Five Common Misconceptions About Privacy-Preserving Internet of Things

TL;DR

This paper clarifies five common misconceptions about privacy-preserving IoT, emphasizing that privacy should enhance trust and innovation, not hinder it, and that security alone does not ensure privacy.

Contribution

It refutes five misconceptions about privacy-preserving IoT through real-world experiments and surveys, providing practical insights for researchers and practitioners.

Findings

Data privacy can boost customer trust and retention.

Privacy-preserving IoT is essential from the design stage, not just regulation.

Decentralization does not guarantee complete privacy.

Abstract

Billions of devices in the Internet of Things (IoT) collect sensitive data about people, creating data privacy risks and breach vulnerabilities. Accordingly, data privacy preservation is vital for sustaining the proliferation of IoT services. In particular, privacy-preserving IoT connects devices embedded with sensors and maintains the data privacy of people. However, common misconceptions exist among IoT researchers, service providers, and users about privacy-preserving IoT. This article refutes five common misconceptions about privacy-preserving IoT concerning data sensing and innovation, regulations, and privacy safeguards. For example, IoT users have a common misconception that no data collection is permitted in data privacy regulations. On the other hand, IoT service providers often think data privacy impedes IoT sensing and innovation. Addressing these misconceptions is essential for making progress in privacy-preserving IoT. This article refutes such common misconceptions using real-world experiments and online survey research. First, the experiments indicate that data privacy should not be perceived as an impediment in IoT but as an opportunity to increase customer retention and trust. Second, privacy-preserving IoT is not exclusively a regulatory problem but also a functional necessity that must be incorporated in the early stages of any IoT design. Third, people do not trust services that lack sufficient privacy measures. Fourth, conventional data security principles do not guarantee data privacy protection, and data privacy can be exposed even if data is securely stored. Fifth, IoT decentralization does not attain absolute privacy preservation.