by Kumar Srivastava

The IoT will force us to delegate our privacy

Mar 18, 20156 mins
Big DataPredictive AnalyticsPrivacy

A look at the impact of IoT on how users will deal with their privacy and why the delegated privacy will empower users.

09 chief privacy officer
Credit: CSO staff

The Internet of Things (IoT) carries huge implications for consumers. It carries the promise of tremendous value through personalized, contextualized experiences, products and services that sense the need and intent of the consumer and deliver an experience and service that exceeds the expectation of the user and ultimately delights them.

However, the challenges around privacy management will force users into adopting the delegated privacy model where they will offload their privacy management to a single enterprise who they trust. They will use the same provider for all of their IoT enabled needs. This delegated privacy model will have a cyclical effect on the spectrum of services offered by a single provider with most providers expanding their service arsenal to support majority of the user’ needs. In return, users will need to “trust” only a few providers with their privacy and will end up having broader and more direct control on the provider by how they choose to use the services and for how long.

Beyond Web 2.0 to IoT

The enhanced value delivered through IoT enabled services bears and demands a considerable cost. The cost of privacy that the user has to trade for getting these services in return is very high. If we draw a parallel between the era of Web 2.0 where services went from simple Web page delivery to providing customized personalized experience (e.g. amazon, google and facebook), it becomes evident that data about activities in the physical world will be needed to provide the same context required to deliver customized personalized experiences in the physical world.

In the Web 2.0 world, this was enabled by user activity tracking through first and third party cookies, user identification and activity telemetry. This enabled the tracking of users as they went from one Web site/service to another and in turn generated a rich profile of the user and their online activity. This data could then be mined to offer a rich experience and targeted ads and messaging for the user.

In the IoT age, we now have the opportunity to, similar to what was done in the online world, map and track the user’s physical world interactions. An intricate network of sensors has the ability to track transactions and activities in the physical world as the users move spatially and temporally. Patterns in such movements can be used to extract user habits and generate a user profile. The real breakthrough happens when the physical world meets with the virtual world to generate a single 720 degree view across the physical and virtual world.

The proliferation of IoT is inevitable. Customers, just as in the virtual world, will trade in their privacy for enhanced value. However, the implications of privacy loss are much higher in the physical world. The virtual world offers a thin veil of anonymity through a mix of technology and regulations. The adoption of IoT removes the last remaining disconnect between the virtual and physical world enabling seamless tracking of the user across these dimensions. The cost of privacy loss is much higher in an IoT enabled world.

Since IoT will be prevalent and adopted by most service providers, consumers will not only have to accept the loss of privacy but will be required to willingly give up their privacy for every service they use, separately to every service provider. Since the severity of privacy loss is exponentially magnified based on the number of services used by the user, a reasonable reaction for users would be to limit the number of disparate services and service providers with whom they interact. This will be the force behind the rise of delegated privacy.

Delegated privacy

Delegated privacy is defined as the willingness and intent of the user to delegate their privacy concerns to a single service provider by explicitly choosing the same service provider for a spectrum of services used by the user thus ensuring that their private data is relegated to a single service provider and does not cross service provider boundaries.

Major service providers will transform into unified service models that deliver multiple different, disparate services through the same platform. We will see more service providers like Google, Apple, etc. that will control the entire user experience across hardware, software and a multitude and plethora of services. This convergence into a limited set of providers will reduce the choice and the risk for consumers as they will choose to “adopt” one service provider that would deliver on all their needs such as communication, payments, social, networking, transportation, etc.

The convergence of services and de-fragmentation in the IoT enabled service markets will lead to this model of delegated privacy. In this model, consumers who are unable or unwilling to deal with the matrix of privacy and security options per service will simply adopt a single service provider for all or majority of their needs and will delegate their privacy considerations to this unified service provider. Consumers will “trust” these unified service provider and delegate their privacy management and considerations to such unified providers. In this delegated model, the user will offload their privacy burden on to the service provider.

Checks and balances in the delegated privacy model

The service provider will need to establish stringent privacy controls to manage user data and privacy. Because they will control a majority of the user’s service needs through their services, they will have very little motivation to breach user trust by sharing data or misusing data and will create rigorous and exacting privacy standards in and across their services.

As this happens, the intrinsic value of a service provider will be closely tied to how well they can honor and protect the consumers privacy in the delegated privacy world. In fact, consumers will reward enterprises and service providers with continued usage and will punish those who are not able to protect their privacy by abandoning their services. The expectation of safeguarded privacy will be the “cost” imposed on enterprises for continued usage of their services. Privacy management practices will directly impact enterprise value in public markets and this will provide a financial incentive for enterprises to protect user privacy.


The privacy implications of the IoT are so huge that it will force a new approach to managing privacy. In the delegated privacy model, enterprises will have direct financial motivation to protect and manage their end user privacy. They will be rewarded with continued usage across multiple services. If they are not able to protect privacy, they will loose the user across all of their services and will loose rich usage data that will reduce the value of their service for the remaining users.