UK privacy watchdog warns that IoT devices can track people

More must be done by manufacturers to warn users their data is being collected

The Information Commissioner's Office (ICO) has told manufacturers of Internet of Things devices they should make better attempts to notify people that data could be collected on them.

Speaking in a keynote speech at the IoT Tech Expo in Olympia, London, Simon Rice, technology group manager at the ICO, said that the IoT industry has to comply with data protection when collecting personal data.

Advertisement - Article continues below

There could arguably be some confusion over what constitutes personal data and Rice set out a few examples of where data is personal and where it isn't. He said that for wind turbines, wind speed wasn't personal data, but if there is data on who is repairing the turbine then that particular data is personal. With bridges, while data could be collected about the cars using it, vehicle registration data could be used to pinpoint the owner or driver and would therefor be considered personally identifiable information.

What definitely is personal data are Mac addresses used in smartphones. "An IPv6 address could be personal as it would be specific to that device," he said. He added that even if individual identification is not the intended purpose, the implications of IoT for privacy and data protection are still significant.

Advertisement - Article continues below

He said that manufacturers should care about personal data and pointed to studies carried out by the ICO found that around 20 per cent of people would stop using a service if a data breach occurred with that service, another 60 per cent could reconsider the service in light of a breach. "Companies could potentially lose up to 80 per cent of their customers in a data breach," he said.

Advertisement - Article continues below

Rice added that the ICO would also take enforcement actions against such firms involved in an incident of that nature.

He also said there are aspects of data protection that are special to IoT and there was potential for covert data collection."People buying smart TVs may not be aware of the data being collected," said Rice.

He asked delegates if any of them had read the privacy policy of the event there were attending, none put their hand up. He showed them the privacy policy and said that "most people wouldn't read this and it would be beyond most expectations to assume they did."

"We want to make sure that people can find privacy policies connected to IOT devices," said Rice.

Rice's comments come on the same day it was revealed toy maker VTech, which recently suffered a hack on its database, has changed its terms and conditions in an attempt to lay the responsibility for the protection of children's data at their parents' door.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now


General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020
Information Commissioner

What is the Information Commissioner’s Office (ICO)?

15 Apr 2020

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020

Most Popular

Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
cyber security

Microsoft bans Trend Micro driver from Windows 10 for "cheating" hardware tests

27 May 2020
data protection

NHS yet to understand risks of holding Test and Trace data for 20 years

29 May 2020