Privacy is a basic human right and should not be forgotten. It must not be coupled with functionality – i.e., there cannot be a binding: ‘You must share your data with us or else we don’t offer this or that feature.’ One exception is, of course, if that functionality requires the data to be saved and shared.
A good example would be: Don’t save statistics and history if the customer does not want to! If the customer wants to use a voice assistant, I imagine there needs to be a contact between the Zehnder Cloud with Amazon or Google. (It would be better if there would be a direct contact between the local Zehnder devices and Amazon and Google, instead of using the Zehnder cloud; but I don’t know the working details.)
However: If the user wants to enable a voice assistant, there is no need to save the history or any analytics in the Zehnder cloud. The current values (if at all) will largely suffice.
The general reasoning should be: Let the user select, don’t save anything that the user does not want to share, presume the user does not want to share anything unless they told you so, and only save the data that is strictly necessary (data minimisation). This is not only required by law in the EU, but it gives the paying customer confidance in using your products and services.
Why is this so important? Well, every gathered dataset, regardless of the way it is secured, will eventually become compromised. History has shown that the question is not ‘if’ but ‘when’. And when it happens, I’m sure many people do not want to have a history when they showered, when they were awake and when they were on holidays to be available for any malicious actor.
Thanks a lot!
Dear customer
Thank you very much for your valuable feedback.
As a company based in Switzerland privacy is very important for Zehnder. In all our solutions for our customers, privacy and security are core criteria, that we highly value in our design and implementation.
We fully agree that the owner of the operational data needs to have full control of what he or she wants to share and what not. By design the access to the operational data linked to a customer is not possible for Zehnder nor for an installer (partner) without the approval of the owner of the device.
Zehnder and partners get only access to your operational data when this is actively approved by you as customer and only for a limited time (2 hours) with the purpose to give remote support.
Additionally, we also allow the customer to share data anonymously with Zehnder. This can be used by the R&D department for product optimizations.
But for sure we need to be clearer and more transparent by communicating, which data we are collecting and what we later on do with it. This will be available very soon in the IoT dashboard to all our users.
The offered functionalities data storage and voice control should be independent of each other each other.
This is already considered in our design concept in the backend system, but as you know we are currently in a beta phase and our assumption was, that a customer wants to test all new features as a bundle. For simplicity reasons, we will keep the bundle (all cloud features on/off) as it is until the end of the beta phase.
When the cloud solution goes live, the user will be able to granularly choose which features (s)he wants to enable or not.
We hope we could give you a better understanding of our security considerations for the beta phase and could win your trust, that privacy is a key element in all our solutions for the customer, which is by the way not limited to Zehnder IoT or cloud solutions.
Best regards
IoT Cloud Team
👍
Very good to hear that privacy is a prime focus for these features.
I’m hoping that the design really is ‘privacy first’, if it is then I expect it to be able to function locally, without using a cloud service.
BSH (Bosch/Siemens) has HomeConnect, that works with a cloud service, but most functionality is also available locally. I.e. reading statistics and controlling devices. If you want to do remote control with the BSH provided apps then you need cloud integration. If you want to control the devices with another home or building management system then all data and all connections stay on premise.
I for one really don’t like the idea of a vital part of our building installation being remotely accessible. Everything related to building automation is on a different network and firewalled with only the bare minimum access allowed. This doesn’t included access to remote servers for control or statistics gathering.
Everyone always has the best intentions when it comes to privacy and security, but every devices that’s connected to the internet results in an increased attack surface on the local network. These are all devices that are very hard to control, monitor or audit when it comes to security.
So please include a local API for sensor data and control.