We’ve often written about how connected experiences in the consumer Internet of Things (IoT) provide a powerful new channel for engaging and marketing to consumers. In one post, we wrote about consumer app monetization. In another, we discussed IoT’s impact on advertising. The emergence of hyper-contextual marketing was the topic of yet another related post.
Underlying consumer IoT applications is the question about how personal data ownership and privacy are managed. Given the type and amount of data these applications capture, it's understandable that privacy concerns are being raised to a new level.
The entire topic of privacy and data security is too large and complex for one blog post, but there are a few fundamental concepts around data ownership that you as a consumer of connected product apps should know:
1. The Terms and Conditions (T&Cs)
Every app will have T&Cs you agree to when you register to use it. They’re a legal contract to which you and the app developer are bound should any conflict (e.g., about timely payment) arise. They also describe the limits of liability. Most app developers will specifically disclaim any guarantee of absolute security for your personal information.
T&Cs also spell out the app developer’s rights to the consumer’s User Data and Content. The typical arrangement is that the consumer owns the data and content, but grants the developer the rights to use them to operate and improve their service.
2. User Data vs User Content
User data (also PII or Personally Identifiable Information) is the basic data you must enter - name, birthdate, gender, email address - when you register with the app. The app developer will never claim ownership of this data, but reserves the right to use it to provide their service. They’ll also include a retention clause. If you delete your account, they may delete your data, but that’s not always guaranteed.
User content includes all the other data and content captured and stored by the app that cannot, by itself, be used in some way to identify the individual user. It includes content posted explicitly to the app (photos, written comments, “likes”…) as well as activity data (e.g., what’s captured via a fitness tracker). Most apps will not claim ownership of this content, but include a grant of rights in their T&Cs to be able to use it.
(For an example of a Terms and Conditions document, including a rights grant for User Content, see Strava’s T&Cs.)
Balancing Risks vs Rewards
For more general info on how to keep personal information secure, check out this article from the FTC.