Privacy By Design

Mirkwood Evans Vincent App Pricay by Design

I was surprised the other day to receive a notification from one of the Mac user forums, that there was a new app, which they recommended for internet security. I wondered at first how it would be different from the Norton security package, which I use today for my office systems. When I looked into it a bit more, I realised that this app was designed to protect my privacy when I was surfing the net, so that (for example) those beastly little cookie things could not follow me back home and start targeting me with adverts for stuff which I neither need nor want…

And then (because I am a lawyer, and a bit sad and geeky), I started thinking about how all these new and different security and privacy packages were all going to interact with each other……..and that got me thinking about the Internet of Things (IoT), and how much more complicated online security and privacy packages were going to have to get, to ensure that our internet enabled fridges and baby monitors and burglar alarm systems, remain sufficiently hack proof to stop terrorists blowing us up in our kitchens; or fraudsters using vulnerabilities in these devices to access personal details in our computer systems; or thieves nobbling in-house cameras to have a good look around and work out what they want to steal next time they are in the area.

The UK Information Commissioner has said that app developers need to ensure that privacy is at the heart of everything they do. The phrase used is “privacy by design”.

It sounds great…. but surely one of the challenges is going to be getting all these security and privacy packages, produced by multiple organisations with multiple functions (and without the power of omniscient consciousness to understand the constant and ever changing stream of new technologies arriving in the market), not to trip over and interfere with the functionality of each other, and thereby create new and worse vulnerabilities for the multiple classes of devices out there or security systems at large.

On a serious note, it means that app developers are going to need to have (a) a good understanding of what “privacy by design” is likely to mean in terms of their legal compliance obligations, and (b) some nifty legal terms and conditions to explain what the in-app security can and cannot do and how it might (or might not) interact with other security software. It will continue to make the world an ever more complicated place for the security companies trying to protect us from everything that the new IoT technology is likely to throw at us; but (on the plus side) it will probably generate even more work for technology lawyers. (There really must be a god).