UK privacy watchdog warns that IoT devices can track people

More must be done by manufacturers to warn users their data is being collected

The Information Commissioner's Office (ICO) has told manufacturers of Internet of Things devices they should make better attempts to notify people that data could be collected on them.

Speaking in a keynote speech at the IoT Tech Expo in Olympia, London, Simon Rice, technology group manager at the ICO, said that the IoT industry has to comply with data protection when collecting personal data.

There could arguably be some confusion over what constitutes personal data and Rice set out a few examples of where data is personal and where it isn't. He said that for wind turbines, wind speed wasn't personal data, but if there is data on who is repairing the turbine then that particular data is personal. With bridges, while data could be collected about the cars using it, vehicle registration data could be used to pinpoint the owner or driver and would therefor be considered personally identifiable information.

What definitely is personal data are Mac addresses used in smartphones. "An IPv6 address could be personal as it would be specific to that device," he said. He added that even if individual identification is not the intended purpose, the implications of IoT for privacy and data protection are still significant.

Advertisement - Article continues below
Advertisement - Article continues below

He said that manufacturers should care about personal data and pointed to studies carried out by the ICO found that around 20 per cent of people would stop using a service if a data breach occurred with that service, another 60 per cent could reconsider the service in light of a breach. "Companies could potentially lose up to 80 per cent of their customers in a data breach," he said.

Rice added that the ICO would also take enforcement actions against such firms involved in an incident of that nature.

He also said there are aspects of data protection that are special to IoT and there was potential for covert data collection."People buying smart TVs may not be aware of the data being collected," said Rice.

He asked delegates if any of them had read the privacy policy of the event there were attending, none put their hand up. He showed them the privacy policy and said that "most people wouldn't read this and it would be beyond most expectations to assume they did."

"We want to make sure that people can find privacy policies connected to IOT devices," said Rice.

Rice's comments come on the same day it was revealed toy maker VTech, which recently suffered a hack on its database, has changed its terms and conditions in an attempt to lay the responsibility for the protection of children's data at their parents' door.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now


Information Commissioner

What is the Information Commissioner’s Office (ICO)?

5 Sep 2019
data protection

Bounty fined by ICO for unlawfully sharing member data

15 Apr 2019

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Business strategy

Huawei takes the US trade sanctions into its own hands

3 Dec 2019

Five signs that it’s time to retire IT kit

29 Nov 2019
Mobile Phones

Pablo Escobar's brother launches budget foldable phone

4 Dec 2019