It’s a big year for privacy. On 25 May, the European Union’s General Data Protection Regulations (GDPR) will take effect, granting the right to be forgotten. So what does this privacy paradigm shift mean for data shared by business partners, and how do we build forgetting into test databases for connected components?
There are two parts to this challenge. The first: to comply with the requirement to delete data upon request. The second, to design a standards and testing regime that’s also compliant.
Building partner ecosystems that forget
At Signify, we can already meet the first requirement with processes to erase partner data when asked. For example, when we test partner sensors globally for sensor-ready (SR) certification, we fully erase test data on request. This means any partner in the world can invoke the right to be forgotten to help them address privacy demands in their jurisdiction.
More broadly speaking, privacy is part of our mindset: when building connected components, we consider it from the start. We store only essential information, and only relevant people within our company have access to the data – for example, application engineers.
Future-proofing sensor-ready standards and testing
The privacy paradigm shift we’re experiencing will also affect how we as an industry enable the right to be forgotten for component data used in SR testing and standards. And like any paradigm shift, it presents opportunities for a strategic leap that prepares us for the privacy-obsessed future we face.
Today SR certification is led by Philips Lighting and managed across an ecosystem of individual companies. Each company is now responsible for purging on request any data gathered during testing.
In future, this process may be centralized in a public testing authority funded by the industry – for example, the Digital Illumination Interface Alliance (DiiA). The authority would assume responsibility for testing partner companies against testing specifications and enabling the right to be forgotten across the entire ecosystem.
This presents unique challenges – and a risk to the value of SR certification.
Whenever a partner asks to be removed from the test database, some of the test history is lost. If too much test data is deleted over time, the quality of the test database is diminished, particularly in the instance of a corner case that occurs only outside of normal operating parameters and reveals an unforeseen situation that should be fixed. This is a problem because it damages trust in the entire ecosystem.
Could blockchain be the answer? Blockchain technology could enable a testing authority to create a public ledger of all test data with strong encryption. Instead of individual companies storing testing data themselves, all data would be stored securely on a distributed database in blockchains.
A blockchain model has many benefits. The industry could maintain rich and reliable test data. And with far greater data security and privacy, the right to be forgotten could be managed in a more granular way. For example, when a partner company requests data deletion for privacy reasons, specific datasets could be deleted rather than bulk test data. In such a model, the integrity of the testing and certification processes would remain intact.
With the privacy paradigm shift shaking up society and disrupting the entire technology sector, how can we future-proof SR certification and testing to make privacy controls integral, simple and strong?
The stakes are high. With a well-regulated system in place, everyone benefits. If the system falls apart, the industry loses. So as community sentiment and legislation evolve on privacy, there’s no better time than now to put ourselves on the front foot.
How will the new emphasis on privacy affect data shared across partner ecosystems and how component test data is managed? And how can we in the industry use this moment to leap ahead? Share your ideas on what best practice might look like plus your thoughts and feedback in the comments.