- = Privacy Commissioners reveal the hidden risks of the Internet of Things =
A global sweep of Internet of Things products has revealed that 71 per cent of devices and services used by Australians did not provide a privacy policy and notices to adequately explain how personal information is collected, used and dis closed.
- The results have been released by the Australian Privacy Commissioner, and fellow international regulators, through the Global Privacy Enforcement Network (GPEN).
- Internet of Things technology is built into all kinds of services like movie streaming, fitness trackers, home appliances and childrens toys.
- But the seamless nature of how these devices collect, store and share user information means that customers are not always fully aware of the privacy risks.
- Accordingly, the 26 privacy enforcement authorities that make up GPEN examined the privacy policies of over 300 businesses around the world, including 45 used by Australian consumers every day.
- The Commissioners office is working with businesses and start-ups to help them better understand their privacy obligations, and creating a range of educational materials on developing and implementing best privacy practices.
- It also avoids the costly exercise of building these privacy frameworks later on, most often after something has already gone wrong.
The OAIC found that some organisations did not make it clear what information would be collected. It was unclear whether a user name, address, phone number, date of birth, phone or browsing history in over a third of the businesses whose privacy communications were looked into.
44 per cent of the devices that the OAIC looked into did not inform users about how their personal information was being safeguarded and what measures were taken to prevent unauthorised access.
The OAIC found that 38 per cent of organisations did not provide a clear means of contacting them to address privacy concerns.
Over 50 per cent of devices in the sweep collected a user’s date of birth, location, address, phone number or a unique device identifier. Over 80 per cent collected a user’s names or email.
49 per cent of devices were felt to not adequately inform users of data protection safeguards.
The global sweep indicated that 38 per cent of devices failed to provide easily identifiable contact details which customers could use if they had privacy concerns
The global sweep found that about 72 per cent of businesses did not clearly explain how a user could delete their personal data from the device or app.