The Information Commissioner's Office (ICO) has told manufacturers of Internet of Things devices they should make better attempts to notify people that data could be collected on them.
Speaking in a keynote speech at the IoT Tech Expo in Olympia, London, Simon Rice, technology group manager at the ICO, said that the IoT industry has to comply with data protection when collecting personal data.
There could arguably be some confusion over what constitutes personal data and Rice set out a few examples of where data is personal and where it isn't. He said that for wind turbines, wind speed wasn't personal data, but if there is data on who is repairing the turbine then that particular data is personal. With bridges, while data could be collected about the cars using it, vehicle registration data could be used to pinpoint the owner or driver and would therefor be considered personally identifiable information.
What definitely is personal data are Mac addresses used in smartphones. "An IPv6 address could be personal as it would be specific to that device," he said. He added that even if individual identification is not the intended purpose, the implications of IoT for privacy and data protection are still significant.
He said that manufacturers should care about personal data and pointed to studies carried out by the ICO found that around 20 per cent of people would stop using a service if a data breach occurred with that service, another 60 per cent could reconsider the service in light of a breach. "Companies could potentially lose up to 80 per cent of their customers in a data breach," he said.
Rice added that the ICO would also take enforcement actions against such firms involved in an incident of that nature.
He also said there are aspects of data protection that are special to IoT and there was potential for covert data collection."People buying smart TVs may not be aware of the data being collected," said Rice.
He asked delegates if any of them had read the privacy policy of the event there were attending, none put their hand up. He showed them the privacy policy and said that "most people wouldn't read this and it would be beyond most expectations to assume they did."
"We want to make sure that people can find privacy policies connected to IOT devices," said Rice.
Rice's comments come on the same day it was revealed toy maker VTech, which recently suffered a hack on its database, has changed its terms and conditions in an attempt to lay the responsibility for the protection of children's data at their parents' door.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firmsNews Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
-
ICO reprimands Coventry school over repeated data protection failuresNews The ICO said the academy trust failed to follow previous guidance, which caused a serious data breach
-
ICO dishes out fine to HelloFresh for marketing spam campaignNews HelloFresh failed to offer proper opt-outs, the ICO said, and customers weren’t warned their data would be used for months after they cancelled
