When I look back to the year that it is coming to an end, this was the year which privacy played an important role when designing processes, interactions or customer experiences.
Many can tend to think that this was the year of the things – Internet of Things (IoT) – but I could not disagree more. IoT it is still on its infancy. There is an volume illusion due to the fact that the things are enabled by smart watches, fitness bands or smart phones, in order words, driven by the consumer and retail industry. The real value from IoT is going to grow from industries like, defense, oil and gas, utilities and manufacturing. These industries rely on assets full of sensors hat are spread across kilometers and kilometers around the world, that were not yet connected or are connected in closed systems. Today, Oil and Gas companies are unveiling new possibilities on real time asset control and emergency response  that to become a reality it is necessary in some cases, to replace a myriad of outdated sensors and assure communication reliability. Other forthcoming enabling waves are related with the German government vision on Industry 4.0. In this approach, data is gathered from suppliers, customers and the manufacturing company and linked up in real time, where every part, every belt, every machine, every truck, every product is inherently connected. Hence, we are still at the beginning of reaching the full potential. Total connectivity by default takes time and money to implement.
In the beginning of this year, I wrote about my concerns of enforcing one of the key principles on privacy by design. In the social world we live in, does not requires explicit, informed user consent for any transaction using personal data. Well, it does, but works on the contrary, we are allowing by default that all personal data can be used by the companies we interact with to identify, track, correlate our activity, even the ones the user does not wanting, knowing or expecting it. In the referred post, I pointed the intention of the UK Government to:
Enforce a policy that blocks citizens access to encrypted software applications, in order the government can listen, read and extract what it considers to be relevant information to avoid security risks.
This proposition grew very quickly to an updated bill that will allow existing bulk-collection powers of the security and intelligence services. Such kind of new regulations made Apple to come to public assuming a position against such kind of overstepping by the watchdog.
We believe it would be wrong to weaken security for hundreds of millions of law-abiding customers so that it will also be weaker for the very few who pose a threat […] In this rapidly evolving cyber-threat environment, companies should remain free to implement strong encryption to protect customers.
On the other hand the European Parliament wants to enforce new regulation related with protection of individuals with regard to the processing of personal data and on the free movement of such data – which Google is so adverse to it. It can be read in the European Parliament document.
The way in which consent is to be given by data subjects remains “unambiguous” for all processing of personal data, with the clarification that this requires a “clear affirmative action”, and that consent has to be “explicit” for sensitive data.
In this crossroads, I am not stating that we need to become dissidents or guerrilla fighters, but privacy lines are blurred and it is not a matter of having time to understand how to use technology wisely, when it enters and breaks our inner circle in a way we do not control it anymore a guiding principle that is eroding fast.
2014 entry and backward years can be found here.
 Disclaimer: At the time of this writing I am a Microsoft Employee and I was involved in the team that created this solution.