While IoT devices are convenient and offer users a lot of useful information and services, they can also collect an enormous amount of data about you and your personal habits. In some cases, you may choose to share such information. But in other cases, the device may collect it automatically. For example, by analyzing when you interact with an IoT device, the maker may be able to infer when you come and go from your home or even your sleeping habits. For wearable IoT devices such as smartwatches, an IoT maker may know your location and be able to figure out when you are on vacation, your exercise habits, and other health-related information. This is a lot of data to entrust to an IoT device maker without knowing how this data will be used, shared or sold. Therefore, consumers should be concerned with the device maker’s privacy and security practices.
Privacy concerns not only include what information the device maker collects about you but how the device maker uses that data. Does the device maker use it only for the purpose for which the consumer provided the data? Or, does it use that data to market to you? Does it share or sell that data and, if so, for what purposes? What confidentiality obligations are these third-parties bound by? As far as security goes, what assurances has the maker given that it has put adequate safeguards in place to protect the data from being hacked?
Before asking Santa for an IoT device, you should carefully weigh the benefits of owning the device against the data privacy and security risks. If the benefits outweigh the risks, consider keeping it on your list. The Fitbit Versa smartwatch is still on mine.