By Andrew Paterson, Senior Technology Officer
Picture yourself coming home from work in twenty years’ time. The house alarm reacts to a signal from your car as you pull up on the drive and turns off. The alarm then triggers the doors to unlock. The doors unlocking tells the lights in your house to come on. You’ve already turned the heating on, using a mobile device while you were at work. All of these processes will have taken place because the devices are connected and able to respond to the others’ actions, based on commands you’ve already given or pre-programmed behaviour.
As well as offering convenience, the Internet of Things also has the potential to save you money. In the UK, the roll out of smart meters is imminent, giving you the opportunity to see how much power your home is using in real time. The devices will allow you to make choices that will not only be reflected on the display, but also in your bill at the end of the month.
However, this information can also potentially link back to the individual, becoming personal data and therefore covered under the Data Protection Act. In a single occupancy household the information collected will generally relate to the one person. In households of more than one person the occupants may interact with the devices through personal accounts, or the devices may interact with a gadget already linked to the individual like a mobile phone.
You can see from the diagram below that the Internet of Things can incorporate many of the different devices many of us already have around our house. We’ve provided a brief overview of the types of information they are likely to process and the benefits that they could bring by being connected. Some of the devices have a limited user interface, which can make it more challenging for manufacturers to inform customers about what the device does. Nevertheless, this is what they must do.
As well as understanding how these devices work and what they can do, it is also important to be aware of the potential security concerns associated with the Internet of Things.
For instance, many of the devices will operate through the internet connection supplied using your router. If someone can get around your router’s security settings then potentially all of the smart devices in your house will be vulnerable. However remote, this is an issue individuals need to be aware of and can take action to address, for example by setting up a strong wireless network password and following the advice in our guidance on keeping your network secure.
Which?’s research into Smart TVs
Without even realising it, many of you may already be sitting next to a device which is arguably part of the Internet of Things. While Smart TVs are still relatively expensive they are quickly coming down in price and allow you not only to browse websites, but access tailored apps and games, plus of course stream TV programmes on-demand.
However, new research published by the consumer group Which? has highlighted that with greater capability, come potential threats to your privacy.
The research focused on the five leading brands of Smart TVs currently on the market today. The consumer group looked at the information being exchanged between the viewer, the TV and the manufacturer, as well as the information provided to consumers to help them understand how their information is being used.
While the results show that the information being exchanged is not particularly sensitive, in many cases it can be classed as personal information. This means that companies will routinely be using your information to tailor the services you receive. This might be through useful features such as suggesting upcoming programmes that you might like to watch, but will also include services you may be less keen to receive, such as targeted advertising – a practice that all but one of the manufacturers surveyed by Which? currently carries out.
If manufacturers are using your personal information in this way then the Data Protection Act requires them to provide an appropriate level of information to explain what’s going on with your details. The Which? research suggests that the information provided to consumers is inconsistent and the choices allowing consumers to stop some of their information being used are often difficult to find and understand.
So what should we all be doing to get ready for the Internet of Things?
As the independent regulator of the Data Protection Act, the Information Commissioner’s Office, is well placed to advise companies on how these devices can comply with the law. But equally, it is important that the public has an understanding of how this technology works and what it means for you. We hope that this blog provides you with a basic understanding of a term that you will no doubt be hearing about in the coming months and years.
If the Internet of Things is to enter our homes it is important that the privacy implications of these devices are fully understood. Consumers buying a new device are increasingly having to factor in terms and conditions of service, as well as the pure technical specifications of the equipment itself. The Which? research has shown that manufacturers need to do more to keep people informed, but we can all play our part by asking the right questions about the services provided.
|Andrew Paterson became Senior Technology Officer at the ICO in November 2012. His main areas of work are advising colleagues on information security aspects of complaints and data breach investigations, and research on how new developments in technology might impact information rights.|
Last updated 21/08/2014 14:00