The French personal data protection authority recently sentenced a company specialized in the sale of connected toys and serves formal notice to cease serious breach of privacy and safety deficiencies. Two toys controlled by the authority were identified as unsafe. They enable mobile devices to connect with the toysthrough the wireless technology standard Bluetooth, as soon as the mobile devices are less than 9 meters away from the toys, regardless of whether or not they are outside the building.
Security concerns go beyond this specific case: Google has also been accused of listening users all the time and stores all their conversations by leaving their new smart speaker secretly
recording everything. In a world where the sale of Internet of things (IoT) are constantly increasing – a study estimates that there will be between 50 and 80 billions Internet of things in 2020 – these practices raise serious privacy considerations.
But firstly, what is IoT?
It could be defined as a network of internet-connected objects able to collect, process and exchange data using embedded sensors capable of receiving and giving instructions, such as Google Glasses and Home, Apple Watch, and Smart thermostats. IoT became a buzzword because of its promise to change the way we live and make our lives more comfortable. We will now be able to turn the air conditioner by using your smartphone before getting home from work without having to wait for your house to cool.There inevitably is a counterpart.
Name, email address, user name and password, interests, locations is a list of personally identifiable and valuable data that an individual has likely provided by purchasing and registering a device. These informations are such as to be processed and sold to advertisers to target specific audiences and allow manufacturers to message people at exactly the right time in their purchase cycles Other outrages might be feared. One can imagine this personal information collected by iOt may be acceptable evidence as part of a judicial proceedings – as already appeared to be the case in United States.
A man was charged for insurance fraud last February and his cardiac pacemaker played a key role in police charging. He tried to convince the authority he left his home and packed his clothes safe after his house caught fire. By using his medical information, initially collected to help doctors improve health, police determined he made a false statement.
While Iot constitutes more invasive power of surveillance, do you know how to protect your personal data?
It is absolutely imperative to understand and set your tools before using IoT. The average home user are usually not even aware that their data are being stored, because the terms and conditions are too long and complicated. Understand the risks is the first step.
European laws force companies to be transparents with users in Data Protection Directive 95/46 Article 6, that can exercise their:
- information right : right to be from the controller on which specified, explicit and legitimate purposes your data have been processed.
- access right : right to obtain from the controller confirmation as to whether or not your personal data are being processed, and, where that is the case, access to the personal data and other legal information such as the purposes of the processing,
- correction right : right to obtain from the controller the rectification of your inaccurate erroneous or incomplete personal information
- objection right : right to be informed from the controller before their personal data are disclosed to third parties or used on their behalf for the purposes of direct marketing, and to be expressly offered the right to object to such disclosures or uses.
GDPR will soon enable users to exercise their right to oblivion : the right to be forgotten and obtain the deletion of your personal data. Another way to protect yourself is to not use internet features and don’t hook it into your wifi when you are not using your connected objects. You can also checkpersonal data protection authorities website that provide advices to protect their private life