ICO crackdown on Internet of Things device privacy

ICO crackdown on Internet of Things device privacy

ICO crackdown on Internet of Things device privacy
ICO crackdown on Internet of Things device privacy

UK data privacy watchdog, ICO, commits to ensuring privacy when it comes to Internet of Things (IoT) technology.

Data privacy regulator, the Information Commissioner’s office (ICO), has said it will ensure that the potential benefits of IoT devices do not compromise privacy regulations in the UK.

The announcement comes after a worldwide study of 300 devices. Around six to 10 Internet of Things devices don’t properly tell customers how their personal information is being used, the study found.

The research carried out by 25 data protection regulators around the world, looked at devices like smart electricity meters, internet-connected thermostats and watches that monitor health, considering how well companies communicate privacy matters to their customers.

The report showed that 59 percent of devices failed to adequately explain to customers how their personal information was collected, used and disclosed; 68 percent failed to properly explain how information was stored; 72 percent failed to explain how customers could delete their information off the device, and 38 percent failed to include easily identifiable contact details if customers had privacy concerns.

Related: IoT devices, CCTV cameras hit in world’s largest DDoS attack

ICO concerns around medical devices

It said that there were also concerns around medical devices that sent reports back to GPs via unencrypted email. The data protection authorities looked at more than 300 devices. The ICO said that authorities will now consider action against any devices or services thought to have been breaking data protection laws.

Steve Eckersley, ICO head of enforcement, said IoT technology can improve homes and health but shouldn’t be at the cost of privacy.

“Companies making these devices need to be clear how they’re protecting customers. We would encourage companies to properly consider the privacy impact on individuals before they go to market with their product and services. If consumers are nervous that devices aren’t using their data safely and sensibly, then they won’t use them,” he said.

“By looking at this internationally, we’ve been able to get an excellent overview on this topic. We’ll now be building on that, working with the industry and looking specifically at companies who might not have done enough to comply with the law.”

Manfred Kube, Head of M2M segment at Gemalto, told Internet of Business that though we have seen IoT adoption approach a tipping point, IoT will not become a part of the mainstream with consumers unless they can trust that their connected devices are secure and their privacy is guaranteed.

“Privacy, security and trust must not be an afterthought when designing for IoT. The highly personal information that many of our devices collect on a daily basis needs to be stored in a system that has security mechanisms like two-factor authentication and encryption, built-in from the very beginning. Controlling who has access to our data is crucial, and developers need to be constantly aware of the threats that connected devices face,” he said.

Related: Privacy and security could hold back IoT adoption, finds report