- Many home devices harvest and share more data than is necessary
- US and UK watchdogs are setting out rules to protect device owners
- Researching appliances and using them offline can help keep data secure
Last month, consumer body Which? revealed that many popular smart home devices, including air fryers, may be capturing unnecessary data and sharing it with third parties - facts that you could easily miss when choosing and setting up a new appliance. Now, consumer rights watchdogs in the US and the UK have outlined plans to force companies to be more transparent about what information they keep, and how it's used.
As Gizmodo explains, the Information Commissioner’s Office (ICO) in the UK is planning to issue new guidance to companies early next year specifically related to smart home tech and user privacy. According to the ICO, this "will outline clear expectations for what they need to do to comply with data protection laws and, in turn, protect people using smart products."
Meanwhile, in the US, the Consumer Financial Protection Bureau (CFPB) has proposed a new rule that would limit brokers' ability to sell personal information that might been acquired in data breaches. Under the proposed rule, these brokers would be treated like credit bureaus and background check companies, and held to the same standards.
How to keep yourself (and your data) safe
This is promising news, but how can you determine whether a smart home device is safe to use right now? Reading the privacy policy thoroughly is the obvious first step, but some can be prohibitively lengthy.
Home tech companion apps come with their own privacy policies too, but remember that just because a device has a companion app, or can be connected to Wi-Fi or Bluetooth, it's often not necessary to use its key functions. For example, my electric toothbrush has an app that awards you badges for brushing your teeth for two minutes twice a day, but it works perfectly fine without that. Similarly some of the best air fryers have an app that lets you adjust the temperature remotely and provides recipe ideas, but isn't mandatory for cooking your fries.
If your device does need to be online, The Mozilla Foundation's Privacy Not Included report is a good starting point. The foundation's researchers have pored over the privacy policies for dozens of products, including home security cameras, smart thermostats, and robot vacuum cleaners, to find out exactly how much data they gather, what their default privacy settings are, who your data may be shared with, and what could happen if the company suffers a data leak.
For example, the Garmin Index S2 smart scale collects a lot of personal information (gathering biometrics is its job, after all), but the company's privacy policy is transparent, neither shares nor sells your data, and has acted on previous advice from Mozilla to make it clearer that all users have the right to delete their data, regardless of where they live.
Ecobee (maker of one of the Ecobee SmartThermostat) also earned praise for its SmartCamera home security device, which sends encrypted video footage directly to your phone without being recorded. If you do choose to save any photos or clips, the company says they will be deleted from its servers automatically when you uninstall the app.
Make sure that any connected devices are set to receive automatic security updates so any vulnerabilities discovered are patched as soon as possible.
What's the worst that could happen?
If your data isn't properly protected, the results can be devastating. Just last week, personal data from matchmaking site Senior Dating was discovered on data leak site Have I Been Pwned, exposing sensitive data relating to over 700,000 people, including photos, email addresses, and physical locations.
In October, a Brazilian driving school was found to have exposed the sensitive data of 400,000 people by leaving a database unsecured. Photos, full names, addresses, and government ID numbers were all left unsecured, putting people at serious risk of identity theft and harassment.
When we review a product here at TechRadar, we'll always let you know whether a mobile app is available, and what it actually does so you can make an informed choice about what data you're sharing.