Data and securityCyber SecurityPrivacy regulators study finds Internet of Things shortfalls

Privacy regulators study finds Internet of Things shortfalls

Authorities will now consider action against any devices or services thought to have been breaking data protection laws

Six in ten Internet of Things devices don’t properly tell customers how their personal information is being used, an international study has found.

The study, by 25 data protection regulators around the world, looked at devices like smart electricity meters, internet-connected thermostats and watches that monitor health, considering how well companies communicate privacy matters to their customers.

The report showed:

  • 59% of devices failed to adequately explain to customers how their personal information was collected, used and disclosed;
  • 68% failed to properly explain how information was stored;
  • 72% failed to explain how customers could delete their information off the device, and
  • 38% failed to include easily identifiable contact details if customers had privacy concerns.

Concerns were also raised around medical devices that sent reports back to GPs via unencrypted email.

The data protection authorities looked at more than 300 devices. Authorities will now consider action against any devices or services thought to have been breaking data protection laws.

The work was coordinated by the Global Privacy Enforcement Network, and follows previous reports on online services for children, website privacy policies and mobile phone apps.

The action is being led by the Information Commissioner’s Office (ICO) in the UK. Steve Eckersley, ICO head of enforcement, said: “This technology can improve our homes, our health and our happiness. But that shouldn’t be at the cost of our privacy. Companies making these devices need to be clear how they’re protecting customers.  We would encourage companies to properly consider the privacy impact on individuals before they go to market with their product and services. If consumers are nervous that devices aren’t using their data safely and sensibly, then they won’t use them.

“By looking at this internationally, we’ve been able to get an excellent overview on this topic. We’ll now be building on that, working with the industry and looking specifically at companies who might not have done enough to comply with the law.”

Related Articles

Government and tech industry hold roundtable on IoT security

Cyber Security Government and tech industry hold roundtable on IoT security

2y Jay Ashar
New Army cyber operations centres for MOD

Cyber Security New Army cyber operations centres for MOD

2y Jay Ashar
Competing priorities biggest roadblock to cybersecurity

Cyber Security Competing priorities biggest roadblock to cybersecurity

2y Jay Ashar
Cybersecurity is a market for lemons

Cyber Security Cybersecurity is a market for lemons

2y Bernard Parsons
Compulsory cyber awareness training for Cardiff council staff

Cyber Security Compulsory cyber awareness training for Cardiff council staff

2y Jay Ashar
UK government to assess the cyber security capability landscape

Cyber Security UK government to assess the cyber security capability landscape

2y Jay Ashar
New capability to help organisations fight cyber threats

Cyber Security New capability to help organisations fight cyber threats

2y Jay Ashar
Room for more cybersecurity over and above GDPR

Cyber Security Room for more cybersecurity over and above GDPR

2y Jay Ashar