Federal Trade Commission (FTC) chairwoman Edith Ramirez’s remarks at the International Consumer Electronics Show on Tuesday signal that FTC may be paying increased attention to privacy and security issues in the mobile health industry.
The speech focused on how “the introduction of sensors and devices into currently intimate spaces – like our homes, cars, and even our bodies” results in increased data sensitivity and heightened challenges for consumer protection. Those challenges, according to Ramirez, stem from three overarching issues: (1) ubiquitous data collection; (2) using data in ways consumers don’t expect (and the adverse consequences of such use); and (3) heightened security risks.
While FTC has been focused on consumer issues raised by the “Internet of Things” (IoT) era for quite some time, the examples cited by Ramirez suggest that e-health products are among the IoT applications of greatest salience when it comes to consumer protection. She specifically called out smart glucose meters, heart monitors and health monitoring wearables in the speech.
Ramirez’s speech also offered set of prescriptions for IoT product makers:
- Security by design. Mirroring FTC’s focus on “privacy by design”, Ramirez stressed that “security by design” must be given priority and incorporated into devices at the outset of product development. She also cited the need to continue to monitor, test, troubleshoot and improve security features and to build in high-level security customer defaults.
- Data minimization. Companies were urged to minimize the data they collect, or delete it after its initial purpose has been served. Rebuffing some of the claimed promises of big data, Ramirez “question[ed] the notion that we must put sensitive consumer data at risk on the off-chance a company might someday discover a valuable use for the information.” Companies were further urged to de-identify the data that they do collect to the extent possible.
FTC has indicated that Ramirez’s speech is meant to preview the guidance that will likely emerge from FTC’s forthcoming report on IoT. The report follows from a workshop that FTC held to gather comment on IoT in November of 2013. Read Covington’s takeaways from that workshop on our InsidePrivacy blog and do stay tuned — as we will post an update on the contents of the IoT report when released.