It’s the time for GDPR, explicit consent to the processing of data. We need to rethink who gets the ownership of the data generated with the IoT and stored in the cloud.
It’s the time for GDPR, explicit consent to the processing of data. And a great number of security breaches are made public day after day. That’s why we need to rethink who gets the ownership of the data generated with the IoT and stored in the cloud.
Why do companies collect data and how do they do it?
As you go deeper into what is the real value of the Internet of Things, there is no doubt: data is a very valuable resource for companies, regardless of the sector they belong in, or their size. The opportunity that the data provide to companies influences areas such as customer experience, performance, efficiency, and even financial results.
Data are collected by sensors located along the entire value chain and stored for further analysis. This process can be done in two ways: with wireline or with a wireless connection. It is true that the cable connection (wireline) is the one that has been traditionally used, and has advantages such as reliability or privacy. However, there are more and more IoT deployments that are configured through a wireless connection.
When using a wireless connection, the data collected may be more exposed to possible threats to the network. Especially when more devices are connected to the same network. In addition, this configuration raises the first challenge of data privacy, while normally, the company that is collecting data is not usually the same one that provides the connection to the Internet. Therefore, a security breach in the network operator can expose the company’s data. On whom does the responsibility fall in this case? On the operator that has suffered the breach or on the company that has not known how to protect itself against it?
Once the data is collected, these are stored on physical servers (edge) or servers in the cloud (cloud). When it comes to physical servers, in most cases, they belong to the company. Therefore, there is no problem with data ownership. However, when stored in the cloud, a large part of companies rely on external servers. Again, this raises a debate about who can use that data and for what purposes and who is responsible in case of cybersecurity problems.
Different layers of ownership depending on the agents involved.
In short, the data collected in the IoT deployment go through different points in which the matter of ownership can be controversial. Therefore, we find different agents that we must analyze:
- the company that places sensors to collect the data,
- the company that develops the platform from which these data are managed,
- the database in which these data are included,
- the connection provider through which the data flow,
- the owner of the servers on which the information is stored,
- the consumer or workers (in case of collecting data about them),
- the company that uses this information to analyze it.
And then, whose data are they really from? The reality is that there are very diverse opinions on this subject. The arrival of the GDPR has shed light on this debate by introducing the need for explicit consent on the part of the individual to be able to process their data. But what happens when it comes to data for the Industrial IoT, which are usually related to processes that do not affect a person but machines for example?
In the end, what is important here is to put the focus on security in each of the processes in which data are involved, and to choose at all times suppliers that have strong cybersecurity practices. There are also currents that sustain that Blockchain technology can be a facilitator for this security, but it adds a layer of «property».
And you, what do you think?
Article written by Cristina Marcos, Marketing Manager at Barbara IoT.
If you like this post and want to receive similar content subscribe to our Newsletter.