Data Ownership in IoT Applications

Main factor in competition between industrial players has been moving from products and their features into information. Information need to be combined from multiple sources in order to maximize resulting advantages. Thus, information ownership is one of the most interesting topics, because only information owner is able to controls its availability to other players. The move in the market has been so fast, that it has not been possible to maintain and develop legislation accordingly.

Charging from the information is a complex topic. It is not anymore commonly accepted to pay for information, which has been created or collected by using public funding, e.g. taxes. Instead, such information has commonly been opened into public access. More complex cases have been introduced by various social media and other corresponding Internet services. The services have been marketed as ”free-of-charge”, but the users had to open their personal information instead in order to get access to the services. It is obvious, that such information giveaway policy is not acceptable in industrial operations, where the biggest money exists in the information contents.

Information ownership in Data4Profit has been clearly defined differently. Clearly identified license fee will be charged in license basis instead of getting access to the key information related to the customers’ core business. Main result is, that no one loses the privacy of the information giving advantages regarding the one’s main business. Such privacy covers all customer specific information, regardless of the direction and source of the information. The entire product platform has been designed in order to guarantee the information privacy between the customer accounts.

Data ownership today


Data ownership and privacy are the main hot topics in IoT and IoE application area, especially with the data related to persons. Legislation typically protects some privacy for personal information. However, there are many parties – such as service providers with their partner network, customers and competitors – are strongly interested in collecting, analyzing and commercially utilizing the personal information. From personal point of view the main problem is, that the persons are expected to provide their personal information for free. Such information is considered similar to the copyright of books and music. Further problem raises, when information from multiple sources is combined. Legislation does not currently define such area in details.

”Legislation clearly defining information ownership is not yet completed”

Information ownership becomes very important topic, because combining information increases the net value of the information. Due to the variety of sets of information and players collecting such, it is practically necessary to sell and buy information to and from ever increasing number of other players. It is obvious, that before anyone can sell anything, ownership shall be clearly defined. Even if the information were available from one player could be collected also by another one, it is wasting resources and the information should rather be re-used by trading it.

Further challenge comes from the information, which is created or collected by public funding. Earlier such information has been sold, but currently provided for free, because the information has already been paid by means of taxes. Fortunately the public organizations have opened lots of information collected by public funding. There are also lots of information opened by private players in order to gain new business.

”Open data is data that can be freely used, re-used and redistributed by anyone – subject only, at most, to the requirement to attribute and sharealike.”

There exist several needs and requirements for collecting various information from everything in the industry. One of the most traditional requirements come from product liability and safety regulations, which are based on the legislation. Product quality monitoring and control is common requirement, which is not obligatory from legislation point of view, but provides certain proof of quality of operation, products and services. More modern needs are introduced by analysis of market status and commercial service offering. The latter topic is strongly driven by an industrial megatrend moving focus from selling capacity instead of products.

”Focus from selling products into selling capacity”

Reasons why new technologies have raised suspects

Many people have serious suspects regarding the new technology, especially large scale information collecting. As described earlier, technology has developed faster than legislation and there have been serious discussions on privacy issues in many forums. Search engine and social media companies have been the pioneers in large scale information collection, analysis and reselling. Also other large scale business, such as car vendors, have aggressively developed information collection from the related persons. However, there exist activities directing the future legislation to support information ownership of the private persons.

Do you know what your car knows?

Typical approach of the pioneers have been to provide free services in order to get majority of the people provide their personal information to those pioneer companies. Actually, the services have not really been free. The users have actually paid their usage by giving their personal information to the service providers without additional charge. Main problems have appeared when the users have just accepted the terms of use, without considering them in details. There are variety of privacy settings, by which the users may control the information accesses. Such settings may be difficult to understand for average users and the companies are every now and then modifying the settings as part of platform development, leading into a need of regular checks of such settings.

The terms of use of the most common search and social media services are quite interesting. The collecting companies automatically share the information among their partner companies. Organizational changes and company purchases and migrations have changed the sets of companies sharing the information. Main intended use so far has been advertising, follow-up and analysis related to the advertising. The collected information related to the areas of personal interests represents typical set of information sold to the 3rd party companies. The best known problem appears, when one tries to remove the account and information. Service providers guarantee, that information disappears from their servers, but they cannot provide any guarantee, that the information sold to the 3rd parties will be removed.

”The terms of use – what?”

Many persons think, that they don’t need to hide any information from the others. However, there are many cases, where e.g. schoolchildren have molested each other by using information stored in the social media. Similar cases have been found also in workplaces and during work application processes, where personal information have been used in inappropriate way. There exist also cases, where persons working in authorities have been investigated information of other persons without permission for such, just for interest.

”Why should I care about the information? I don’t need to hide anything…”

Certain services follow e.g. people’s web browsing quite comprehensively. In addition to the geolocation, the collected information may include, operating system and browser with version information, various logs of browsers, IP-addresses of both clients and intermediate devices such as routers and access points. One can just think about, how correctly the information can be interpreted. For instance, how it can be identified whether a person intensively browsing handgun related sites is preparing a violent activity, planning to buy a new gun for hunting or sport shooting of just collecting background information for historical hand gun collection? Or whether a person intensively browsing web sites from certain countries is planning a violent activity or spending a holiday in a such country or is just interested in religions or cultures of such area? In such cases it may be a problem, that typically users can only remove their account, but not check, correct or remove individual sets of information. One can think further, how it will be interpreted when one is using anonymous services in order to avoid follow-up.

”Big brother is watching you.” – George Orwell, 1949

Security and privacy in Data4Profit

Information stored by Data4Profit applications is always entirely owned by the customer, because the stored and collected information in industrial applications is the most important factor of the current and future business. Thus, it is essential that each customer can freely control accessibility of the information among the related parties. Furthermore, it is essential that other parties cannot have any control of information accessibility and information cannot be accessed by unauthorized parties. Within a customer account there exist open interfaces for collection, analysis and sharing of the information. Each customer is responsible to manage the user rights of information bought or taken from external sources through the provided interfaces. Cloudfield as a service provider reserves rights for only development and testing new features with actual customer data, but not selling or giving the information to any other party. So, the license fee is an open and unambiguous payment for the services, enabling the high level of information privacy.

”Why Data4Profit is not free-of-charge, like the social media platforms?”

Because timely and correct information is so important factor in the industrial operations, special effort has been put into the privacy. The most fundamental characteristic in Data4Profit is, that information of each customer is stored into customer specific repositories. Such guarantees, that even in the case of serious problems with the repositories, it is absolutely impossible to mix information among several customers or unintentionally access information of other customer. Furthermore, server infrastructure has been selected from Europe, in order keep them in the economically and politically stable environment. Privacy issues have lead into selection of OpenStreetMap as a map service, because there is no commercial interests of any single company behind.

”Privacy: freedom from unauthorized intrusion” – Merriam-Webster dictionary

The value of the linked information is multidimensional in the industrial operations. Product documentation shall be easily and efficiently accessible by authorized parties. Correspondingly, the status in the assembly lines and field shall be easily and efficiently accessible by authorized parties. The information shall primarily be correct and available, but also incorrect, inconsistent and missing information enable clear identification of certain problems. For instance, regular checks or services may be marked as done, but from physical location apart from the target system location. Alternatively, there may be long term spare part consumption, which has suddenly ended without significant decrease in system’s operating hours. Thus, a systematic information storage forms a solid base for the further analyses.

”Knowledge of both available and missing information together will be needed.”

Privacy of personal data is controlled by legislation. The most fundamental characteristic of Data4Profit is, that the access control is based on terminal device and user specific license codes. Such codes are generated based on the information typically stored and managed in a HR system. Essential is, that the personal details are not stored in Data4Profit and thus a risk for using the personal information against the legislation is impossible. However, as long as there exists some kind of systematics between Data4Profit user identifiers and actual person identifiers, usage information may be coupled to the actual persons in a defined IT-system when required.

All follow-up information in Data4Profit, including geolocation, is stored only during the activities and not in the background. Thus, the use of personal terminal device does not cause any privacy risks, because the use of services external to Data4Profit are never monitored due to the used technologies. Furthermore, any user specific information is never accessed from the terminal devices. Each customer organization may individually select, if one requires geolocation or not. If it is blocked, naturally all geolocation based services stop providing valid information.

Conclusions

The technology has been and will be evolved faster than legislation. Thus, there exist some differences between public and enterprise services. While the use of social media and other public applications is accepted based on the giving of users’ personal information, it will be absolutely impossible in the industrial use, where the information has crucial value regarding the business performance. There are already some activities trying to take information ownership back to the information origin. The services already based on the personal information, may be too big for the redefinition of ownership of already collected information, but it may be possible that ownership of new information will be defined differently.

”Free lunches do not exist”

Uptime is crucial in the industrial operations, why it is essential to define information ownership unambiguously, in order to achieve uninterruptible information flows. Because there exist many information sources and provider organizations, clear definition of ownership is needed in order to exchange the information in commercially acceptable way. It is obvious, that paying some money from a set of information will always be cheaper than paying afterwards a compensation, defined by court.

”A clear definition of information ownership enables trading of it”

The future development of legislation has been taken into account in Data4Profit, where the all information is always owned by the customer. Based on the near history and current activities around information ownership, such is the only future proof approach. The entire structure of Data4Profit has been designed in order to keep the control over information ownership in customers. In addition to the totally independent, customer specific data repositories, each customer has full power for determining access rights for each license. The system supplier reserves rights to use the customers’ information only for testing new features with real information, but not reselling any information. Also 3rd party services has selected so, that there is minimum achievable risk for getting access to the critical information by unauthorized parties.