Study: Smart devices gathering excessive amounts of personal data


While many smart devices like fitness trackers are clearly designed to collect information, a growning number of household appliances like TVs, air fryers and speakers are collecting unnecessary amounts of private information on users, a new study says. — Photo: Tobias Hase/dpa

LONDON: Many smart devices including TVs, speakers, air fryers and smartwatches are making “excessive” requests for access to user data, according to a new study.

The UK consumer group Which has tested and rated a range of popular smart devices to give them a privacy score based on what data access requests they made.

It said its research found that data collection often went well beyond what was necessary for the functionality of a product, which it argued suggests personal data could be being shared with third parties for marketing purposes in some cases.

The consumer champion said its study showed firms were collecting data with “reckless abandon” and called for stricter guidelines to be put in place around smart product devices and data collection.

The UK’s data protection watchdog, the Information Commissioner’s Office (ICO), is due to publish such guidance next year.

According to the report, all three air fryer products tested wanted to know a user’s precise location and wanted permission to record audio on a user’s phone, for no specified reason.

Which said one of the air fryers – made by Chinese firm Xiaomi – used a connected app which linked to trackers from Facebook, an ad network linked to TikTok and, depending on location, Chinese tech giant Tencent.

This air fryer, and another from fellow Chinese firm Aigostar, also sent personal data to servers in China, Which said, although this was flagged in a privacy notice.

In addition, Which said the Huawei Ultimate smartwatch it tested asked for a range of phone permissions the study classified as “risky”, including precise location, the ability to record audio, access to stored files and the ability to see all other installed apps.

Which said it was told by Huawei that these permissions were a justified need and that no user data was used for marketing or advertising purposes.

Elsewhere, Which said it found similar issues in the smart TVs it tested, which were made by Hisense, LG and Samsung.

The study said said all three asked for a postcode at set up, and while the Hisense did not connect to any trackers Which researchers could detect, Samsung and LG’s TVs did, including Facebook and Google.

It said the Samsung TV app also made a number of “risky” phone permission requests.

In its test of smart speakers, Which highlighted the Bose Home Portable speaker as being “stuffed” with trackers, including Facebook, Google and digital marketing firm Urbanairship.

Harry Rose, Which magazine editor, said: “Our research shows how smart tech manufacturers and the firms they work with are currently able to collect data from consumers, seemingly with reckless abandon, and this is often done with little or no transparency.

“Which has been calling for proper guidelines outlining what is expected of smart product manufacturers and the ICO has confirmed a code is being introduced in spring 2025 – this must be backed by effective enforcement, including against companies that operate abroad.”

Which has also encouraged consumers to improve their data privacy by taking care to opt out of data collection requests they are not comfortable with, to check permission requests on apps before downloading them and deny or limit app data access via their phone settings, and delete voice recordings of interactions with voice-based assistants.

Slavka Bielikova, principal policy adviser at the ICO, said: “The results from Which’s testing of smart products show that many products not only fail to meet our expectations for data protection but also consumer expectations.

“Smart products know a lot about us – who we live with, what music we like, what medication we are taking and much more. That’s why it’s vital that consumers trust smart product manufacturers to use their information safely and in the ways they expect.

“Earlier this year, we asked consumers how they feel about smart products. They told us that their products collect too much information about them and that they feel powerless to control how their information is used and shared.

“That’s why the ICO is working on new guidance for manufacturers of smart products which will be published in spring 2025.

“The guidance will outline clear expectations for what they need to do to comply with data protection laws and, in turn, protect people using smart products.

“Our guidance will allow manufacturers to plan and invest in the use of information responsibly. We want to help organisations get it right, however where they don’t we will be ready to act to ensure consumers are protected from harm.”

In response to the Which research, Samsung said: “At Samsung, the security and privacy of our customers’ data is of the utmost importance.

“And we employ industry-standard security safeguards and practices to ensure that the data are secured.

“Customers are also given the option to view, download or delete any personal data through their Samsung accounts. Customers can find more information about our privacy policies at www.samsung.com/uk/info/privacy.”

Hisense said: “Hisense UK values its relationships with its customers and respects their data privacy rights.

“We are compliant with all UK data privacy laws and only capture the postcodes of our customers to enable them to receive regional specific content, enhancing their user experience.

“If users are concerned, then many of our TVs will accept a partial postcode.”

Huawei said: “Huawei takes consumers’ privacy incredibly seriously. Clearly, to be useful lifestyle and health/fitness partners, smartwatches require permissions to access a number of personal data; we are very clear both on the devices at set-up, and on the companion app Huawei Health, which permissions are required and why, and users have full control over turning them on or off at any time.”

Which said it was told by Xiaomi that “respecting user privacy has always been among Xiaomi’s core values, which includes transparency, accountability, user control, security, and legal compliance” and “we do not sell any personal information to third parties”.

“The permission to record audio on Xiaomi Home app is not applicable to Xiaomi Smart Air Fryer which does not operate directly through voice commands and video chat,” the company added.

Which said LG declined to comment, while Aigostar and Bose did not respond. – PA Media/dpa

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Next In Tech News

US man used fake Instagram profiles to trick kids for nude images, videos
Japan Air resumes ticket sales after overcoming cyberattack
AI is a game changer for students with disabilities. Schools are still learning to harness it
Iran restores access to WhatsApp and Google Play after they were banned amid protests
OpenAI unveils artificial intelligence that can 'reason' through math and science problems
Court orders recall of Signify lighting products over patents, Seoul Semiconductor says
Telegram and WeChat first to initiate licensing to operate in Malaysia
Japan Airlines delays flights after cyberattack
Japan airlines experiencing issues due to cyberattack
The war on wildfires is going high-tech

Others Also Read