IoE will impact personal data – are you ready?

Zoltán Précsényi, Director of Government Affairs, Symantec, gives a heads-up on Getting Up-Close and Personal with GDPR, ahead of his fireside chat at TM Forum’s Internet of Everything InFocus 2017 event (October 17-18, Amsterdam, Netherlands).

The  European Union’s General Data Protection Regulation (GDPR) is a legal framework that will come into force on May 25, 2018*. How it relates to the internet of everything (IoE) is not well understood.

Data security and privacy are the two building blocks that can make or break IoE, and there we have a problem. While data is at the root of all the prospects IoE brings – measuring more, improving more, selling more – many, if not most smart devices are nowhere near secure enough to ensure meaningful levels of data accuracy and integrity. Cyber criminals know that well, and as with every generation of new technologies, they have been among the most creative and proactive in taking advantage.

A Symantec test looked at how long it take for an average IoT device, let loose on the internet, to be cyberattacked:

Source: Symantec

There are abundant reports about some of the more spectacular cyberattacks. The Mirai botnet, for example, caused a massive internet outage in autumn 2016 for high profile websites like GitHub, Twitter, Reddit, Netflix, Airbnb and many more. The attackers used more than a million zombie IoT devices to launch a massive distributed denial of service (DDoS) attack which effectively took down swathes of these online services for several hours.

It is high time everyone started thinking ‘end-to-end security by design’ in their IoT activities, otherwise tomorrow’s IoE might well become the most insecure environment we have ever lived in.

Getting ready for regulation

Much of the IoE data collected is likely to be the kind of personal data that comes under the European Union’s (EU) General Data Protection Regulation (GDPR), and will need to be compliant. When we talk about collecting more and measuring more, we tend to forget that this data is often eminently personal aspects of peoples’ lives. When they turn on the light, where they drive their car, what medicine they take, etc.

Yes, even the engine performance tracking the data of a forklift in a warehouse could be personal data, in that it may reveal a lot about the work performance of the employee operating it. Do they do their shift as they should? Do they drive carefully or recklessly?

The number of passengers on board a tram may not be personal and seen as ‘industrial’ data, but if you correlate smart phones whose geolocations with your tram’s, you are processing personal data about those individuals.

Such complex webs of compliance considerations are what then makes IoE data management and data monetization quite the tall order.

The GDPR is coming into force on 25 May 2018, while IoE is to bring tens of billions of new devices online within a few years – GDPR-readiness must be taken seriously.

So how are we doing today?

Symantec’s research found there is work to do; companies’ preparedness is definitely behind schedule, their preparation efforts are often insufficient and, in many cases, they have only a basic awareness and understanding of crucial issues as shown below.

Source: Symantec

Avoid being one of those firms, come to the fireside chat in Amsterdam – Getting Up-Close and Personal with GDPR – to find out more about the GDPR for IoE.

*GDPR is designed to strengthen and unify data protection for all individuals within the European Union (EU), including the export of personal data outside the EU. The primary objectives of the GDPR are to give citizens and residents control of their own data and to simplify the regulatory environment for international business.


    About The Author

    Director of Government Affairs, Symantec


    1. In social and labour policy debate taking place in the International Labour Organization, across the UN and multilateral system, and in the G20 and other emerging processes, the IOE is the recognised voice of business.

    2. Ashutosh Tripathy on

      Hi Zoltan,

      I share the concern of data security and privacy. With increasingly complex computing, machine learning and AI we are introducing some vulnerability to data protection.

      While I am totally in for development and new technologies, I am concerned about the data hacks. Sensitive data in the wrong hand could bring chaos to the world.

      A layman(a simple smartphone user) today is not aware, how much personal data is he allowing apps to use. Take a simple example of Google doing its predictive analysis on personal data from users. As a user, we have no idea what all data is it collecting and what could be the implications.

      So I do agree to governments/regulators when they make data sharing more controlled and regulated. Recently supreme court of India made a verdict where it states, privacy is a fundamental right and Govt. can’t make UID mandatory (unique identity scheme which records your iris scan and finger prints) to get social welfare benefits by govt.

    Leave A Reply

    Back to top