Google buys Nest: data / privacy implications
< All blog stories

Google buys Nest: data / privacy implications

Bruno Girin
Author: Bruno Girin January 14, 2014

The Internet was in a bit of a frenzy last night as Google announced that they acquired Nest for a cool $3.2 billion. Everybody from technology web sites like TechCrunch or The Register to general media like the BBC and The Guardian had something to say about it and analysis to offer. The original press release doesn’t say much so everything beyond this is speculation.

At EnergyDeck, we have a team composed of former employees of Google and Opower among others, working on an innovative web-based solution for energy management in buildings. So it goes without saying that we’re rather excited about the news. However, I’d like to take a step back and look at the acquisition and potential implications for users from a pure data and technology standpoint.

Nest recap

Nest produce two products, a smart thermostat and a fire and carbon monoxide alarm. Both are smart devices and can be accessed via mobile apps. The thermostat in particular learns your habits so that it automatically creates a personalised schedule based on when and how you turn it up and down, the idea being that after a while, the house will automatically cool down when you leave and warm up when you’re about to come home.

In order to operate, it must store a number of data items at all times:

  • The current temperature of the house,
  • The target temperature of the house,
  • Whether the heating is on or off.

In order to provide the self-learning functionality, it must keep that data as a historical schedule, daily at least, possibly weekly. From that data, you can infer how quickly the house heats or cools, which in turn gives an indication of how well insulated it is. This is potentially very useful data for residents who can then understand their home’s energy consumption better.

Another piece of information you can infer from the data stored by the Nest thermostat is whether residents are in the building at any time. Combined with the schedule, you can infer at what time they are likely to leave or come back, which underpins the learning abilities of the thermostat. Finally, the thermostat has the ability to be controlled remotely using a mobile application.

Basic privacy and security

The type of data stored by the Nest thermostat, what additional data can be inferred from it and the fact that it can be controlled remotely raise privacy and security concerns that are similar to the concerns around smart meters in the UK.

The data gathered or inferred is very useful for the resident but its very nature means that it should stay private. One of the more obvious questions is what would happen if a burglar were to get hold of customer data that indicates when the customer is in or out of the house? With such devices, it is essential to ensure that the device’s owners are the only ones who have access to its data.

The remote control facility is undoubtedly one of Nest’s USPs and significantly improves the usability of the device. However, this must be done in such a way that the controlling mobile phone and the thermostat are paired and that the communication is secure so that only the owner of the thermostat can control it remotely.

As an independent technology company, it is fair to assume that Nest have considered those issues and have the experience to deal with them effectively. This is made easier by the fact that the scope of their offering is small and well defined.

The Google deal

With Google buying Nest, it all becomes a tad more complicated. Google is a large organisation that does a lot of things and at its core, its business model is to know as much as possible about its customers in order to sell ads and provide services users love.

There are no concrete announcements yet as to Google’s plans with Nest, but there are definitely a lot of interesting opportunities. One possibility is of course that they would allow users to link their Nest thermostat to their Google identity. Doing this would have a number of interesting consequences:

  1. Google would gain more insight into how people live their lives by having access to a device that is in people’s home and that is linked to their online identity. That insight could be coupled to lifestyle habits and form the basis of interesting behaviour change initiatives to help customers manage their energy better. It could also give Google an opportunity to serve better targeted ads. Fancy seeing an ad for double glazing if Google deems your home is badly insulated?
  2. If two people where to link their identities to the same thermostat, Google can infer that they live together. Conversely, if the same person links their Google identity to several thermostats, they can link those properties together. Whether this makes a real difference to what they already know is debatable.
  3. It gives Google a link to the real world. Have you ever wondered why some banks have a complicated process to register to their internet banking offering that requires them to send you paperwork by post? They do this as a fraud prevention measure: by linking back the creation of the online account to a real address and a physical piece of paper being sent, they significantly increase the barrier for fraudsters that would attempt identity theft by registering other people’s bank accounts with their internet banking. This would do the same for Google: the Google identity that is currently purely virtual would be linked back to a real identity in the physical world. Now things become interesting.


Bringing together a device like Nest with the analytical capacity of a company like Google yields massive opportunities in terms of demonstrating what can be done with the Internet of Things in the cleantech sector. It could provide customers with amazing insight into their energy use and enable them to really make a difference to their bills.

As ever, cross-referencing various large data sets, including potentially sensitive ones, comes with significant challenges in privacy and security. We are curious to see how Google and Nest are planning to address those, as this can provide highly relevant examples for the rest of the industry. Here’s hoping that these examples will be of the “how to do it right” vs. the “how not to do it” type!