25

PCPD News

私隱專員公署通訊

•

Issue no. 31

物聯網

Internet of Things

詞彙

Glossary

「物聯網」指設有感應器的的網絡裝置，

通常包括一些連接互聯網的家居或個人

物品。連接到互聯網後，可以讓我們

遙控及分享其中的資料。常見的例子是

健身腕帶或透過智能電話控制的空調系

統。這些裝置無可避免地會儲存一些我

們的個人資料，令人擔心私隱受到侵害。

這些裝置所涉及的科技，其實並不算嶄

新，例如計算心跳率的儀器。創新之處

在於用新的方法去處理和呈遞資料，把

科技實際應用到日常生活。由於裝置所

收集的資料很多時會傳送給第三者，例

如製造商或流動應用程式的服務供應

商，因而可能出現私隱保障問題。用戶

的個人資料若落入他人手中，便會引發

資料保安、資料是否適當使用、及如何

控制資料分享等問題。

舉例來說，某裝置可從一輛汽車收集資

料，再把資料傳送到流動應用程式，供

用戶檢視。這裝置聲稱可節省燃油及減

少維修次數、找出最快捷的路線、超速

會提出警告，以及一旦遇上意外時會發

出求救協助。然而，它同時亦會收集汽

車的位置資料、用戶的駕駛習慣、汽車

電腦的錯誤碼，以及其他個人資料，包

括身份及聯絡資料。部分資料被傳送到

雲端儲存，有可能在用戶不知情下，被

汽車製造商、保險公司及政府讀取。

這些科技取得的汽車資料，亦有機會被

黑客入侵，或出現資料外洩。因此，一

名歐盟規管者便曾警告，物聯網必須能

應付新裝置帶來的私隱及保安挑戰。有

關風險包括資料遺失、惡意軟件入侵、

未獲准許查閱資料、非法監視、及穿戴

式裝置對用家引起的打擾問題。

從事物聯網業務的人士亦應採取「貫徹

私隱的設計」方式（例如資料不要預設

分享、足夠的保安措施，及為顧客提供

拒絕服務的選舉）、把資料收集減至最

低，並增加透明度，從而贏取消費者的

信任。

The “Internet of Things” (“IoT”) refers

to a network of devices with sensors,

usually involving ordinary household

or personal items, which are connected

to the Internet. The connectivity often

allows them to be controlled remotely

and their data to be shared. Simple

examples would be a fitness band worn

on the wrist or an air-conditioning

system controlled via a smartphone.

Inevitably such devices will store some

personal information about us, and this

raises privacy concerns.

The technology in many of these

devices, such as the ability to read

one ’s hea r t ra t e , i s no t new. The

innovation is in how it is applied

in our daily lives by processing and

presenting the data in new ways. What

changes the privacy landscape is that

the collected data is often transmitted

outside the device to a third party, such

as the manufacturer or service provider

through a mobile app. This means

personal data may be in the hands of

someone other than the device owner,

raising questions about data security,

the proper use of the data, and what

controls exist over how the data is

shared.

For example, a device may collect

information from a car’s onboard system

and transmit the data to a mobile app

for the user to review. The device may

claim to save on fuel and repairs, find

the most efficient route, warn about

speed limits, and get help in case of an

accident. At the same time, however,

the device collects information on

car location, the user’s driving habits,

error codes from the car’s computer,

and other personal data, including

identity and contact information. Some

of that data is transmitted to cloud

storage and may be shared with the car

manufacturer, insurance companies

or the government without the user’s

knowledge.

Veh i c l e da t a gene r a t ed by t he s e

technologies may also be subject to

hacking or other data breaches. For

these reasons, an EU regulator warned

that the IoT must meet the privacy and

security challenges associated with the

new devices. The risks include data

loss, malware infection, unauthorised

access, unlawful surveillance and the

intrusive use of wearable devices.

Industries involving in the IoT should

also adopt Privacy by Design (e.g.

no sharing of information by default,

adequate security and granular opt-

out), collect only the minimum data

to fulfil the function, and offer full

transparency to win consumers’ trust.