April 28, 2016
Partner Dana B. Rosenfeld and associate Crystal N. Skelton discuss best practices for the ever-changing digital landscape in The Cyber Security Law Report article, “Designing Privacy Policies for Products in the Internet of Things.” Ms. Rosenfeld and Ms. Skelton shared conventional ways individuals and companies can maintain privacy, however as technology evolves, consumers and regulators must walk a fine line to find balance between privacy and convenience.
Ms. Rosenfeld and Ms. Skelton elaborate on common difficulties companies face in obtaining user consent in the Internet of Things (IOT), as well as obstacles in designing IOT products. “The FTC has recognized there is no one-size-fits-all approach and there are flexible ways to provide this information to consumers,” Ms. Skelton said. “So often it comes down to what types of information you’re collecting, whether consumers would expect the device or your company to collect that information, and whether the information is being used in a way that makes sense based on the purpose or functionality of the device.”
When drafting policies for IOT products, Ms. Rosenfeld recommends consumers and companies view the FTC staff report and related enforcement documents. While it may be difficult for companies to review more than 100 privacy and security-related enforcement actions, the FTC provides guidance in documents that are helpful in the initial stages.