The Internet of Things (IoT) is an emerging global infrastructure that employs wireless sensors to collect, store, and exchange data. Increasingly, applications for marketing and advertising have been articulated as a means to enhance the consumer shopping experience, in addition to improving efficiency. However, privacy advocates have challenged the mass aggregation of personally-identifiable information in databases and geotracking, the use of location-based services to identify one’s precise location over time. This paper employs the framework of contextual integrity related to privacy developed by Nissenbaum (Privacy in context: technology, policy, and the integrity of social life. Stanford University Press, Stanford, 2010) as a tool to understand citizen response to implementation IoT-related technology in the supermarket. The purpose of the study was to identify and understand specific changes in information practices brought about by the IoT that may be perceived as privacy violations. Citizens were interviewed, read a scenario of near-term IoT implementation, and were asked to reflect on changes in the key actors involved, information attributes, and principles of transmission. Areas where new practices may occur with the IoT were then highlighted as potential problems (privacy violations). Issues identified included the mining of medical data, invasive targeted advertising, and loss of autonomy through marketing profiles or personal affect monitoring. While there were numerous aspects deemed desirable by the participants, some developments appeared to tip the balance between consumer benefit and corporate gain. This surveillance power creates an imbalance between the consumer and the corporation that may also impact individual autonomy. The ethical dimensions of this problem are discussed.
This is a preview of subscription content, access via your institution.
Buy single article
Instant access to the full article PDF.
Price excludes VAT (USA)
Tax calculation will be finalised during checkout.
Acquisti, A. (2010 December 1). The economics of personal data and the economics of privacy. Joint Working Party for Information Security and Privacy (WPISP) and Working Party on the Information Economy (WPIE) Roundtable, background paper 3. Paris: Organisation for Economic Co-operation and Development (OECD).
Acquisti, A., Gross, R., & Stutzman, F. (2011). Faces of Facebook: Privacy in the age of augmented reality. Black Hat 2011. Retrieved on December 11, 2011 from http://www.heinz.cmu.edu/~acquisti/face-recognition-study-FAQ/acquisti-faces-BLACKHAT-draft.pdf.
Albanesius, C. (2011 May 10). Senator has ‘serious doubts’ about privacy of Google, Apple location apps. PC Magazine. Retrieved on June 8, 2011 from http://www.pcmag.com/article2/0,2817,2385150,00.asp.
Angwin, J., & Stecklow, S. (2010 October 12). ‘Scrapers’ did deep for data on Web. The Wall Street Journal. Retrieved on October 20, 2010 from http://online.wsj.com/article/SB10001424052748703358504575544381288117888.html.
Ashton, K. (22 June 2009). That ‘Internet of Things’ thing. RFID Journal. Accessed from http://www.rfidjournal.com/article/view/4986 on May 11, 2010.
Barnett, E. (11 Jan 2010). Facebook’s Mark Zuckerberg says privacy is no longer a ‘social norm’. The Telegraph. Retrieved on March 10, 2010 from http://www.telegraph.co.uk/technology/facebook/6966628/Facebooks-Mark-Zuckerberg-says-privacy-is-no-longer-a-social-norm.html.
Beck, U. (1992). Risk society: Towards a new modernity. London: Sage.
Bennett, C. J. (2008). The privacy advocates: Resisting the spread of surveillance. Cambridge, MA: The MIT Press.
“China working on unified national Internet of Things strategic plan.” (2010 July 5). TMCnews. Retrieved on August 10, 2010 from http://www.tmcnet.com/usubmit/2010/07/05/4884535.htm.
Christakos, H. A., & Mehta, S. N. (2002). Annual review of law and technology. Berkeley Technology Law Journal, , 473.
Clarke, R. (1988). Information technology and dataveillance. Communications of the ACM, 31(5), 498–512.
Daly, E. (2010). Personal autonomy in the travel panopticon. Ethics and Information Technology, 12, 97–108.
Denning, T., Borning, A. Friedman, B. Gill, B. Kohno, T., & Maisel, W. (2010). Patients, pacemakers, and implantable defibrillators: Human values and security for wireless implantable medical devices. In Proceedings of CHI 2010 conference on human factors in computing systems (pp. 917–926). New York: Association for Computing Machinery.
DePaulo, B. M., & Kashy, D. A. (1998). Everyday lies in close and casual relationships. Journal of Personality and Social Psychology, 74(1), 63–79.
Dourish, P., & Bell, G. (2011). Divining a digital future: Mess and mythology in ubiquitous computing. Cambridge, MA: The MIT Press.
Duhigg, C. (2012 February 16). How companies learn your secrets. The New York Times Magazine. Retrieved February 17, 2012 from: http://www.nytimes.com/2012/02/19/magazine/shoppinghabits.html?_r=2&pagewanted=1&hp.
Dworkin, R. (1986). Law’s empire. Cambridge, MA: Harvard University Press.
European Commission & Information Society and Media. (2008). Internet of Things in 2020: Roadmap for the future. European technology platform on smart systems integration. Version 1.1 (27 May, 2008).
European Parliament. http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+TA+P7-TA-2010-0207+0+DOC+XML+V0.
Federal Trade Commission. (2010 December 1). FTC staff issues privacy report, offers framework for consumers, businesses, and policymakers. Retrieved on November 24, 2011 from http://www.ftc.gov/opa/2010/12/privacyreport.shtm.
Federal Trade Commission. (2011 November 21). FTC announces agenda, panelists for facial recognition workshop. Retrieved on November 24, 2011 from http://www.ftc.gov/opa/2011/11/facefacts.shtm.
Federal Trade Commission. (2012 March 26). Protecting consumer privacy in an era of rapid change: Recommendations for businesses and policymakers. Washington, DC: Federal Trade Commission. Retrieved on March 27, 2012, from http://ftc.gov/os/2012/03/120326privacyreport.pdf.
Floridi, L. (2005). The ontological interpretation of informational privacy. Ethics and Information Technology, 2005(7), 185–200.
Friedman, B. (2008). Value Sensitive Design. In D. Schular (Ed.), Liberating voices: A pattern language for communication revolution (pp. 366–368). Cambridge, MA: The MIT Press.
Friedman, B., & Nissenbaum, H. (1996). Bias in computer systems. ACM Transactions on Information Systems, 14(3), 330–347.
Glenn, J. (2009). Scenarios. In J. C. Glenn & T. J. Gordon (Eds.), Futures research methodology—Version 3.0. AC/UNU Millennium Project. Washington: American Council for the UN University.
Haggerty, K. D., & Ericson, R. V. (2006). The new politics of surveillance and visibility. In K. D. Haggerty & R. V. Ericson (Eds.), The new politics of surveillance and visibility (pp. 3–25). Toronto: University of Toronto Press.
Hildner, L. (2006). Defusing the threat of RFID: Protecting consumer privacy through technology-specific legislation at the state level. Harvard Civil Rights-Civil Liberties Law Review, 41, 133–176.
Hill, K. (2012 February 16). How Target figured out a teen girl was pregnant before her father did. Forbes. http://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/.
International Telecommunication Union. (2005). Privacy and Ubiquitous Network Societies: Background paper. In ITU Workshop on Ubiquitous Network Societies, April 6–8, 2005. Geneva: International Telecommunication Union.
Internet of Things Conference Organizing Committee. (2010). Internet of Things. Retrieved on March 17, 2010, from http://www.iot2010.org/outline/.
Keller, J. (2011 September 29). Cloud-powered facial recognition is terrifying. The Atlantic Monthly. Retrieved on October 1, 2011, from http://www.theatlantic.com/technology/archive/2011/09/cloud-powered-facial-recognition-is-terrifying/245867/.
Kling, R. (2000). Learning about information technologies and social change: The contribution of social informatics. The Information Society, 16(3), 217–232.
Lyon, D. (2002). Surveillance as social sorting: Computer codes and mobile bodies. In D. Lyon (Ed.), Surveillance as social sorting: Privacy, risk and automated discrimination (pp. 14–30). London, UK: Routledge.
Lyon, D. (2006). The search for surveillance theories. In D. Lyon (Ed.), Theorizing surveillance: The panopticon and beyond (pp. 3–20). Portland, OR: Willand.
Marx, G. T. (2006). Varieties of personal information as influences on attitudes towards surveillance. In K. D. Haggerty & R. V. Ericson (Eds.), The new politics of surveillance and visibility (pp. 79–110). Toronto: University of Toronto Press.
Microsoft. (2013, June 6). Privacy by design: How Xbox One and the new Kinect sensor put you in control. Retrieved on June 6, 2013 from: http://news.xbox.com/2013/06/privacy.
Moor, J. H. (2008). Why we need better ethics for emerging technologies. In J. van den Hoven & J. Weckert (Eds.), Information technology and moral philosophy (pp. 26–39)., Cambridge studies in philosophy and public policy Cambridge: Cambridge University Press.
Neumann, P. G., & Weinstein, L. (2006). Risks of RFID. Communications of the ACM, 49(5), 136.
Nissenbaum, H. (2010). Privacy in context: Technology, policy, and the integrity of social life. Stanford, CA: Stanford University Press.
nViso. (2011). Technology. Retrieved on October 11, 2011 from http://www.nviso.ch/.
O’Connor, M. C. (2011 April 6). European Commission issues framework for measuring and mitigating RFID’s privacy impact. RFID Journal. Retrieved on April 6, 2011 from http://www.rfidjournal.com/article/view/8345.
Pommeranz, A., Detweiler, C., Wiggers, P., & Jonker, C. (2011). Elicitation of situated values: Need for tools to help stakeholders and designers to reflect and communicate. Ethics and Information Technology,. doi:10.1007/s10676-011-9282-6.
Schwartz, P. (1996). The art of the long view: Planning for the future in an uncertain world. New York: Currency Doubleday.
Schwartz, P. M., & Solove, D. (2011). The PII problem: Privacy and a new concept of personally identifiable information. New York University Law Review, 86, 1814–1894.
Solove, D. (2011). Nothing to hide: The false tradeoff between privacy and security. New Haven, CT: Yale University Press.
Stahl, B. C. (2004). Information, ethics, and computers: The problem of autonomous moral agents. Minds and Machines, 14(1), 67–83.
Turow, J. (2006). Cracking the consumer code: Advertisers, anxiety and surveillance in the digital age. In K. D. Haggerty & R. V. Ericson (Eds.), The new politics of surveillance and visibility (pp. 279–307). Toronto: University of Toronto Press.
van den Hoven, M. J. (1997). Privacy and the varieties of moral wrong-doing in an information age. Computers and Society, 27(3), 33–37.
Weber, R. H., & Weber, R. (2010). Internet of Things: Legal perspectives. Berlin: Springer.
Winseck, D. (2003). Netscapes of power: Convergence, network design, walled gardens, and other strategies of control in the information age. In D. Lyon (Ed.), Surveillance as social sorting: Privacy, risk and digital discrimination (pp. 176–198). New York: Routledge.
Winter, J. S. (2008). Emerging policy problems related to ubiquitous computing: Negotiating stakeholders’ visions of the future. Knowledge, Technology & Policy, 21, 191–203.
The author wishes to thank the reviewers of this article. The author also wishes to thank the participants who took part in this study and the National Science Foundation Team for Research in Ubiquitous Secure Technology (TRUST) Women’s Institute for Summer Enrichment. Preliminary findings of this study were published by the author in the Proceedings of the Pacific Telecommunications Council Annual Conference. Honolulu, Hawai‘i. January, 2012. “Privacy and the emerging Internet of Things: Using the framework of contextual integrity to inform policy.”
Rights and permissions
About this article
Cite this article
Winter, J.S. Surveillance in ubiquitous network societies: normative conflicts related to the consumer in-store supermarket experience in the context of the Internet of Things. Ethics Inf Technol 16, 27–41 (2014). https://doi.org/10.1007/s10676-013-9332-3
- Internet of Things
- Framework of contextual integrity
- Radio-frequency identification (RFID)
- Location-based services (LBS)