The Office of the Data Protection Commissioner (ODPC) has conducted a review of Internet of Things (IoT) devices alongside 29 other data protection authorities as part of a Global Privacy Enforcement Network (GPEN) Sweep. The GPEN previously conducted a "Privacy Sweep" on websites and mobile apps in 2013 (as reported here).
The review involved an in-depth look at IoT devices available in Ireland including smart electricity meters, fitness trackers and telematics, and considered the extent to which companies effectively communicate privacy information to their customers. In carrying out the review, each authority had the flexibility to focus on actual products purchased, investigating statements published on company websites or by directly connecting with a manufacturer.
The combined results of the GPEN Sweep will be published in September. The data protection authorities involved will also consider action against providers in respect of any devices or services that are found to be in breach of applicable data protection laws.
Given the sensitivity of the information gathered by IoT devices, it is imperative that the providers of such devices are transparent about what they collect, how the information will be used and with whom the data will be shared in order to ensure compliance with data protection laws in Ireland and abroad.