becoming obsolete would need to be replaced as soon as privacy can no longer be guaranteed, so this simply is not a viable option for a sustainable Internet of Things. A connected ecosystem of computing devices needs to keep data protected in a unified way, using standards that will survive a gradual transition to next-generation devices, while limiting network traffic for sustainability. Both are key to creating a connected society.

Sensors and connected devices are best protected when sensitive data is stored on them, with a minimum of data sent across the network. As part of a connected infrastructure intended to be used for many years hence, integrating future-proof data protection for those devices is essential.