- on whose behalf the thing acts on (whether a data subject or not)
- the data subject of the data the thing collects & shares
A Fitbit Flex, Jawbone Up, Nike Fuel Band etc all collect the data of a given single user. It is that same user that the thing acts on behalf of. This makes for a pretty straightforward identity model - single device, single user.
At any given time, a smart scale like a Withings or Fitbit Aria is also representing a single user (and sharing that user's data). But, unlike the wearables above, for this sort of thing that user can change over time. Consequently, such a thing has to support multiple different users - including UI that allows users to select themselves from a list. Ideally, such a thing (and associated apps) would also support differentiated consent/authorization for all the different users. For instance, should my wife be allowed to see my weight data (and surreptitiously try to curtail my beer consumption as a result?) That's not a world I want to live in you, do you?
The archetypical 'smart toaster' would need this sort of identity model if it were to allow each breakfast eater to have personalized toast patterns.
A thermostat like a Nest, or a fridge, etc collects the data associated with a group of users (the family members) and can be said to act on behalf of the user that bought, installed, configured & registered it (not the teenager in all likelihood). Because the data is aggregated, the privacy risks are different than for a device that acts only for single users.
Things can also act autonomously, ie be 'doing their thang' not on behalf of a user of that thing, but for themselves (or more precisely some unnamed admin or even a corporate entity).
A residential electricity meter, like the Nest, collects data associated with a group of users (the family) but, unlike the Nest, is not under the governance of the homeowner. Instead the meter is owned and operated by the electricity provider. While the provider may give access to the homeowner, its fundamental purpose is to determine how much to charge per month.
Likewise, nobody would argue that a speed camera snapping a pic of me (only slightly exceeding the limit, which everybody agrees is ridiculously low on that stretch of road) is acting on my behalf. It's operating on behalf of the local region or county tax revenues. Along the other axis, those cameras can focus on (and differentiate) individual drivers or post-game hockey final loss mob members - and so create privacy concerns.
And probably the biggest use case (in number of sensors & perhaps $$) - all those factory floor robots, air quality sensors, street lights & water pipes silently reporting operational status.
4 comments:
About your very last §, don't you agree that all of those things, even if they have an identity (on their own, but that can be just a simple serial number), are very unlikely to be aware of their "users" and never really act on behalf of someone else. They just do their duty and send their data to an anonymous address, remaining in the ignorance of all these beautiful human beings whose lives are so improved by their self-abnegation...
Paul, it seems to me that the classification matrix should include on the vertical axis the category "3rd party". Things like a health devices possessed by a user but controlled by a doctor, as an example.
Benoit, if a thing goes to the effort of getting a user's consent to some data operation, and is issued a token reflecting that consent, and stores that token away and knows to use it on API calls, can we not say that the thing i *aware* of the user, at least in the sense of being able to distinguish one user from another etc?
@idgorilla, agreed. Will revise
Post a Comment