Europe can take a lead role in advancing a responsible Internet of Things

We went to Shenzhen to explore opportunities for collaboration between European Internet of Things practitioners and the Shenzhen hardware ecosystem — and how to promote the creation of a responsible Internet of Things. The result is available online as a PDF (16MB) as well as a publication on Medium.

ThingsCon is turning from a community into a global movement—driven by the European community of IoT practitioners.

3) Europe can take a lead role in advancing a responsible Internet of Things

Why European independent IoT practitioners have a unique take on IoT

At the beginning of this document we outlined our hypothesis for doing this research into Shenzhen and how it might relate to European independent IoT practitioners in particular:

  1. Responsible IoT is important. Because the Internet of Things (IoT) reaches deeper and deeper into our lives it is essential to have responsible and human-centric practices.
  2. European independents have something to contribute.
     For a number of historical, economic and political reasons European independent makers, designers, and entrepreneurs in the IoT space have a unique contribution to make.
  3. Shenzhen’s hardware ecosystem can provide leverage.
     Shenzhen’s unique hardware ecosystem can provide leverage for this European approach and hence help create more responsible IoT practices at scale.

Europe, and especially European independent IoT practitioners and entrepreneurs, have a unique perspective at the Internet of Things and hence have a special contribution to make. At the risk of over-simplifying, allow me to paint in broad strokes.

Historical reasons

For historical reasons, Europe is painfully aware of the potential damage that can result from abuse of data. To this day, this historic legacy manifests itself in the European Union’s privacy regime. This awareness is probably nowhere as pronounced as in Germany where within a century there was not one but two surveillance states.

More than once I’ve heard from internal meetings at global tech companies where discussions about privacy and data protection culminated in the question: “Will this work for Germany?” If your privacy measures work for Germany, chances are they’ll work anywhere.

A strong privacy regime

The EU has a strict privacy regime and globally one of the strongest legal protections of the use and exploitation of data. Sometimes criticized as stifling innovation, sometimes lauded as a safe haven for citizens’ data, this data protection and privacy regime is driven most strongly by consumer rights considerations, ie. a protection of user data against commercial exploitation.

In broad strokes, this is in contrast to the US approach which considers these aspects through a lens of protection against criminal and governmental abuse but encourages commercial exploitation.

There is no global consensus around how to govern or regulate global data flows successfully

As recent discussions between US and EU around data protection have shown, there is no global consensus around how to govern or regulate — let alone implement — global data flows successfully.

Some global companies have started offering hosting of client data exclusively in certain jurisdictions. Microsoft, for example, offers data hosting in Ireland or Germany for European enterprise clients. Others host in data centers around the world and let their legal departments sort out the mess. There’s even some discussion about attaching a “nationality” to data as meta data: This piece of data belongs to an entity within Italian jurisdiction and Italian law applies.

This is tricky terrain with any kind of data, especially personally identifiable information. It will be just as relevant to sort out for IoT-related data. Some of the best legal minds of the world are working on it, but as far as I can tell no final solutions are within reach. In the meantime, companies large and small have to work in and around this legal uncertainty.

Obviously we recommend a conservative approach: Don’t raise, store, or process any data that’s not essential. Capture as little data as you absolutely need in order for your product or service to perform. And prefer decentralized, local, and self hosted approaches over centralized global ones. But in the end, these are questions that will require plenty of trade-offs.

We recommend embracing Europe’s tougher data protection laws as a customer-friendly selling point

If you’re hosting and operating within the EU, tougher privacy and data protection laws apply. While they might be harder to navigate and comply with, we recommend embracing them as a customer-friendly selling point rather than a barrier.

Less access to venture capital

While VC funding has been picking up in European startup hubs like London, Amsterdam and Berlin, access to venture capital funding is nowhere near the levels of Silicon Valley. Europe has solid public funding structures in place, but they tend to be small and/or not easily accessible for smaller organizations. Overall, this shifts the economic incentives away from the grow-quick-and-sell logic of VC funding and more towards sustainable business models.

While there might be good reasons to prefer in other regions of the world (labor conditions most likely being among the top-named concerns), but the one thing that seems unlikely is that Chinese manufacturers have a strong interest in capturing user data. In fact in many conversations we heard that user data is frequently considered a liability rather than an asset — a stark contrast to the US.

Now partially this is because if you mainly produce hardware, then that data is simply outside your business model. Partially it’s because Chinese service design hasn’t reached the level of maturity as an industry as in the US, even though it’s catching up. A lot of the times Chinese manufacturers simply are upstream of the types of business models that are based primarily on data.

That said, there are potentially opportunities here for European entrepreneurs. By partnering up with a Chinese design house that helps oversee the hardware side of things, the European partners could focus on the service design part. Having a Chinese stakeholder — or even shareholder — might provide access to funding and manufacturing that would otherwise require venture capital, and building the service part of the offering within the protection of European data regulations might — in the right context — offer the best of both worlds.

In conclusion: Context matters

In combination, these factors paint a different picture than what you’d find particularly in the United States, the main Western hot spot for IoT development.

Note that most Asian markets — especially China, South Korea and Japan work very differently yet again — often with an even stronger internal focus — and are hence not part of this analysis.

Context matters. What you plan to do and how depends on many factors.

There is an opportunity in partnerships between European and Chinese entrepreneurs for leveraging the Shenzhen hardware ecosystem and European data protection into products and services that benefit customers

For some entrepreneurs, local manufacturing is key. Others prefer to focus exclusively on the service design. We believe that there is an opportunity in partnerships between European and Chinese entrepreneurs for leveraging the Shenzhen hardware ecosystem and European data protection into products and services that benefit customers.

Promoting a responsible Internet of Things

Our loose, but close-knit alliance for the creation of a responsible Internet of Things (which makes for the lovely hashtag #RIoT!) is convinced that it’s important to work with the makers at the source, the manufacturers and design houses of Shenzhen.

Working with the organizations who manufacture most — and increasingly design large parts of — the Internet of Things might just provide an extra bit of leverage in favor of our mission.

Between the Mozilla Foundation’s Open IoT Studio, Just Things Foundation, and ThingsCon (as well as our commercial operations, design studio The Incredible Machine and boutique strategy consultancy The Waving Cat) we bring to the table a perspective of human-centric design, of privacy-respecting data practices, and of a responsible approach to IoT that takes the long view.

One part of this effort is to build bridges through networking events and knowledge exchange programs. This is where our research trips to Shenzhen come in. First-hand experiences and face-to-face exchange is a crucial part of building trust and establishing a solid foundation for long-term collaboration.

One part is documentation. Through this document, a short video documentary, as well as ongoing social media coverage and our various newsletters, we aim to disseminate what we have learned through our trips and conversations. We hope you will do the same if you have the chance to visit Shenzhen, or any other relevant hardware ecosystem: With every trip and every documentation, it becomes easier to form a full picture of how these ecosystems compare and how to best interface with them.

Another part is our initiative to promote trust labels for IoT (see chapter Trustmarks for the Internet of Things).

ThingsCon Shenzhen: Where China meets Europe

Flyer for the inaugural ThingsCon Shenzhen, hosted by David Li and the Shenzhen Open Innovation Lab (SZOIL)
Flyer for the inaugural ThingsCon Shenzhen, hosted by David Li and the Shenzhen Open Innovation Lab (SZOIL)

On 27 April 2017, David Li and the Shenzhen Open Innovation Lab (SZOIL) hosted the inaugural ThingsCon Shenzhen event. It was our first ThingsCon ever in Shenzhen, and the second in China. (In Shanghai, Simone Rebaudengo of automato already hosts a ThingsCon Salon.)

Presentations and discussions touched on a wide range of the topics that we focus on within the ThingsCon community, and especially how they relate to the Shenzhen hardware ecosystem:

  • Executive Director of Digital Asia Hub Malavika Jayaram explored societal and ethical implications of artificial intelligence and algorithmic decision making, and IoT, and especially how these data-driven systems tend to impact marginalized group disproportionately.
  • Gabriel Ionut Zlamparet gave an intro to remanufacturing of used medical devices. Remanufacturing, re-use, designing for re-use has huge potential for sustainability. Gabriel’s talk stressed the importance of design for re-use, refurbishment, longevity.
  • Jakie Yin of Rone Design showcased a wide range of connected industrial designs his company has been involved in. He explained three distinct development phases for hardware: 1) Zero to one 2) One to hundreds 3) Hundreds to X. Each phase requires different skill sets or partners.
  • Mozilla’s developer evangelist Dietrich Ayala spoke about the opportunities at the intersection connected products, UX, and the open web, and especially about app fatigue and opportunities for better on-boarding of new users in novel IoT-enabled interfaces.
  • Monique van Dusseldorp hosted a panel discussion with Iskander, Holly, Marcel and myself. We talked about responsible IoT, how it can be applied in the day-to-day work we all do, and explored if there’s a special angle that European indie IoT creators can bring in.
  • David Li gave an impromptu session on how to find components and partners in Shenzhen. Hint: It’s not necessarily on the market. Wechat, Taobao, and “technical solution houses” are good places to start.

A write-up with some notes from the event is available on the ThingsCon blog.

We hope to be back soon for another ThingsCon Shenzhen event.

Time is up! Image: Peter Bihr (CC by-nc-sa)
Time is up! Image: Peter Bihr (CC by-nc-sa)

Trustmarks for the Internet of Things (IoT)

We believe that consumer trust labels for IoT — let’s call them IoT trustmarks — can help consumers, designers, and manufacturers alike to make better-informed decisions around connected products.

All stakeholder groups can benefit from labeling consumer IoT products

All stakeholder groups can benefit from labeling consumer IoT products according to their features, data practices, and other relevant characteristics:

  • Consumers can make better-informed decisions about which products to invite into their lives.
  • Designers and entrepreneurs can more easily communicate their unique selling points, and highlight that they take a responsible approach to product design.
  • Manufacturers can more easily be found by entrepreneurs based on specific requirements once they label their products.

In 2013, The European Consumer Centres’ Network published a report on trustmarks. The report focused on consumer trust in e-commerce and was subtitled “Can I trust the trustmark?”. In this report, the authors make the case for trustmarks and outline why they are necessary (p.7) (highlights ours):

“There is no doubt that an increase in shopping also increases the risk of unscrupulous actors and scammers on the market. Earlier research has concluded that the five major concerns for e-commerce are security, privacy, unfamiliarity with services, lack of direct interaction, and credibility of information. Although these five areas are closely related, the key component must be considered to be security. In order to provide security, trustmark organisations have been described as parties that gather traders under certain criteria that are important in order to ensure a good climate for security and online shopping.”

This report focused on e-commerce. Yet, while the challenges for IoT are different, they are similar in nature. Certainly it will be helpful to identify the major concerns, and by focusing on these major concerns work out the criteria that are important to ensure a good climate for responsible IoT.

Approaches to labeling and trustmarks range from the highly centralized and regulated to much “softer” self-declarations

There is a wide range of challenges and opportunities in labeling, and many paths to explore. Approaches to labeling and trustmarks range from the highly centralized and regulated (for example, government certification) to much “softer” self-declarations (ie. companies pledging to stick to certain standards and practices). The current debate has not surfaced a consensus on a best approach.

Members of our informal responsible IoT alliance — including the Shenzhen Open Innovation Lab (SZOIL), ThingsCon, Mozilla Foundation’s Open IoT Studio and others, have started to think about opportunities and approaches to make IoT trust labels happen. So far, these efforts are informal conversations. We hope to find a promising approach, and the right multi-stakeholder network of partners from industry, academia, and all other relevant fields.

Our group certainly isn’t the only one exploring IoT labels. From grassroots initiatives like IoT London’s Open IoT Assembly focusing their whole 2017 event on IoT certification, to the The Digital Standard’s digital privacy and security efforts, all the way up to the European Commission’s initiative on IoT labels, the debate around IoT labels and transparency is heating up — and it’s about time.

We believe that together we can contribute to an emerging standard for IoT trustmarks that can help both creators and consumers of IoT services make informed decisions about the trustworthiness of IoT services and products.

Building a movement for responsible IoT

It seems essential to nurture a broad alliance — a movement, really — that advocates responsible IoT in all its many facets.

We see our research trips to Shenzhen, this publication, the broad range of activities under the ThingsCon and Just Things umbrellas, all as contributing to this larger vision of a resonsible, ethical, human-centered Internet of Things. An IoT that works for everyone, long term and sustainably, and that improves society rather by creating (as opposed to extracting) value.

We jokingly referred to our merry band on these trips as the #RIoT Alliance — the Responsible Internet of Things Alliance. It’s not a fixed group, or even an official one. We believe that any organization should be free to choose to self-identify as “values-aligned” and support this overall agenda for a responsible IoT.

We’re all in this together.