Manage Learn to apply best practices and optimize your operations.

Will consumers trust you with their connected life?

As IoT technology becomes digitally woven throughout consumers’ homes, cars and wardrobes, the kind of relationships companies build with their users becomes ever more intimate and personal.

When the product you sell can hear what its owners are saying, capture data on their daily activities, help drive their cars and even watch over their sleeping children, factors like price, quality and durability fade beside the most important consideration of all: Can your company be trusted?

So when wireless home audio provider Sonos announced changes to its privacy policy and data collection practices recently, we got a strong reminder of how difficult it can be for companies in the emerging IoT space to balance security and user privacy. The changes seemed innocuous enough, pertaining primarily to the kind of data used to improve product performance and guide personalization. Indeed, Sonos went above and beyond standard privacy policy update practices, posting a detailed pre-announcement to the company blog, demonstrating a dedication to clarity and transparency in its new policy. The key sentence?

When making these changes, we took the time to work with experts in the privacy community to understand best practices and make sure the language we chose was clear, future-fit and avoided as much confusing legal jargon as possible.

Despite best intentions, however, many Sonos customers — and media observers — focused on the more austere aspects of the new policy. Notably, how it expanded Sonos’ data collection practices, but offered no opt-out. Customers who declined its terms would no longer be able to update their Sonos software, leaving their costly high-end system destined to lose functionality over time.

It’s a whole new IoT world

Should the Sonos privacy and PR teams have anticipated this backlash? Difficult to say. The race is on across all reaches of the IoT landscape — connected home, connected car, digital healthcare, smart city and so on — to launch new offerings with greater capabilities and convenience. There’s plenty of demand, and Sonos must innovate to meet consumer needs and stay competitive.

This dynamic is on display in the new Sonos privacy policy; it was announced along with the availability of a long-anticipated voice assistant enabling Sonos users to control music playback through spoken commands (as with Amazon Alexa). Sonos pointed out that collecting data around its new voice features was “needed to ensure proper functionality and to help improve these features.”

Let’s not lose sight of the fact that Sonos is in the business of providing a secure experience through wireless streaming media devices that live on your home network but must connect to third-party streaming services. Securing these devices and protecting the personal data of customers is the right thing to do, and in Sonos’ best interests. Yet pushing the technology envelope could possibly bring companies with IoT business models into conflict with the emerging privacy regulatory framework.

Of course, customers don’t necessarily care whether a company is in full legal compliance, but they care very much about whether it’s trustworthy. The 2017 MEF Global Trust Report surveyed consumers across 10 global markets and showed the importance of trust in today’s digital economy:

  • 40% of respondents named one or more trust issues as their biggest barrier to using more apps and services
  • 75% say they always or sometimes read a company’s privacy policy; 39% agree to such policies only reluctantly
  • 82% have taken action due to concerns over privacy and/or security, including deleting or discontinuing use of a service, warning friends or family, or switching to a competitive service

In this light, Sonos has taken a considerable risk in an area of real consumer sensitivity: how their data is used. In the MEF report, only 3% of respondents said that they were always willing to share data — half the previous year’s figure — while 39% said they never share it.

Keeping the (good) faith with consumers

Good faith is keenly important in an area like IoT, where the rules aren’t written yet. In spite of ample evidence of IoT security gaps that can endanger users of everything from cars to pacemakers, lawmakers have been slow to set standards and mandates. The Internet of Things Cybersecurity Improvement Act of 2017 under consideration by the Senate would cover only government contracts, not commercial markets. The EU’s General Data Protection Regulation, enforced as of May 2018, will likely bear heavily on IoT providers.

In the meantime, consumers shopping for IoT products don’t always keep security top of mind. What happens when a poorly secured IoT device compromises a customer’s entire home network, including financial and health records on Dad’s laptop? Or when a hacker gains control over a smart home vendor’s systems to wreak havoc across their entire customer base?

The slow, reactive nature of regulatory processes is no excuse for companies to stand idle about IoT security. Customers can quickly turn against a company merely for making a technical change to privacy policy. Imagine if they learn a product has put their financial well-being, home security or even their very lives at risk because of inadequate safeguards? Security must be woven seamlessly into the IoT product experience, performing flawlessly. Half of all respondents in the MEF study named a bad user experience as the top reason to lose trust in an app or service — more than negative reviews or reports from friends, family or the media. And don’t think consumers aren’t paying close attention: that same report found 80% of connected home adopters said they read privacy policies.

Your message to consumers should be clear:

Nothing is more important to us than protecting our customers. We’re taking every step to safeguard your data, fortify our products and prevent new vulnerabilities from entering your home. You have choice and control about the data you share through our products — not because of regulations, but because it’s the right thing for us to do.

Sonos isn’t the first company to struggle to find the right balance between privacy, security and data collection. It won’t be the last, as IoT becomes more pervasive. One lesson other players in the space should learn from this controversy? An open discussion of data practices and a dialog with consumers are crucial to reaching that balance.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.