Close to dark side thinking I believe and it starts from the wrong point. They question again is why regulate storage of data.  All data should be thrown away. Regulate collection and maybe what can be done with analysis.  My view is that the existing framework is broken and is not suitable for adaptation.

However, I expect it will all happen and have passed by the time the regulator catches up.

Parliament would like more privacy and security in relation to the internet of things

The European Parliament welcomes the development of the internet of things (IoT) but asks the Commission to set up a clear legal framework on the security, safety, privacy and protection of personal data in relation to the IoT. It also points out concerns on other issues not directly related to the IoT, including on the legal uncertainty surrounding cloud computing.

The resolution adopted on June 15, 2010 also proposes that the Commission should carry out a detailed assessment of a number of issues linked to the use of RFID technology, including the protection against cyber attacks, guarantees on the personal data protection and the right to remove or disable tags after purchase (the so-called right to „chip silence‟).

The IoT refers to applications where physical objects become connected through complex networks and provide information about themselves and their surroundings. Examples are for instance fridges able to inform the consumer on any product past its use-by date or cars equipped with chips connected to web-enabled mobile phones to convey information in real time on traffic jams.

1. Background

The resolution follows the adoption exactly one year ago by the European Commission of an action plan, which explains how the Commission will assess and regulate the emergence of the IoT (see EU Ecom Tracker 27). The action plan identifies six main areas of actions to ensure trust and safety for all citizens in the context of the IoT: governance, privacy and protection of personal data, security, standardisation and interoperability, research and development, and awareness-raising and international cooperation.

2. The resolution

The resolution stresses that the IoT requires safe, transparent and multilateral governance as well as a clear legal framework related to data protection and security. It supports the Commission focus on safety, security, governance, privacy and protection of personal data but asks for some complementary measures, including to:

 adapt the current data protection directive to the digital environment (see EU Ecom Tracker 23);

 clarify the concept of „data owner‟ and „data controller‟ related to data automatically collected and processed;

 assess the impact of IoT applications on the current internet network infrastructure in terms of network congestion and data security;

 ensure the development of a transparent system preventing fraud and allowing device identity authentication and traceability;

 strive to establish international standards for IoT applications to facilitate interoperability as well as infrastructure openness, transparency and technology neutrality;

 coordinate the actions on IoT with the work on the Digital Agenda (see EU Ecom Tracker 1);

 give more consideration to the objective of building an inclusive IoT to which all European citizens should have access;

 raise European citizens‟ awareness of new technologies and their applications and promote digital literacy and e-skills.

On the use of RFID technology (e.g. chips and tags), Parliament asks the Commission to:

 give consumers the right to privacy by opt-in and/or by „privacy by design‟ (tag disablement at the point of sale should be automatic unless consumers agree otherwise);

 reflect on the right of citizens to choose products that are not equipped with IoT applications or to be disconnected from their networked environment.

The resolution also asks the Commission to take the following additional actions, which are not directly linked to the IoT:

 to analyse, with the help of operators, aspects related to Wi-Fi security systems;

 to assess the possibility of further lowering data roaming costs.

On cloud computing, Parliament stresses the potential “danger” related to the legal uncertainty surrounding cloud computing, but does not ask the Commission to take any specific measure.

NB. The Commission Digital Agenda foresees the development of a European strategy on cloud computing.

Finally, the Commission is asked to publish by the end of 2010 a timetable with its proposed actions to improve the safety of the internet of things and RFID applications.

The Technology Strategy Board is to invest up to £10 million in new research projects that will help accelerate the development and deployment of more secure and trustworthy information systems within Digital Britain and the wider global economy.

Brief http://www.innovateuk.org/content/competition/trusted-services-competition.ashx

To register http://engage.innovateuk.org/technologystrategyboardlz//EventMgr_ShowEvent1.aspx?eID=12

Press release http://www.innovateuk.org/content/news/british-companies-challenged-to-develop-technology.ashx

The competition is to encourage innovative British companies to develop tools, techniques and services that will target the increasing risks that consumers, businesses and public sector organisations face, while also providing significant market opportunities to build a strong capability base in the UK.

The £10m to be invested in the R&D includes £2m from the Engineering and Physical Sciences Research Council and £300,000 from the Economic and Social Research Council.  In addition to full-scale R&D projects that may take between 1 and 3 years to complete, the Technology Strategy Board is keen to receive applications from SMEs or micro companies for 'fast track' projects costing below £150,000 that will take up to 12 months to complete.

Last night I spoke at mashup’s event on Digital Identity: the value of digital you with

Nicky Hickman, Robin Wilton, Alan Moore and David Rennie

My views from the session are that Digital Identity is still at the early stages of debate and discussion even though there is an increasing number of experts who deeply understand the issues, the overriding focus is still an argument about what “words” mean – the image gives some of the words that went round.

Digital Identity is a complex issue crossing many boundaries and professional disciplines. We tend to have many persona, we are no longer owned by a Brand, we know many people with whom we have a different relationship with and know to different degrees and understanding, we don’t tend to reveal all to everyone, you cannot own your data, people are lazy and don’t do things even though they could, value depends on who the giver and receiver is. Identity is a negotiation and in reality we are the product that is traded. Two good quotes

“privacy is no longer the social norm”  Mark Zuckerberg Facebook

“It's not our data, it's our life...” Bruce Schneier

Here is the list of words that we crossed in the conversation on Digital Identity

Negotiation

Confidence

Trust

Value

Informed consent

Privacy

Control

Convenience

Tolerate

Informed

Conversation

Manipulated

Relationship

Forgiving

Pre-defined

Knowing

Owning

Persona

Hard/ soft identity

Implicit/ explicit data

Implied

Security

Digital footprint

Social benefit

Engaging users

Trade

Barter

Reveal

Honest

Representative

CRM/ VRM

Simplicity

Personal

Terms and conditions

It’s dead