January 14, 2025

Free Your Rive

Building Bridges to the Digital Age

How household gadgets from air fryers to coffee machines are spying on us

How household gadgets from air fryers to coffee machines are spying on us

Britain’s data watchdog is drawing up tough new guidelines requiring smart device producers to more strictly limit their information gathering

A warning has been issued about kitchen gadgets such as air fryers snooping on families by tracking their conversations, lifestyle choices and personal data.

The Information Commissioner’s Office (ICO) said smart devices are collecting too much information and are leaving consumers feeling powerless to stop them.

The data watchdog is now working on tougher new guidance for manufacturers to spell out what they need to do to comply with data protection laws and protect consumers.

An estimated £15bn of smart gadgets will be bought by Britons this Christmas, and many people won’t bother reading the small print which comes with them.

According to one estimate, the average consumer privacy policy runs to 8,000 words, requiring around 35 minutes of reading time. But those who do linger on the terms and conditions of products ranging from Wi-Fi-enabled coffee machines to robotic vacuum cleaners could be in for a shock.

The ICO said: “We want to help organisations get it right – however we will be closely monitoring their compliance and will be ready to act to ensure consumers are protected from harm.”

The guidelines are due to be issued next spring will require producers to more strictly limit their data gathering and ensure they collect only what is needed to make their products function.

The ICO has revealed that “many products fail to not only meet our expectations for data protection but also consumer expectations”. Their study earlier this year recorded an “overwhelming” feeling among consumers that “Internet of Things (IoT) products collect an excessive and often unnecessary amount of personal information”.

Consumer and privacy experts warn manufacturers of so-called IoT products are seeking access to a bewildering and uncontrolled array of personal information – ranging from a user’s precise location to the list of apps on their mobile phone – as a quid pro quo for connecting household appliances across Britain to the information superhighway.

Privacy polices examined by The i Paper suggest manufacturers, who have spent heavily on mobile phone apps and online platforms to allow users to interact with their devices, are routinely gathering information that ranges from social media entries and eating habits to customers’ live locations.

Sage, an Australian-owned brand which makes high-end appliances including premium coffee machines, reserves the right for its smart ovens and similar appliances to collect details of “what you are cooking and how you cook”.

Research by Which? revealed a catalogue of “excessive smart device surveillance”, including three Chinese-made brands of air fryer seeking permission to record audio such as conversations on a user’s phone, with two of the products sending consumer data back to servers in China and one sharing it with a subsidiary of TikTok.

Other producers, including makers of smart watches and televisions, were found to be collecting information including precise location and, in one case, requiring access to stored files on a user’s mobile phone.

Separate fears have also been raised by the way data is collected for health apps and devices, in particular increasingly popular period-tracking and fertility apps.

Slavka Bielikova, principal policy adviser at the ICO, said: “Smart products know a lot about us – who we live with, what music we like, what medication we are taking. That’s why it’s vital that consumers trust product manufacturers to use their information safely and in the ways they expect… the upcoming guidance will provide clarity.”

An executive with one European smart gadget producer, whose machines do not collect or transmit user data, said: “You see companies collecting all manner of information about things like lifestyle choices or social media user names. I struggle to see the justification.”

There is no suggestion of illegality, not least because existing rules allow for a wide range of information to be amassed. Consumer groups argue these rules, under which companies can collect information they consider to be within their “legitimate interests”, are being interpreted with disproportionate latitude.

Rocio Concha, Which? director of policy and advocacy, said customers were in effect paying twice for their products, once with money and a second time in their personal information.

She said: “Consumers will be flocking to buy the latest connected tech this Christmas. However, recipients could be in for a surprise, as they unknowingly sign up to excessive data collection with hardly any transparency over what it is being used for.”

Smart TV manufacturers Hisense and Samsung were found to require a user’s postcode during the set-up process, although both brands said a partial postcode could be submitted and the information was solely used to allow for the localisation of some content. Both companies said they were fully compliant with UK privacy laws.

A separate analysis by The i Paper found several washing smart machine manufacturers, which allow users to control the appliance from their phone, wanting to know the date of birth of their customers and at least one company tracking the location of a user by default.

Sage Appliances, whose top-end coffee makers sell for £1,500, states in its user manual that some of its machines contain a “small chip” which records information including “frequency of use”. The policy makes clear smart devices can be “de-linked”. Sage did not respond to request for comment.

Several experts and industry sources said there are legitimate reasons for manufacturers to collect data from connected devices and users, including improving and updating performance and tailoring the performance of smart gadgets.

It could also be a simple matter of making ends meet. Ken Munro, an internet security expert, suggested that amassing anonymised data on the habits of users then offering it to third parties provides manufacturers with a means of paying for the costly remote access platforms needed to provide the abilities of connected devices.

According to one estimate, global spending on consumer electronics is expected to rise by nearly 7 per cent a year until it reaches $1.8trn (£1.4trn) in 2030. A survey last month by emergency repair provider HomeServe found that one in four Britons is expecting to purchase a smart gadget over Christmas, spending some £15.4bn.

Earlier this year Britain became the first country in the world to set legally enforceable cyber security standards for IoT devices. But experts argue not enough is being done curtail the data gathering of manufacturers, in particular those based abroad with no administrative presence in the UK.

The i Paper understands that the ICO has to date not taken enforcement action against any IoT manufacturers.

Consumer groups argue that existing rules, under which companies can collect information they consider to be within their “legitimate interests”, are being interpreted with disproportionate latitude.

Concern has also been expressed over data privacy linked to health technology. A study by King’s College London and University College London earlier this year warned that misleading or unclear data policies were posing a risk to the users of some products. In some cases, the policies would allow highly intimate user data to be accessed by law enforcement in countries or jurisdictions, including some US states, where abortion is prohibited.

Several experts and industry sources pointed out that there were entirely legitimate reasons for manufacturers to collect data from both their connected devices and users, including improving and updating performance and tailoring the performance of smart gadgets to the needs of each consumer.

But, according to critics of the existing regulatory system, the precise destination of the personal information gathered by some manufacturers and the extent to which it is shared with third-parties is often obscure.

To this data free-for-all should be added the increasing influence of artificial intelligence both in the software used to run connected machines and also the interpretation of the data provided by devices and their owners.

Samsung this summer announced it had bought Oxford Semantic Technologies, a spin-out from Oxford University set up by three academics, with a view to using its pioneering AI-based software to create “hyper-personalised” services which it said would eventually be extended to TVs and home appliances. The Korean technology giant said the advance would also ensure the security of personal data on any of its devices.

According to the Coalition on Secure Technology, a UK lobbying group, Britain and other Western countries face a unique risk from devices known as cellular IoT modules (CIM) – small wireless communication devices which both collect data and transmit updates to the products into which they are installed. It is expected that by the of this year some 30.9 billion CIMs will be in use around the world, over 60 per cent of which are made by Chinese manufacturers.

While CIMs are not widely used in smaller appliances, they are present in devices such as household internet routers, smart meters and electric vehicles, as well as infrastructure from energy grids to ports. The Coalition on Secure Technology argues that the ability of CIMs to send operating updates to devices leaves them open to being remotely monitored and even disabled from China.

In a recent report, the lobbying group said: “It is possible to send instructions buried in software updates to immobilise vehicles. It would not take many simultaneously immobilised vehicles to paralyse London traffic.”


link

Copyright © All rights reserved. | Newsphere by AF themes.