You might have heard of the copyright law that states data ownership goes to the person who created the data. In this case, data refers to intellectual properties. But can the same definition be applied to smart devices all connected to the Internet? Data moves through many things before and after it is processed. So exactly who owns the machine-generated IoT data? Let’s take a look.
Who owns IoT Data
Does the end-user own the IoT data collected by smart devices that you use? Or does the company that created the single board has rights over the data? Does the operating system on the single board tell you that they’ll own the data passing through that smart device (In their “Terms and Conditions”) Does the board manufacturer own it? Among others who can lay claim to data collected by smart devices are the software developers who program the smart devices. This is confusing and as yet, has no clear guidelines as to who owns IoT data.
This is the person using different smart devices. Since they are smart devices, they are all connected to the Internet. End-users can access these devices using the related app on their smartphones or directly by punching keys on smart devices.
Almost all of the data on a network is created by the end-user. If we applied the copyright law to all this, the end-user would be the IoT data owner. Unfortunately, copyright law does not yet consider smart devices’ data. There are no laws for the IoT devices at the time of writing this article (September 29, 2019).
There are some laws in the European Union that can be extracted from their GDPR. These laws stress for transparency in data usage and curation. It requires that the end-users should be informed how their data will be used, what all data was being stored, and by whom. It is tricky because of the usual Terms and Conditions that people click on without even reading them. That Terms and Conditions page may contain a clause that the end-user is giving up his/her rights to data and is transferring the same to the software developer.
If the smart device has a screen/display, the users can study the terms and conditions of using a device. Most smart devices do not come with a display, so it is hard to explain the data ownership. In such cases, the manual related to the smart device can include information regarding data ownership. This will take time, however, as people are still not bothered by who owns IoT data!
Smart Device Manufacturers
Entities that manufacture smart devices (single board micro-computers that can take certain actions when something happens) are also contenders for data obtained by the devices. They have created the micro-computers and hence their claim to the data. However, it is not feasible to give away one’s rights (end users) to someone else (the manufacturers) as we don’t know where the data will be stored and how will it be used. But there is not much an end-user can do if the hardware makers stake their claim to data without even asking for such permissions.
They contain trackers that bypass the consent and disagreement of users to collect data anyway. The data is later sent to third parties affiliated with the smart device manufacturers
The teams creating apps for smart devices can also claim their right to data collection. These are the people who’d ask you for permission to send information about the app usage to their servers/datacenters. The T&C (terms and conditions) could be tricky, and you may unknowingly, give up your data rights when you agree to the T&C. The apps on your single-board computer go through many things. From data being supplied in raw form to voice commands, there is a lot much that your smart devices know about you. They can keep track of your habits: data that would fetch a fortune if done correctly.
There was this case of Samsung Smart TVs listening to all conversations that happened near it. After a lot of backlash, Samsung clarified what you should not talk near the Smart TV.
Here is what Samsung said on the issue.
“If you enable Voice Recognition, you can interact with your Smart TV using your voice. To provide you the Voice Recognition feature, some voice commands may be transmitted (along with information about your device, including device identifiers) to a third-party service that converts speech to text or to the extent necessary to provide the Voice Recognition features to you.
In addition, Samsung may collect and your device may capture voice commands and associated texts so that we can provide you with Voice Recognition features and evaluate and improve the features.
Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition”
In the above clarification, Samsung names a third party that could be a data center hosted anywhere on the planet. A third party can also be a cloud service provider asking the same old question “who owns IoT data?”
A lot has to be done to standardize the data rights. Ideally, it should be the end-user (in my opinion), but both hardware and software developers ask for rights to collect your data “so that they can improve their services“.