Privacy Commissioner warns of ‘hidden risks’ of the IoT
Privacy Commissioner warns of ‘hidden risks’ of the IoT

The Australian Privacy Commissioner has warned that Australian businesses assessed as part of a global sweep of Internet of Things products and services generally lack clear information for customers about how their personal information was being managed.

And, more than half of Aussie businesses have failed to adequately explain how personal information was collected, used and disclosed, according to the Privacy Commissioner.

The sweep of IoT devices, just released by Australian Privacy Commissioner, and fellow international regulators, through the Global Privacy Enforcement Network (GPEN), reveals that 71% of the IoT devices and services, and how information is managed, were not adequately explained by Australian businesses.

Other findings of the sweep of the Australian market and Aussie businesses also found that:

•    69% did not adequately explain how customers could delete their information off the device

•    38% failed to include easily identifiable contact details if customers had privacy concerns

•    91% did not advise customers to customise their privacy settings

•    89% of organisations did not clearly indicate whether there were tools a user could access to delete personal information off the device so they can resell the     device

•    93% of devices did not clearly tell users if or how they could delete information remotely if their device is lost or stolen.

Internet of Things technology is built into all kinds of services like movie streaming, fitness trackers, home appliances and children’s toys, but, as the Privacy Commissioner Timothy Pilgrim explains, the seamless nature of how these devices collect, store and share user information means that customers are not always “fully aware of the privacy risks”.

Accordingly, the 26 privacy enforcement authorities that make up GPEN examined the privacy policies of over 300 businesses around the world, including 45 used by Australian consumers every day.

“The Internet of Things allows for some great products and entertainment, but many of us have adopted this technology into our everyday lives without considering how much of our personal information is being captured or what happens to that information,” Pilgrim says.

“Remember, for an Internet of Things device to work for you it needs to know about you, so you should know what information is being collected and where it is going.

“I encourage all Australians to look for privacy policies before you decide to use a device, and ensure you are comfortable with what information is being collected and how it is being managed.”

Pilgrim says that the majority of the businesses reviewed in the sweep could benefit from better explaining their information handling practices to customers.

And, the Commissioner says his office is working with businesses and start-ups to help them better understand their privacy obligations, and creating a range of educational materials on developing and implementing best privacy practices.

“This year’s GPEN sweep has reinforced how important it is for businesses, particularly start-ups, to implement a ‘privacy-by-design’ approach, where strong privacy frameworks and communications are implemented from the beginning.

“Strong privacy protections and clear explanations for how personal information is managed helps build consumer trust. It also avoids the costly exercise of building these privacy frameworks later on, most often after something has already gone wrong.”

For more information on the Privacy Commissioner’s IoT report click here.

Our Partners