Several gadegts laid out on a desk; an Apple laptop, a Kindle e-reader, mobile phone, a camera. Plus a notepad, sunglasses and wallet
Photo by Héctor Martínez on Unsplash

What is the Internet of Things and what does it mean for your data?

You’ve probably heard of the concept of “smart homes.”

It’s also likely that you have some, maybe all, of these things in your home:

  • Smart TV
    Smart Television showing a selection of applications
  • Games consoles
    Hands holding Playstation 5 controller
  • Smart speaker
    Amazon Alexa Smart Speaker
  • Wearable tech such as a smartwatch or wireless headphones
    Person using a smartwatch
  • Camera-integrated doorbell
    Black Ring Doorbell
  • Security cameras that link to an app on your smartphone
    Security camera
  • App-controlled heating and electric devices
    Nest Thermostat

What do all these things have in common? They all need to connect to the internet to allow you to use them to their fullest potential. This is what we mean when we talk about the Internet of Things (IoT). Although it’s a techy sounding term, it just means your stuff that connects to the internet.

And we have a lot of it!

On a grander scale, the IoT has the potential to change our lives in years to come. The use of connected tech, alongside things like artificial intelligence (AI) and machine learning tools, could improve everything from the flow of traffic to diagnosing serious illnesses.

Yet, for your smart speaker or camera-integrated doorbell to work as you want it to – never mind telling you to go to the doctors – the IoT needs to collect an immense volume of data.

How do IoT connected devices collect your data?

There are many ways IoT connected devices can collect your data, including some you might not even realise are possible.

Some of the ways data about you is potentially being collected include:

  • Your TVs, games consoles, and smartphones collecting data about your usage, watching, and gaming habits.
  • Acoustic and biometric sensors can collect data about our health and speech patterns.
  • Depending on where they’re used, optical sensors can potentially collect data about what time we leave and arrive home, what time we go into the kitchen, and how long we spend sitting in front of the TV.
  • You will usually need to sign in to an IoT device, establishing an identifying connection every time you do so. Depending on how this data is used, your identifiers – which might only be your email address – could go into a larger database and be connected to other identifiers held by the provider of your IoT device or a partner.
  • When you connect and communicate to an IoT device, your IP or MAC address may be collected, which may identify your location and potentially even your identity.

The General Data Protection Regulation (GDPR) and Data Protection Act (2018) have principles around:

  • Minimising the collection of data
  • Only collecting data that is necessary for fulfilling a specific commercial purpose (i.e. for your device to work)
  • Only using anonymised data if it is fully anonymised and you cannot be identified, even if multiple anonymised datasets are combined.

Of course, one of the most significant problems here is that it’s easy for businesses to say they need to collect a raft of data for your devices to work correctly. However, the most significant issue is the pace at which technology is developing. It isn’t beyond possibility that tech will quickly evolve beyond the scope of current legislation, creating a data headache for businesses, consumers, and data control authorities worldwide.

What are the potential risks associated with the IoT?

There are several risks associated with the IoT, both from a solo consumer perspective and looking at the bigger picture.

Data use

From a consumer perspective, the main concern will often be around how our data is used. Usually, we quite like the idea of interactivity and connectivity making our lives easier. Yet, how many of us start to feel uneasy when our devices know what time we usually go to work and send us a notification that we’ll need to leave earlier if we want to have time to pick up a Starbucks?

We might even appreciate receiving that!

Still, there are undoubtedly questions around businesses knowing when we are and aren’t at home and how that is necessary to fulfil their services. When we answer the question around data sharing and give businesses permission to store and use it, how much do we really know about who it is being shared with, and for what purpose?

Hacking and data leaks

Gone are the days when we only need to worry about our computer falling victim to hacking, which we could remedy with any half-competent anti-virus software. One story that hit the news last year concerned Philips Smart Light Bulbs, which could be exploited from a distance of around 100 metres and used to gain access to your Wi-Fi network. If someone with the requisite skills could then use your Wi-Fi network to access other devices in your home’s IoT, they could take control of your entire home!

As well as stealing individual data, hackers could also conceivably hack the databases of developers and manufacturers of IoT connected tech and leak whatever data they hold. And if businesses, apps, and devices have been collecting data way beyond what they need for commercial purposes – or if they genuinely need a lot of data to work – this could be disastrous.

Ransomware attacks

On a potentially more significant scale, the IoT is likely to start playing a part in everything from healthcare systems to how self-driving vehicles navigate the roads.

Clearly, the potential for disruption if hackers could take control of healthcare systems or motion sensor systems used for traffic automation is severe. Lives would be at risk, so the pressure on organisations and authorities to pay any ransom demand would be immense.

What should you do to protect yourself?

The easiest way to protect yourself from an IoT connected data breach is to have as few connected devices as possible. However, with even the seemingly most basic TV units requiring an internet connection and usually a sign-in to work these days, it’s perhaps unrealistic for you to live completely “off-grid,” as it were, with little to no digital footprint.

However, that’s not to say you cannot take steps to protect yourself online.

Beyond following “best practice” tips yourself, it’s also worth considering and asking the following when adding new devices to your home:

  • What data does your IoT connected device collect?
  • For what purposes is your data collected?
  • How is your data stored and used?
  • What data permissions are you required to give?
  • How long will your data be kept?
  • How can you find out what data is held?
  • How can you ask for your data to be deleted?
  • Is there a data breach policy that outlines how you’ll be notified if your data is leaked?

Admittedly, you might not do a lot with this information as a consumer. Still, if the tech or service provider can give you an answer, it at least highlights they have cybersecurity and data protection at the forefront of their operations.

Has your data been involved in an IoT data breach? Contact LawPlus today!

If your data has been involved in a data breach from an IoT connected device, you may be entitled to compensation.

Contact LawPlus today for a FREE assessment of your claim!