As the Internet wends its way into everyday appliances from cars to toasters and beyond, the government has, for the moment, left the onus on the industry to protect Americans’ privacy.
That means there is no immediate need for Congress to create new legislation to protect people’s privacy as they use new wearables or household devices, the Federal Trade Commission said Tuesday.
That may come as a bit of a relief for connected device makers (and their investors), who have been a bit uneasy about Washington’s interest in the burgeoning industry.
Still, the 71-page study offers a variety of suggestions Internet of Things companies can do to ensure that consumers are protected, including building security features into devices instead of tacking them on as an afterthought.
Notably, the FTC staff said in its findings that Congress needs to pass stronger data security and breach notification legislation.
FTC Chairwoman Edith Ramirez previewed some of the conclusions in the report earlier this month at the Consumer Electronics Show, where she discussed her concerns about whether companies are really focusing on how to protect consumer data.
People are increasingly using fitness trackers that log activity and calories, which is the sort of information “I wouldn’t want to share … with my insurance company,” Ramirez said Tuesday.
“We’re now in a world where data is being collected all the time,” she added. “Not only that, we’re bringing these devices into our homes, into what used to be private spheres. … The data being generated is increasingly much more sensitive.”
As FTC Commissioner Terrell McSweeny wrote in an op-ed for Re/code Tuesday, “now is the time to insure there is a clear set of ground rules for the security of these products — before the marketplace and our homes fill with exploitable devices.”
The agency’s main suggestions involve stronger data-privacy standards, including urging companies to be more transparent about how much data is being collected, how long it’s stored and how it’s being protected and shared.
The report also calls for companies to try to minimize the amount of data they collect and the amount of time it’s retained, which could be unpopular with connected-device makers who see value in collecting as much data as possible.
In a separate statement, FTC commissioner Maureen Ohlhausen, a Republican, argued that the report, “without examining costs or benefits, encourages companies to delete valuable data — primarily to avoid hypothetical future harms.”
Her fellow Republican colleague, Commissioner Joshua Wright, opposed the entire report, saying the agency hasn’t done enough economic analysis to issue industry guidelines or legislative proposals for what he called the “still-nascent Internet of Things.”
Practically speaking, the agency defined Internet of Things devices as consumer technologies including wearable health and fitness monitors, connected cars, light bulbs, appliances and a host of other gadgets that manufacturers have been promoting over the past few years.
Last year, research group Gartner predicted almost five billion connected devices will be used in 2015.
The FTC doesn’t have authority to enact new regulations on the industry, but it can use its existing authority to stop deceptive trade practices and force compliance with privacy policies, thereby making life very uncomfortable for companies. (See: Snapchat, Facebook, Amazon and AT&T, just to name a few.)
Congress is unlikely to pass legislation to regulate Internet of Things devices anytime soon, but some lawmakers are looking more closely at the devices. Republican Senate Commerce Committee Chairman John Thune of South Dakota is planning a hearing on the issue next month.
This article originally appeared on Recode.net.