Consumer Bill of Rights for an Open Internet of Things

Consumers have the right to control their privacy.

Consumer data should not be collected from Internet of Things devices and sent to a remote location without the consumer’s express permission.

Consumers have the right to control the devices in their home.

Internet of Things devices in a consumer’s home must be under complete control of the consumer. These devices must capable of operating and being controlled in the home without direct access to a remote service outside the home. Remote access to any device in the home must expressly be delegated by the consumer. Such access can be unilaterally rescinded at any time by the consumer without notice.

Consumers have the right to control the data collected about them.

Consumers must explicitly authorize whether any data collected with their permission may be used for purposes other than meeting the primary function of the device.

Data collected about a consumer with their permission should be easily accessible for viewing or downloading by the consumer.
Data that is collected from Internet of Things devices with the consumer’s permission should not be used by or sold to third parties without the consumer’s express permission.
Consumers have the right to be forgotten.

Companies that have permission to collect this data must immediately honor all requests from consumers to turn off data collection and delete all copies of this data.

Consumers have the right to transparency.

Companies that make Internet of Things devices must explain how their devices work and how they are controlled. Companies must also declare the details about and the storage location of data collected. These declarations must be written in simple language understood by typical consumers. It is not sufficient to bury these disclosures in long, cryptic legal verbiage commonly found in privacy policies and terms of use agreements.

Consumers have the right to change.

Consumers should not be locked in to proprietary, closed systems. Internet of Things devices developed for personal and home should use open, standard protocols to communicate with controlling applications. Applications adhering to open protocols should be able to discover, acquire and manage any Internet of Things device that complies with these protocols.