At the end of 2020, the M-Sec Project launched a survey to the European and Japanese IoT community, to better understand their experience when using IoT devices and applications and on their knowledge of EU & Japan’s data protection regulations. 6 months after, and with more than 450 answers, here are the first insights from our community
Why a survey?
The M-Sec Project was born in July 2018, as an EU and Japanese R&D project made by twelve partners (six European and six Japanese). The main motivational factor arose from the fact that many data sources in the IoT and smart city domain contain sensitive information that raises issues on privacy and data protection. The main objective sought by M-Sec was, thus, to develop a framework that provides security and integrity of data traffic, end to end, from the device to the cloud, and to the application, in a secure and transparent way.
Thus, the M-Sec Project decided to conduct an online consultation in the scope of its research, to all EU and Japanese IoT citizens and stakeholders, considered as potential users of the M-Sec solution, to collect feedback on their experience when using IoT devices and applications and on their knowledge of EU and Japan’s data protection regulations. The main goal of this survey was to help the project better understand the IoT ecosystem in which M-Sec was expected to operate, what were people’s main IoT habits and their awareness regarding data protection regulation in their region.
IoT habits. Will devices and apps become part of citizens daily routines?
From a sample of more than 450 answers, most respondents (22%) identified health devices – such as fitness bracelets – as the IoT device that they most commonly use, closely followed by home appliances (21%) – such as smart refrigerators – and voice assistants (21%) – such as Google Home or Alexa. 34% of respondents seem to use those devices every day, all day, which shows they are increasingly becoming part of citizens daily lives and routines.
IoT security and privacy concerns. Are citizens aware of such dangers when using IoT devices?
As the use of IoT devices and apps becomes increasingly higher in today’s modern and connected society, security and privacy concerns related with their use must be taken into consideration by all, as we exchange more data than before – data that, sometimes, might be sensitive and personal. However, 64% of our respondents are not fully aware of security and privacy data protection policies of the IoT devices and apps they so commonly use, meaning that they do not always carefully read those policies when start using a device or app or when those policies are updated by the provider.
Thus, it becomes extremely important to raise awareness among citizens and stakeholders regarding the dangers of such use, the attacks they might suffer, and the loses they might have, and how we, individually and as a society, can fight it or, better yet, prevent it from even happening. In fact, when confronted with a hypothetical scenario in which a given IoT device or app suffers a cyber-attack, most respondents (52%) prefer to stop using that device or app immediately and then go and check its data protection policies. Therefore, the M-Sec Project has created a Comic Book – English and Japanese version – that we hope will help citizens better understand what is at stake when it comes to the security and privacy of their data and how the M-Sec solution will help them prevent several types of cyber-attacks when they are using a given IoT device or app, which they believe might facilitate their lives.
In fact, the main privacy and security concerns seem to be more related wrongful use of data by others (>60%), than the actual malfunction of the IoT device or app itself.
IoT policy. Are citizens aware of data protection policies?
Although most respondents (89%) do not seem to be aware of the current IoT smart city solution deployed in their city, they are aware of small changes at a city or even at a more local level (for instance, in neighbourhoods), that clearly positively affect their lives. Some examples are C02 and air quality sensors, transportation, parking and traffic related sensors, smart gardening and watering related sensors, smart building automation for public buildings, open data portals, among other small-scale initiatives.
Moreover, when asked about EU and Japan’s GDPR and APPI’s data protection regulations, EU and Japanese respondents show a satisfactory level of awareness – either they are fully aware or, at least, have heard about it.