10-02-2021 | By Robin Mitchell
Recently, Apple has introduced Privacy Labels that help customers better understand the privacy requirements of different apps such as Facebook. What are privacy labels, why is Facebook fuming over them, and could they help improve IoT devices customers?
With the increasing nature of companies monitoring and tracking customers without their full knowledge, privacy is now becoming a major concern by both customers and tech developers. While an app may be free from the perspective of currency, it will most definitely mine data from the user and sell this data.
Privacy issues are made worse when companies get customers to unknowingly sign their agreements using tricks such as an extremely long “Read-Me”, obscure reasons for needing access to all aspects of a device or machine, and confusing opt-out systems (such as those found with Amazon Prime).
To help tackle this issue, Apple has released Privacy Labels that clearly lay out what data an app will collect and its relation to the user. These categories fall into “Data used to track you”, “Data linked to you”, and “Data not linked to you”. It is hoped that this method will better inform customers of what details they will be allowing to be transferred and remove any obscurity in their privacy.
The privacy labels introduced by Apple can be thought of as food labels that indicate ingredients and the content of key elements such as carbohydrates, protein, and sugar. Imagine for a moment the fury that would erupt if food companies decided not to use such labels and instead tried to hide the contents of their products. While privacy may not be as serious as food ingredients, using privacy labels could seriously benefit users and allow for better-informed decisions when using services.
It is no surprise that Facebook, being a free service, uses the data gathered on its users to produce profit via targeted ads and selling data to third-parties. However, many software providers (including Facebook), also track their users and exchange data between different apps running on devices (such as smartphones), which is raising serious concerns for privacy.
I find myself a good litmus test for determining if privacy violations are going too far. I am not a social media user, I don’t use Twitter, and use my device mostly to contact friends via WhatsApp. However, I have recently noticed that my device starts asking me how it was and to rate it online when I enter shops or specific areas. Furthermore, I have noticed more ads trying to target products I have been looking at despite using a browser. From this experience, I would say that privacy has been grossly breached now that my phone knows where I am going, even which restaurant I visit.
The introduction of such labels now means that Facebook users will be warned when using the app that they are data-mined and tracked that can be transferred to third-party users. As such, paranoia and fear can set into Facebook users who may see fewer users use the service, and this will negatively affect Facebook’s business.
However, to counteract the use of such labels, Facebook is introducing prompts on their services that encourage users to allow tracking and data sharing. According to Facebook, the prompt will inform the user how such data allows for targeted ads which help businesses of all sizes and allow Facebook’s service to continue running. Such a tactic would appeal emotionally to users whose effect may be amplified due to the current COVID situation that has seen many businesses closes.
Privacy and security are now the two most important factors when developing IoT devices. The many recent cyberattacks against such devices could see privacy labels be integrated into such products.
If a common standard can be agreed to (such as an ISO), then a calculator could be used to provide products with a privacy score. Such a calculator would consider the type of data being gathered, how it’s transmitted, and how it’s used. From there, customers would see a product label that shows each data type (microphone, camera etc.), and scores each one as to the risk that it poses.
The use of such labels would allow users to make decisions that IoT products are appropriate for their application and highlight to users how to connect their devices to minimise the risk of security breaches. As security and privacy become more important, using such labels could encourage designers to increase the security of their products as well as provide a competitive advantage to other products that are either not secure or lack such labels.
This concept could even be taken further using expiration dates that alert users as to the age of the label, and the older a label is the more outdated the security and privacy score is.
Security and privacy label concept for devices – Robin Mitchell 2021