The Global Privacy Enforcement Network (GPEN) has decided to focus this year’s Sweep, a worldwide initiative to help combat cyberscams, by spending a day intensively searching the internet, on the Internet of Things. It will take place around April or May and will involve a number of data protection authorities from around the world, including the French CNIL. Sweep participants will look at the privacy communications and practices related to Internet connected devices, but each has the flexibility to choose a different category of products and a preferred approach. While some authorities have opted to sweep wearables, health-related devices or appliances, others will be looking at very specific things like smart meters, connected cars or smart TVs.
The CNIL will focus its tests in May 2016 to three categories of objects that could impact privacy in everyday life: (i) home automation objects: connected cameras that can detect movement within the home or measure the air quality; (ii) health related devices: scales, blood pressure monitors and glucose monitors whose purpose is to collect related health data; and (iii) so called “wellness” objects: watches and bracelets, which may collect location data but also calculate the number of steps taken, daily calories consumed and analyse the quality of sleep.
The audit will assess: (i) the quality of the information delivered; (ii) the level of security of data flow; and (iii) the degree of user control over the operation of its data (consent, exercise of rights, etc.).
CNIL Press Release (in French)