"While providers and users are naturally moving in the same direction when it comes to data security and both sides want to avoid hacker attacks, there is a conflict of interest when it comes to data protection. Providers want to know as much as possible about their customers and users want to protect their privacy," explains Günter Martin, Chief Technology Officer at the CoE IoT Privacy at TÜV Rheinland.
The EU GDPR, for example, provides for data minimization: Personal data must be limited to what is necessary for the purposes of processing. "This demand for data minimization should already be taken into account in the product design. Technically, the device should only be able to supply data that is needed for the agreed purpose and that cannot be collected by other means. Our practice shows that there is still a lot of catching-up to do on the part of the manufacturers", Martin continues. The same also applies to password security, encryption and update processes. Günter Martin is particularly critical with regard to the EU GDPR with regard to the data protection declarations used in some cases. "According to the EU GDPR, the processing of personal data is always subject to a purpose limitation. However, consents are often formulated too comprehensively and allow data to be used for purposes that have nothing to do with the actual application," says Günter Martin.
Security in the digital world: "Trust IoT – from start to finish" as an end-to-end solution
Data protection and trustworthiness of digital systems as well as smart products are crucial for innovation and trust in manufacturers and vendors. "Our services as an independent qualified body can contribute to making digital services and smart products more secure. With our tests of consumer data protection we can create market comparison opportunities that strengthen confidence in manufacturers and at the same time stand for security in the digital world", says TÜV Rheinland expert Günter Martin.
Since 2017, TÜV Rheinland’s CoE IoT Privacy has been globally offering a service package that meets the requirements of end-to-end data protection in the fast-growing Internet of Things market. The portfolio includes two innovative data protection certificates. In addition, TÜV Rheinland’s "Trust IoT – from Start to Finish" end-to-end solution service can also help manufacturers and system providers meet all professional requirements in terms of compliance, interoperability, functional security, and IT security.
Further information can be found at www.tuv.com/en/iot-privacy
TÜV Rheinland is a global leader in independent inspection services, founded nearly 150 years ago. The group maintains a worldwide presence of more than 20,000 people; annual turnover is EUR 2 billion. The independent experts stand for quality and safety for people, technology and the environment in nearly all aspects of life. TÜV Rheinland inspects technical equipment, products and services, oversees projects, and helps to shape processes and information security for companies. Its experts train people in a wide range of careers and industries. To this end, TÜV Rheinland employs a global network of approved labs, testing and education centers. Since 2006, TÜV Rheinland has been a member of the United Nations Global Compact to promote sustainability and combat corruption. Website: www.tuv.com
Am Grauen Stein
Telefon: +49 (221) 806-2148
Telefax: +49 (221) 806-1567
Telefon: +49 (221) 8065597
Fax: +49 (221) 8061760