Internet of Things (IoT) devices, robots, autonomous agents and “bots”, smart home devices and appliances, mobile devices, conversational agents, drones, cameras, and other sensor-laden devices have increasingly come to populate (and intrude upon) the physical space in which humans live and work—perceiving our presence, observing and interpreting what we say and do, recording video, audio, location, and other sensor data, physically interacting with us by touch or approach, and communicating or notifying us in potentially interruptive or intrusive ways.
Privacy concerns stemming from the presence of these privacy-impacting devices are qualitatively different from those encountered in conventional website and mobile device apps. The current paradigm of website and mobile app data privacy is incentivized by the lack of a viable economic model to monetize most web services and content publication. Thus, website and mobile app privacy tends to be defined by “notice and consent” modalities that are primarily concerned with obtaining broad permissions from consumers to sell their personal information or behavioral data to third parties for marketing purposes. Participants in this system have allowed this notion of information privacy and its associated notice and consent modality to define most aspects of the data privacy conversation, from its regulatory motifs to the design of the privacy setting user interfaces for giving or denying consent. Compounding this issue is the fact that, in privacy jurisprudence, people tend to be protected against privacy violations only when the intrusion is unreasonable or unexpected. The interplay of the notice and consent modality with the amorphousness of the “reasonableness” doctrine means that, over time, our “reasonable expectation” of privacy becomes inexorably eroded as individuals give blanket permission for web service providers to freely use our personal information in return for “free” use of their services and apps.
These privacy-impacting devices present much harder and more nuanced privacy problems than web privacy. Privacy, when considered from the viewpoint of these devices, certainly include some classic information privacy concerns like those in website data sharing, but it must also account for physical privacy. “Physical privacy,” as understood here, includes concepts such as whether a device may measure and record a person's physical characteristics with sensors (e.g., audio recording or heart rate monitoring); a device's physical proximity when interacting with a person in certain contexts; and whether, and in what manner, a device such as a robot can touch a person. These kinds of physical privacy are much more closely related to those protected by classic privacy torts such as “intrusion upon seclusion” and battery. Traditional notice and consent mechanisms, considered by many to be largely ineffective even within their own purview, are likely to be completely insufficient when applied to privacy concerns of these devices.
Despite rapid advancement in the capabilities of these privacy-impacting devices, techniques for solving their associated privacy challenges have remained without effective solutions.