This sponsored article over on Gizmodo is a little FUDdy but it asks what I think is going to be an increasingly difficult question to answer: who has dominion over the data I emit?

In the case of a regular human, a typical IoT device user will passively generate massive amounts of real time data.  This is exactly what we regular humans want.  The more predictably this data is generated, the less conscious effort it takes, the more useful it will be for later analysis.

However, already today, data goes any number of places.  It can go the obvious places, and then it can live on in a much broader context via distribution to 3rd parties.  After all, any data interesting enough to gather is valuable enough to sell.

This situation presents three risk areas.  The first is the primary service provider (phone, device or system), second is any third parties you authorize via terms and conditions and last is add-on capability providers, like apps, which might also leak to third parties.  Are these really “risks”?  Well depends on who you are and what you value.

Now this is just for regular humans.  Imagine the complex web of risks a modern business faces adopting IoT solutions at scale.  The good part for businesses is that many business providers address this confidentiality concern contractually as a core part of their business.  If you are a business owner, you should clearly understand where the data you generate goes and what that means for your business.

Back on the regular human side, it’s another story.  Facebook and Twitter have demonstrated clearly that regular humans are more interested in short term functional capabilities than long term data re-use and analysis.  It’s therefore tempting to call for government regulation to address the issue. That might work in the EU but it has a snowball’s chance of passing in the US. In the US, I’m not sure what the right thing to do is.  It might be our only option is third party services that monitors our data and alert us when something goes awry, but at that point it feels like the chicken has flown the coop.  What would be super useful is some sort of labeling that reminds us what’s happening, a human readable privacy policy, but even that feels a little late.

Maybe there’s room for something similar to “organic” labeling or MPAA ratings, a third party evaluation that regularly inspects a service providers business and contracts, and then awards a regulated label based on what it finds.

Interesting times for sure!