A recent study by the Global Privacy Enforcement Network (GPEN), a collaboration between 25 data protection regulators around the world, has found that 6 out of 10 Internet of Things devices failed to properly tell customers as to how their personal data is being used.

The study looked at devices like smart meters, interconnected thermostats, wearable devices and similar technology and found that:

  • 59% of devices failed to adequately inform customers as to how their personal data were collected, processed and disclosed.
  • 68% failed to properly explain how personal data were stored.
  • 72% gave little or no information as to how individuals could delete their data.
  • 38% failed to provide clear information as to how customers could complain and to whom.

With regards to health data there was a particular concern around many medical devices that failed to encrypt sensitive data during data processing and data transfers.

Whilst smart homes and wearable technologies have many positive services and solutions for consumers more often than not their software developers fail to address privacy by design or security by default and this will have to change when the General Data Protection Regulation comes into force in the EU in May 2018.

The fact that GPEN are already looking at these issues must be a warning to developers and device manufactures that they need to address data privacy and information security as a matter of urgency.