The UK privacy watchdog has released advice for makers of connected doorbells, thermostats and more, alongside a warning that it will ‘take action, if necessary, to protect people from harm’
The UK’s data-protection regulator has warned manufacturers of smart devices – including fridges and air fryers – that they must respect the privacy of users and avoid “collecting and excessive amount of information”.
The Information Commissioner’s Office has this week published new privacy guidance for makers of internet of things products, covering the likes of smartwatches, speakers and digital fitness trackers, as well as internet-connected domestic devices such as thermostats, doorbells, and kitchen appliances.
The advice – which “specifically doesn’t cover mobile phones, tablets, and computers” – addresses a range of topics, including accountability, lawful and fair processing, how to keep users informed, ensuring accuracy, and security and storage measures for data gathered by devices.
“To help you understand the law and good practice as clearly as possible, this guidance says what organisations must, should, and could do to comply,” the guidance explains.
The new guidelines are informed by insights given by the public during a series of workshops held last year by the ICO with a ‘Citizen Jury’ convened to provide feedback on the issue.
“People shared concerns that products collect too much personal information, and said that they feel powerless to control how their data is used and shared,” the regulator said.
Related content
- Does the UK need an IoT regulator?
- Scottish Government puts funding into IoT scheme
- Do we need regulation for the ‘internet of smells’?
The new advice also follows on from techUK research which found that four-fifths of UK residents own a smart device, as well as a study conducted by consumer rights advocacy organisation Which? that “found that smart products were able to collect excessive data from users, often without being transparent”, according to the ICO.
The watchdog’s executive director for regulatory risk Stephen Almond added: “Smart products know a lot about us: who we live with, what music we like, what medication we are taking and much more. They are designed to make our lives easier, but that doesn’t mean they should be collecting an excessive amount of information. In our increasingly connected world, we shouldn’t have to choose between enjoying the benefits of smart products and our own privacy. We all rightly have a greater expectation of privacy in our own homes, so we must be able to trust smart products are respecting our privacy, using our personal information responsibly and only in ways we would expect.”
Although the ICO stressed that organisations that store and process data bear the ultimate responsibility for doing so safely and legally, the regulator has also provided some tips for individuals that wish to take proactive steps to better protect their information.
This includes researching products thoroughly before purchase, checking permission settings and advertising preferences, choosing a strong password, updating security software whenever possible, and deleting data related to devices that are no longer used.
Almond added: “As the data protection regulator, we are here to tackle unlawful privacy practices, ensuring that organisations keep your personal information safe and give you both clear choices and confidence in how it is used. We want to help organisations get this right from the start – but we are ready to take action if necessary to protect people from harm. When you bring a new smart product into your home, you can feel confident that we have your back.”
