From the U.K.’s Information Commissioner’s Office:
From smart speakers and fitness trackers to Wi-Fi fridges and interconnected air fryers, smart products have integrated seamlessly into people’s homes and everyday lives – in fact, research shows that four in five Brits own at least one.*
We have today (16 June) published our first guidance for developers and manufacturers of smart products, setting out clearly how people’s personal information should be collected, used and shared responsibly.
Stephen Almond, Executive Director for Regulatory Risk at the ICO, said:
“Smart products know a lot about us: who we live with, what music we like, what medication we are taking and much more. They are designed to make our lives easier, but that doesn’t mean they should be collecting an excessive amount of information.
“In our increasingly connected world, we shouldn’t have to choose between enjoying the benefits of smart products and our own privacy. We all rightly have a greater expectation of privacy in our own homes, so we must be able to trust smart products are respecting our privacy, using our personal information responsibly and only in ways we would expect.”
Last year, we asked the public for their views on smart products in a series of workshops. People shared concerns that products collect too much personal information, and said that they feel powerless to control how their data is used and shared.
The new guidance addresses these concerns, supporting manufacturers and developers to create smart products that comply with data protection law and prioritise people’s privacy. For example, ensuring they are transparent with people about how their personal information is being used, only collecting the information necessary, and helping people to exercise their rights, such as making it easy to delete their data from the product.
Stephen Almond added:
“As the data protection regulator, we are here to tackle unlawful privacy practices, ensuring that organisations keep your personal information safe and give you both clear choices and confidence in how it is used. We want to help organisations get this right from the start – but we are ready to take action if necessary to protect people from harm. When you bring a new smart product into your home, you can feel confident that we have your back.”
An investigation by Which? previously found that smart products were able to collect excessive data from users, often without being transparent.
While it is the responsibility of organisations to keep your data safe, we have also shared some top tips to help people make privacy-conscious purchases. These include:
- Do your research – It’s important to do some research about which smart product is right for your needs before buying. Read reviews and ask yourself whether certain privacy features are important to you. Make sure you’re comfortable with the information the device wants to access.
- Check your permissions – When setting up your product, you have the option to grant it permission to collect certain information. Not all information sharing is necessary for some products to work. Most devices will ask you what information you want to share and with whom during set-up, so use the privacy controls to limit permissions to access your information, if they seem unreasonable. Remember, don’t press agree unless you do.
- Protect your device – Set up a strong password to keep your device secure and consider two-step verification to add an additional layer of security to your account.
- Think about the adverts you want to see – Organisations can use the information your smart product collects to build a detailed picture about you and personalise the adverts you see. They should only use this information for personalised advertising if you have consented. During set-up, check what options you have to control the use of your information for advertising.
- Keep up with the security updates – Updating your software to the latest version can fix bugs and strengthen protection against hackers and cyber criminals. New updates often address any vulnerabilities that could enable hackers to access your data.
- Remove your data when it is no longer needed – When getting rid of your smart product, you’ll want to be sure that you’ve removed your information. You can usually erase all information and reset the device via the settings.
Smart devices are one of 40 items in our exhibition illustrating how privacy has been at the centre of some of the biggest developments in technology. Find out more by visiting its digital exhibition ‘Our Lives, Our Privacy.’
We have a wealth of resources for the public about personal data rights and how to exercise them.
If anyone has bought a smart product and still has concerns about how their data is being used, they can complain to us.